Luca Bertuzzi reports: European Commission President Ursula von der Leyen announced on Wednesday (15 September) a Cyber Resilience Act aimed at setting common cybersecurity standards for connected devices. […] The Commission initiative adds to an existing proposal for a Directive on Security of Network and Information Systems, commonly known as the NIS2 Directive. NIS2 expands…
Category: Commentaries and Analyses
In: Teen helps IRCTC fix bug that could expose passenger’s private information
DNA reports: A 17-year-old student in a private school in Chennai’s Tambaram has helped the Indian Railway Catering and Tourism Corporation (IRCTC) fix a bug in its online ticketing platform, which could have exposed millions of passengers and their private information. Ranganathan said that the critical Insecure Object Direct References (IODR) vulnerability on the website…
CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware
Alert (AA21-265A): Conti Ransomware The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment….
Ransomware Resources for HIPAA Regulated Entities
The HHS Office for Civil Rights (OCR) is sharing the following information to ensure that HIPAA regulated entities are aware of the resources available to assist in preventing, detecting, and mitigating breaches of unsecured protected health information caused by hacking and ransomware. HHS Health Sector Cybersecurity Coordination Center Threat Briefs: https://www.hhs.gov/about/agencies/asa/ocio/hc3/products/index.html#sector-alerts January 28, 2021 –…
Adventures in Notification, Ethical Dilemma Edition
Long-time readers know that this blogger has encountered some interesting situations over the years in response to trying to engage in responsible disclosure of leaks or incidents. As just a few examples (apart from all the lawsuit threats for exposing leaks or incidents), this blogger was: — threatened with being infected with HIV by angry…
Getting caught up: Conti domains seized by Irish Garda
A story by Stephen Breen inThe Irish Sun yesterday included reference to an update on the HSE attack by Conti: Earlier this month, cops seized several websites belonging to the Russian gang behind the attack in a major “disruption operation”. If anyone logs on to the sites they will see a screen warning the site…