by Craig Silverman, ProPublica This story was originally published by ProPublica. ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox. Series: Zero Trust: Inside Microsoft’s Cybersecurity Failures Investigating how the world’s largest software provider handles the security of its own ubiquitous…
Category: Commentaries and Analyses
Assessing the Disruptions of Ransomware Gangs
Intel 471 took a look back at law enforcement attempts to disrupt ransomware groups and at the recent Operation Cronos. Their timeline begins in 2021. The report looks at the immediate impact of disruptions and then the long-term impact. Do disruptions really make a significant — and lasting — dent in the problem, or are…
Two recent NYS audits of k-12 districts’ information technology security
The NYS Comptroller’s Office recently released more audits of school districts. Here are two of them: Whitney Point Central School District – Information Technology (IT) (Broome County) Audit Period July 1, 2021 – February 24, 2023. We extended our audit period to August 31, 2023 to review backup restoration results and November 16, 2023 to…
Consulting Radiologists LTD notifying 583,824 patients about February attack
Two ransomware groups claimed to have attacked Consulting Radiologists. The notification is silent about any ransom demands. Consulting Radiologists LTD. (“CRL”)” in Minnesota is a physician-owned practice. On February 12, 2024, they detected suspicious activity on their network. An investigation revealed that an unauthorized actor had accessed certain files and data. Those files contained patient…
Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers
June 24, 2024 TLP:CLEAR SUMMARY The Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used in a social engineering campaign targeting healthcare, public health entities, and providers. Threat actors…
Cyber Attack on Synnovis Pathology Lab Traced to Longstanding Known Weaknesses at London Hospitals
Scott Ikeda writes: A cyber attack on London hospitals that has unfolded over the course of June has had a devastating impact on the city’s blood supply, and has caused hundreds of operations to be postponed. New reporting from Bloomberg indicates that the city’s hospitals have long known that Synnovis, the pathology lab at the center of…