Commentaries and Analyses – Page 275

Digging into Decoder.re in Kaseya ransom notes– threat intel by Resecurity

Posted on July 7, 2021 by Dissent

Interesting #threatintel thread on Twitter this morning from Resecurity (Full disclosure: I worked with one of their team a number of years ago.). Their research findings do not seem to be up on their web site at this time, so hopefully you can access it on Twitter. The thread begins here. In light of the…

HHS warns health systems of PACS security vulnerabilities — again

Posted on July 7, 2021 by Dissent

Mike Miliard reports: The U.S. Department of Health and Human Services is warning hospitals and health systems that a security vulnerability in picture archive communication systems, first discovered two years ago, is a problem that needs fixing now. WHY IT MATTERS In 2019, cyber researchers found a flaw in some PACS that, if exploited, could…

The Waikato DHB breach: What do NZ regulations consider reasonable security?

Posted on July 6, 2021 by Dissent

DataBreaches.net reports on breaches from many countries, including New Zealand. On my companion site, PogoWasRight.org, I’ve posted approximately 200 news stories about privacy incidents there, their privacy laws, and decisions by their privacy commissioner. And on this site, I’ve posted almost 200 more articles about breaches impacting New Zealand. But when the Waikato District Health…

NY: “Grief” claims to have breached Rehabilitation Support Services

Posted on July 5, 2021 by chum1ng0

A rehabilitation and support services agency that provides services to more than 3,000 individuals with psychiatric and substance abuse disorders each year has been the victim of a cyberattack by threat actors call themselves “Grief.” Rehabilitation Support Services, Inc. (RSS) operates in 13 upstate New York counties through 5 service divisions. According to their web…

Hackety hack hack…

Posted on July 4, 2021 by Dissent

There are so many breach reports that it’s hard to even find all the notices and reports about them these days. These days, there are many breaches that I log in worksheets I compile for Protenus’s Breach Barometer annual report but never even post on this blog. Just today, for example, I found: a notice…

NYDFS Issues Guidance on Cybersecurity Controls to Combat Ransomware and Clarifies Reporting Obligations

Posted on July 4, 2021 by Dissent

Lance Taubin, Kate Hanniford, and Kimberly Peretti of Alston & Bird write: The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated companies should “implement these controls whenever possible” and report any successful deployment of ransomware…