Over on SuspectFile, Marco A. De Felice writes: In August 2023, Postel S.p.A., a leading Italian company in the postal services and digital communications sector, became the victim of a serious cyberattack. The Medusa cybercriminal group exploited unresolved vulnerabilities in the company’s systems, gaining access to a large amount of sensitive data. This breach raised significant…
Category: Commentaries and Analyses
Four members of REvil sentenced by Russian court
The following is a machine translation of a report at the Russian news outlet, Kommersant, concerning the sentencing of four members of the REvil ransomware group: On Friday, October 25, the St. Petersburg Garrison Military Court announced the verdict against Artem Zayets, Aleksey Malozemov, Daniil Puzyrevsky and Ruslan Khansvyarov. The court found them guilty of…
US Healthcare at risk: Strengthening resiliency against ransomware attacks
Microsoft writes: The healthcare sector faces a rapidly increasing range of cybersecurity threats, with ransomware attacks emerging as one of the most significant. A combination of valuable patient data, interconnected medical devices, and small IT/cybersecurity operations staff, which spreads resources thin, can make healthcare organizations prime targets for threat actors. As healthcare operations become increasingly digitized—ranging…
Personal Data Protection Commission of Singapore issues three undertakings stemming from ransomware attacks
On October 23, the Personal Data Protection Commission of Singapore issued three undertakings with the follow statement: The new Undertakings reveals breaches stemming from various ransomware attacks due to the insufficient security IT measures implemented, affecting the personal data of over 690,000 individuals. In response, the affected organisations are to implement remediation plans to rectify the…
SEC Charges Four Companies With Misleading Cyber Disclosures
Washington D.C., Oct. 22, 2024 — The Securities and Exchange Commission today charged four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited – with making materially misleading disclosures regarding cybersecurity risks and intrusions. The SEC also charged Unisys with disclosure controls and procedures violations….
The Global State of Internet of Healthcare Things (IoHT) Exposures on Public-Facing Networks
Censys recently published a new research report that looks at exposed data on the internet involving healthcare devices and systems connected to PHI. Here’s their Executive Summary: Censys discovered 14,004 unique IP addresses exposing healthcare devices and data systems connected to potentially sensitive medical information on the public internet. These exposures greatly raise the risk of unauthorized…