Gareth Corfield reports: Kaspersky Lab reckons the SolarWinds hackers may have hailed from the Turla malware group, itself linked to Russia’s FSB security service. Referring to the hidden backdoor secretly implanted in SolarWinds’ Orion product, Kaspersky’s Georgy Kucherin wrote in a blog post on Monday: “While looking at the Sunburst backdoor, we discovered several features that overlap…
Category: Commentaries and Analyses
From the frying pan into the fire: Thai business angers hackers
DataBreaches.net seems to be the only site willing to report on certain breaches in Thailand these days. First it was the hack of Country Group Securities (CGSEC) by hackers calling themselves ALTDOS. And now this week, this site reported a second attack by the same threat actors that involved MONO Next Public Company. As previously…
Some ransomware gangs are going after top execs to pressure companies into paying
Catalin Cimpanu reports: A new trend is emerging among ransomware groups where they prioritize stealing data from workstations used by top executives and managers in order to obtain “juicy” information that they can later use to pressure and extort a company’s top brass into approving large ransom payouts. ZDNet first learned of this new tactic earlier…
And yet more ransomware variants…
Pop quiz: Which one of these is not a new ransomware noted recently: Sharp Knot Chinese Take-Out Hidden Tear Babuk Niros Bonsoir Not sure? I can’t keep up with all the variants and new types. But thankfully, there’s BleepingComputer, where I can find a weekly rundown on developments. Read their rundown from this week and…
OCR Releases Report Summarizing HIPAA Privacy and Security Compliance Failures
Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write: In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to covered entities and business associates for tackling HIPAA compliance as we enter the new…
Australian Digital Health Agency sees ‘inconsequential’ My Health Record data breach notices eroding trust
Ry Crozier reports: The Australian Digital Health Agency, overseer of the My Health Record, has expressed concern at the number and type of “potential” data breaches it is being forced to disclose. In a submission to the Privacy Act review [pdf], the agency (ADHA) asks for changes to the My Health Records Act under which…