The following is a machine translation of a Yomiuri news story: The government is considering introducing an “active cyber defense” system to detect signs of an attack and identify the source of the attack in order to strengthen defense against cyber attacks on critical infrastructure such as communications and electricity. Adjustments will be made in…
Category: Commentaries and Analyses
A packed end to the UK’s cyber summer: Government moves forward with telecoms cybersecurity proposals and consults on a Cyber Duty to Protect
Mark Young and Paul Maynard of Covington and Burling write: UKG) proposals for new, sector-specific cybersecurity rules continue to take shape. Following the announcement of a Product Security and Telecommunications Infrastructure Bill and a consultation on the security of apps and app stores in the Queen’s Speech (which we briefly discuss here), the UKG issued a…
Unpatched and Outdated Medical Devices Provide Cyber Attack Opportunities
FBI Private Industry Notification PIN 20220912-001 TLP: WHITE Summary The FBI has identified an increasing number of vulnerabilities posed by unpatched medical devices that run on outdated software and devices that lack adequate security features. Cyber threat actors exploiting medical device vulnerabilities adversely impact healthcare facilities’ operational functions, patient safety, data confidentiality, and data integrity….
Lorenz ransomware breaches corporate network via phone systems
Sergiu Gatlan reports: The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises, using their phone systems for initial access to their corporate networks. Arctic Wolf Labs security researchers spotted this new tactic after observing a significant overlap with Tactics, Techniques, and Procedures (TTPs) tied to ransomware attacks…
Ransomware gangs switching to new intermittent encryption tactic
Bill Toulas reports: … SentinelLabs has posted a report examining a trend started by LockFile in mid-2021 and now adopted by the likes of Black Basta, ALPHV (BlackCat), PLAY, Agenda, and Qyick. These groups actively promote the presence of intermittent encryption features in their ransomware family to entice affiliates to join the RaaS operation. Read more at…
What’s the impact of ransomware attacks on healthcare entities? Did you ask the people who really know?
Expect some buzz next week about a new report with significant findings about the impact of cyberattacks on patient care and mortality. The study was funded by Proofpoint and conducted independently by Ponemon Institute. The survey addresses important questions about the impact of various types of cyberattacks on patient safety and care. While DataBreaches appreciates…