HERNDON, Va., July 13, 2022–(BUSINESS WIRE)–The K12 Security Information Exchange (K12 SIX) is pleased to release the second product in its series of free cybersecurity aids for U.S. school districts, charter schools, and private school institutions: an incident response template and runbook to assist in preparation for a cyber-attack. Aligned to the NIST Incident Response Lifecycle—and developed with…
Category: Commentaries and Analyses
Why organizations should (and should not) worry about KillNet
Intel471 has an interesting blog post on KillNet, a group that has declared itself pro-Russian and has been attacking detractors or enemies of Russia. Since first emerging earlier this year, the group has grown into several divisions that have conducted their own attacks. The group continues to be very active recruiters; KillNet has posted messages…
Honda Admits Hackers Could Unlock Car Doors, Start Engines
Ionut Arghire reports: Honda has confirmed that researchers were indeed able to hack the remote keyless entry system of certain Honda vehicles to unlock the doors and start the engine. Over the weekend, security researchers Kevin2600 and Wesley Li from Star-V Lab published information on a security bug they identified in the rolling codes mechanism…
BlackCat (Aka ALPHV) Ransomware Is Increasing Stakes Up To $2.5M In Demands
A new blog post by Resecurity indicates that BlackCat’s average ransom demand is now over $2 million. They write: Based on the recently compromised victims in Nordics region, which haven’t been disclosed by the group yet, the amount to be paid exceeds $2 million. […] According to experts from Resecurity, BlackCat ransomware actors began defining…
Don’t Put All Your Eggs in the Silent-Cyber Basket
William P. Sowers Jr. and Michael S. Levine of Hunton Andrews Kurth write: The Eastern District of Pennsylvania recently gave another reminder why cyber insurance should be part of any comprehensive insurance portfolio. In Construction Financial Administration Services, LLC v. Federal Insurance Company, No. 19-0020 (E.D. Pa. June 9, 2022), the court rejected a policyholder’s attempt…
Family Practice Center discloses a breach from October 2021
DataBreaches really and truly does not understand how entities can take so long to investigate some breaches before disclosing them. If HHS feels that seven months from the first detection of an attack to notification is reasonable or acceptable, then let it change the regulations. If it is not acceptable and HHS wants entities to…