There’s a new joint Cybersecurity Advisory (Product ID: CU-000164-MW) out this week. SUMMARY AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. AvosLocker claims to directly handle…
Category: Commentaries and Analyses
Leaked ransomware documents show Conti helping Putin from the shadows
Matt Burgess of Wired.com reports: For years, Russia’s cybercrime groups have acted with relative impunity. The Kremlin and local law enforcement have largely turned a blind eye to disruptive ransomware attacks as long as they didn’t target Russian companies. Despite direct pressure on Vladimir Putin to tackle ransomware groups, they’re still intimately tied to Russia’s interests. A recent leak from…
Polish SA: record fine of almost $1.2 million imposed on Fortum Marketing and Sales Polska S.A. for personal data breach
Seen at the European Data Protection Board, a decision from the Polish S.A.: Background information Date of final decision: 19 January 2022 Cross-border case or national case: National Case. Controller: Fortum Marketing and Sales Polska S.A. Legal Reference: Integrity and confidentiality (Art. 5(1)(f)), Responsibility of the controller (Art. 24(1)), Data protection by design and by…
Exotic Lily is a business-like access broker for ransomware gangs
Jeff Burt reports: A group with links to high-profile ransomware crews Conti and Diavol is working as an internet access broker (IAB) for a Russia-linked cybercriminal gang, according to Google’s Threat Analysis Group (TAG). Exotic Lily gains access to vulnerable corporate networks then sells that access to the highest bidder among threat groups, which then…
Shooting the Whistleblower? Defamation Suit Claims Nuance Communications Gave False Info to FBI, SEC, Retaliated Against Whistleblower
There is an interesting lawsuit stemming from an incident that had previously been claimed to be a rogue insider’s doing. Now Marc Stolowitz, the former employee, is suing the firm, Nuance Communications, claiming that the firm falsely accused him of hacking them to cover up the fact that he was in the process of blowing…
And as the work week draws to a close… (updated)
And as this work week drew to a close, we also learned about these breaches involving patient data that were reported to HHS earlier this month: Dialyze Direct, LLC in New Jersey notified HHS that 14,203 patients were impacted by an incident they coded as a hacking/IT incident involving email. There is no statement on…