Lindsey O’Donnell-Welch writes: A ransomware operator has continually rebranded itself over the past year in order to evade detection, while launching cyberattacks on critical infrastructure across several industries. Researchers with Mandiant detailed a threat group called UNC2190, which is an operator behind an affiliate ransomware program. Since June, researchers said they have observed the group targeting…
Category: Commentaries and Analyses
Yanluowang ransomware operation matures with experienced affiliates
Ionut Ilascu reports: An affiliate of the recently discovered Yanluowang ransomware operation is focusing its attacks on U.S. organizations in the financial sector using BazarLoader malware in the reconnaissance stage. Based on observed tactics, techniques, and procedures, the threat actor is experienced with ransomware-as-a-service (RaaS) operations and may be linked with the Fivehands group. Read more on…
Daily Mail claims to have located REvil threat actor wanted by FBI for ‘using ransomware to fleece millions of dollars’ from Americans
The Daily Mail is not a news outlet that I would normally turn to for breaking news about tracking down a Russian cybercriminal, but that is what they claim to have done. Will Stewart reports: One of the FBI’s most wanted men linked to ransomware gang REvil is living freely in a Siberian city with…
PNB denies cybersecurity firm’s claim that 180 million customers’ data was breached, but CyberX9 calls their denial “false and misleading”
Regina Mihindukulasuriya reports: The Punjab National Bank (PNB) has denied media reports that over 180 million customers’ data has been breached or exposed, adding that the bank is certified with ISO 27001 standards for information security practices. PNB responded to media reports published Sunday, based on the findings by Chandigarh-based cybersecurity firm CyberX9, with a statement the…
Lawmakers push for federal data privacy law after report revealed Amazon is gutting state legislation
Andrew Wyrich reports: Several lawmakers are calling for Congress to pass federal data privacy legislation in the wake of Amazon reportedly killing or undermining bills in 25 states over the past several years. Last week, Reuters reported that confidential documents showed that the retail giant pushed to kill privacy bills in several states by increasing political donations, or lobbying to…
Polish DPA: Bank Millennium fined 80,000 EUR for failure to notify the breach and the data subjects about the incident
22 November 2021 Background information Date of final decision: 14 October 2021 Cross-border case or national case: National case Controller: Bank Millennium S.A. Legal Reference: Notification of a personal data breach to the supervisory authority (Article 33(1)), Communication of a personal data breach to the data subject (Article 34(1)) Decision: Infringement of the GDPR, fine…