Georgia-based Cytometry Specialists d/b/a CSI Laboratories (“CSI”) has reported a second big breach this year. In a press release issued this week, CSI reports that they discovered on July 8 that they had been the victim of a phishing attack that compromised an employee’s email account. The incident was reported to HHS on September 26…
Category: Commentaries and Analyses
HC3: Abuse of Legitimate Security Tools and Health Sector Cybersecurity
HC3 has published another guidance (TLP:WHITE) for the healthcare sector. In this one, they discuss how the same tools used to operate, maintain and secure healthcare systems and networks can also be turned against their own infrastructure. The paper includes: Cobalt Strike PowerShell Mimikatz Sysinternals Anydesk Brute Ratel Access the paper on HHS.
Internap Loses Customer Data, Shrugs, Doesn’t Apologize
raindog308 writes: Internap was the victim of a ransomware attack and responded today by announcing they were simply quitting a variety of businesses. On Wednesday, September 28th, between the hours of 2:11 am CDT and 5:41 am CDT, INAP was the target of a ransomware attack that affected the services we provide to you. Unfortunately, your services are…
Revenge telecom hacking by DESORDEN Group; third attack threatened
DESORDEN Group has added a new transparency demand to their attacks against Malaysian entities: victims must disclose the breach publicly if they have not paid the attackers. If the victim doesn’t disclose and Malaysian media does not report the incident, Malaysia should expect more breaches. The added demands arose after DESORDEN claimed they spent hours…
Albania weighed invoking NATO’s Article 5 over Iranian cyberattack
Maggie Miller reports: Albania was hit by cyberattacks earlier this year so debilitating that the government considered invoking a NATO declaration that could have pulled all member states into confrontation with Iran, Prime Minister Edi Rama said. It would have been the first time a NATO member state used a cyberattack to invoke Article Five…
Third servicer entangled in massive data breach litigation
Andrew Martinez reports: The legal fallout from a massive data breach impacting over 4 million borrowers’ personally identifiable information just got bigger. A federal judge Monday ordered a class action lawsuit against Community Loan Servicing be folded into a larger, similar suit against two of its sister companies, according to court records. The consolidated complaints from…