Lance Taubin, Kate Hanniford, and Kimberly Peretti of Alston & Bird write: The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated companies should “implement these controls whenever possible” and report any successful deployment of ransomware…
Category: Commentaries and Analyses
Cyber reinsurance rates rocket at July renewals
Carolyn Cohn reports: Global cyber reinsurance rates have soared by up to 40% in the July renewal season, reinsurance broker Willis Re said on Thursday, as ransomware attacks increase in number and severity. The average ransom payment made by a business to restore data after a cyber attack was $220,000 in the first quarter, up…
Babuk Ransomware, if you Hit and Run do not leave a trace (updated)
Updated: On January 5, DataBreaches.net was hit with a DDoS attack, which was pretty rude considering I was still on my first cup of coffee. It turns out that someone identifying themself as @dyadka0220 was upset that this site had linked to DarkFeed’s post. Whether they are the same @dyadka0220 as seen elsewhere is unknown…
Norwegian DPA: Oslo University Hospital ordered to amend agreements
The Norwegian Data Protection Authority’s inspection of Oslo University Hospital (OUH) reveals that the hospital cannot document satisfactory control of patient data when the hospital needs laboratory services from other countries. The Data Protection Authority understands that it is important to be able to use laboratories in other countries when the hospital or other Norwegian laboratories do…
Former Anonymous and Lulzsec hacker discusses his criminal past and gives his top tips for avoiding ransomware
Martin Ricker reports: Jake Davis, the former hacker known as ‘Topiary’ and senior member of hacktivist groups Anonymous and Lulzsec has spoken about the scale of the ransomware challenge facing organisations today, and given his tips for staying secure. Speaking at Computing‘s recent Cyber Security Festival, Davis began by outlining his history as a hacktivist before…
Microsoft finds Netgear router bugs enabling corporate breaches
Sergiu Gatlan reports: Attackers could use critical firmware vulnerabilities discovered by Microsoft in some NETGEAR router models as a stepping stone to move laterally within enterprise networks. The security flaws impact DGN2200v1 series routers running firmware versions before v1.0.0.60 and compatible with all major DSL Internet service providers. They allow unauthenticated attackers to access unpatched routers’ management…