David Balser, a partner at King & Spalding, writes: When a company discovers that it has been a victim of a data breach, it is essential to act quickly. In particular, an issue of critical importance is when and how a breached company discloses the data breach to customers, business partners, regulators and the general…
Category: Commentaries and Analyses
Oklahoma State University – Center for Health Services Pays $875,000 to Settle Hacking Breach
There’s an update to a breach previously reported on this site in 2018. From HHS: Oklahoma State University – Center for Health Sciences (OSU-CHS) has paid $875,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and agreed to implement a corrective action plan to settle potential…
Holy Ghost ransomware operation linked to North Korean hackers
Ionut Ilascu reports: For more than a year, North Korean hackers have been running a ransomware operation called HolyGhost, attacking small businesses in various countries. The group has been active for quite a while but it failed to gain the notoriety and financial success of other gangs even if the operation followed the same recipe:…
DHS: Cyber Safety Review Board Releases Unprecedented Report of its Review into Log4j Vulnerabilities and Response
Report Includes 19 Specific Recommendations for Government and Industry WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) first report, which includes 19 actionable recommendations for government and industry. The recommendations from the CSRB – an unprecedented public-private initiative that brings together government and industry leaders to…
FREE RESOURCE: K12 SIX Releases Essential Cyber Incident Response Runbook
HERNDON, Va., July 13, 2022–(BUSINESS WIRE)–The K12 Security Information Exchange (K12 SIX) is pleased to release the second product in its series of free cybersecurity aids for U.S. school districts, charter schools, and private school institutions: an incident response template and runbook to assist in preparation for a cyber-attack. Aligned to the NIST Incident Response Lifecycle—and developed with…
Why organizations should (and should not) worry about KillNet
Intel471 has an interesting blog post on KillNet, a group that has declared itself pro-Russian and has been attacking detractors or enemies of Russia. Since first emerging earlier this year, the group has grown into several divisions that have conducted their own attacks. The group continues to be very active recruiters; KillNet has posted messages…