In a new post at The Register, Jessica Lyons Hardcastle reports, in part: ….. Increasingly, however, cybercrime rings still tracked as ransomware operators are turning toward primarily data theft and extortion – and skipping the encryption step altogether. Rather than scramble files and demand payment for the decryption keys, and all the faff in between…
Category: Commentaries and Analyses
New York State School District Audits Released in June
New York State Comptroller DiNapoli released more school district audits in June. As always, some of the audits do not reveal all the concerns or recommendations. Some concerns or recommendations are shared with districts confidentially for security reasons. Here are summaries of audits of school districts released in June that relate to school district IT:…
FTC Finalizes Action Against CafePress for Covering Up Data Breach, Lax Security
CafePress Must Bolster Data Security Protections, Pay Half a Million Dollars The Federal Trade Commission finalized an order against CafePress over allegations that it failed to secure consumers’ sensitive personal data including Social Security numbers and covered up a major data breach. The Commission’s order requires the company to bolster its data security and requires its former…
Report: 24B usernames and passwords available for sale in cybercriminal marketplaces
VentureBeat reports: Threat Intelligence provider Digital Shadows has published new research that’s found more than 24 billion usernames and password combinations in circulation in cybercriminal marketplaces, many on the dark web — the equivalent of nearly four for every person on the planet. This number represents a 65% increase from their previous report, which was released in 2020….
Conti ransomware hacking spree breached over 40 orgs in a month
Ionut Ilascu reports: The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month. Security researchers codenamed the hacking campaign ARMattack and described it as being one of the group’s…
Georgia Joins Multistate Settlement Over 2019 Carnival Cruise Line Data Breach
There’s an update to a breach in 2019 that was first disclosed in March 2020: ATLANTA, GA – Attorney General Chris Carr today announced that the State of Georgia, along with 45 other attorneys general, has obtained a $1.25 million multistate settlement with Florida-based Carnival Cruise Line stemming from a 2019 data breach that involved…