Danny Palmer reports: An experimental new version of a prolific form of ransomware has been seen targeting Linux systems for the first time. Clop ransomware first appeared in 2019 and, despite being hit by arrests and takedowns in 2021, continues to operate today, with the discovery of a new variant indicating the group is still keen to…
Category: Commentaries and Analyses
More lawsuits filed over Knox College ransomware attack
By early December 2022, Hive ransomware gang had not only claimed responsibility for an attack on Knox College, but when the college hadn’t paid their demand, they contacted students directly. As NBC reported, the emails sought to get students to pressure the college to pay: “We have compromised your collage networks,” the email said, written…
Au: AMA calls for stronger laws to protect patient data
Fat Niebres reports: The Australian Medical Association (AMA) has called for stronger safeguards to protect patient data, saying laws must be in place to prevent security breaches and the use of health data to boost private profits. In a new position paper, the AMA pointed out the need for a broader national discussion on health…
A Tale of Two Breach Notification Rules
Matt Fisher writes: The early days of February 2023 saw two very different settlements announced related to healthcare data breaches. One arguably follows a well-known course and the other could be a sign of things to come. After having a health breach notification rule on the books since 2009, the Federal Trade Commission (“FTC”) had…
The FBI tried in vain: The Russian case against REvil turned out to be insignificant
The following is a machine translation of an article on Kommersant.ru: The FBI tried in vain As it became known to “Kommersant”, the investigative department of the Ministry of Internal Affairs of the Russian Federation completed the investigation of the criminal case of the so-called international group of hackers REvil, information about which was provided…
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide; more than 500 systems affected already
Sergiu Gatlan reports: Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware. Tracked as CVE-2021-21974, the security flaw is caused by a heap overflow issue in the OpenSLP service that can be exploited by unauthenticated…