Ax Sharma reports: As of a few hours ago, Codecov has started notifying the maintainers of software repositories affected by the recent supply-chain attack. These notifications, delivered via both email and the Codecov application interface, state that the company believes the affected repositories were downloaded by threat actors. The original security advisory posted by Codecov lacked any…
Category: Commentaries and Analyses
Hackers are attacking the COVID-19 vaccine supply chain
Dan Patterson reports: Hackers have targeted companies that distribute the COVID-19 vaccine to a degree previously unreported, according to research from IBM Security. Starting last year, attackers attempted to access sensitive information about the vaccine’s “cold chain” distribution system. IBM Security said the phishing attack targeted 44 companies in 14 countries across Europe, North America, South America…
RTF Report: Combatting Ransomware A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force
From the Institute for Security & Technology: A Comprehensive Framework for Action Ransomware is no longer just a financial crime; it is an urgent national security risk that threatens schools, hospitals, businesses, and governments across the globe. This is not a problem that any one entity can solve. Over 60 experts from industry, government, law…
Seventh Annual Data Security Incident Response Report Released – Disruption and Transformation
Theodore J. Kobus III of BakerHostetler writes: Welcome to our seventh Data Security Incident Response Report (DSIR). It has been quite a year from many perspectives. Thank you to everyone we have continued to partner and work with to create this report. We are excited to soon launch a new digital platform version, and we intend…
NYDFS Issues Report on the SolarWinds Attack and Covered Entities’ Responses
Kate Hanniford of Alston & Bird writes: Following the SolarWinds cyber espionage attack (the “Attack”) and the resulting focus on supply chain risk, the New York Department of Financial Services (NYDFS) has issued a report detailing the impact on and responses by its regulated covered entities to the Attack. Although there have been no reported instances of…
Implementing the HIPAA Security Rule: Call for Comments on NIST SP 800-66, Revision 1
Implementing the HIPAA Security Rule: Call for Comments on NIST SP 800-66, Revision 1 The National Institute for Standards and Technology (NIST) is planning to update the NIST Special Publication (SP) 800—66, Revision 1, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (“Resource Guide”). NIST is seeking stakeholder input…