On November 8, 2020, in a report called “Without Undue Delay,” DataBreaches.net noted that Maze threat actors had a listing on their dedicated leak site for “Abington Reproductive Medicine.” The proof of claim that they posted, though, was not from Abington Reproductive, leaving us confused as to whether Abington Reproductive had really been a victim…
Category: Commentaries and Analyses
Apex America hit by Sodinokibi ransomware
Apex America describes itself as a leading Digital Customer Experience services company in Latin America that partners with more than 50 global brands. It has operational centers in 14 locations in Latin America. That’s how they describes themselves. The threat actors known as REvil (Sodinokibi) describe them as targets who have so far refused to pay…
Russian-language hacking forum bans ransomware-related ads
XSS forum, one of the two most popular Russian-language forums with sites on clearnet and Tor, has announced that it is now banning ransomware-related ads. No more ransom! Friends, on our forum lockers (Ransomware) and everything connected with them are prohibited . Namely: Ransomware affiliate programs; Ransomware rental; sale of lockers (ransomware software); All topics matching this rule will be…
NHS-backed org reacted to GitHub leak disclosure with legal threats and police call, complains IT pro
Gareth Corfield has a commentary on a recent case where a researcher found himself threatened legally. It begins: IT pro Rob Dyke says an NHS-backed company not only threatened him with legal action after he flagged up an exposed GitHub repository containing credentials and insecure code, it even called the police on him. Dyke, who…
Meet Lorenz — A new ransomware gang targeting the enterprise
Lawrence Abrams reports: A new ransomware operation known as Lorenz targets organizations worldwide with customized attacks demanding hundreds of thousands of dollars in ransoms. The Lorenz ransomware gang began operating last month and has since amassed a growing list of victims whose stolen data has been published on a ransomware data leak site. Michael Gillespie…
Georgia’s HB 156, requiring state notice for utility cybersecurity incidents, is now in effect
Lael Bellamy and Emily Maus of DLA Piper write: Georgia’s governor has signed into law House Bill 156, creating specific notice requirements for state agencies and utilities that experience cybersecurity attacks, data breaches or malware and requiring notice to the state director of emergency management in Georgia within two hours of notifying the federal emergency…