Andrew Moore, Genevieve Stark, Isif Ibrahima, Van Ta of FireEye write: Starting in mid-December 2020, malicious actors that Mandiant tracks as UNC2546 exploited multiple zero-day vulnerabilities in Accellion’s legacy File Transfer Appliance (FTA) to install a newly discovered web shell named DEWMODE. The motivation of UNC2546 was not immediately apparent, but starting in late January 2021, several organizations…
Category: Commentaries and Analyses
Amber Group breaks silence on unsecured storage bucket; NatSec minister suggests TechCrunch reporter may have violated CyberCrime Act
The Gleaner reports a follow-up on an unsecured storage server exposing personal information and COVID-related information of travelers to Jamaica. The exposed bucket was first reported by Zack Whittaker of TechCrunch on February 17: The storage server, hosted on Amazon Web Services, was set to public. It’s not known for how long the data was…
India’s cyber defenses breached and reported; govt. yet to fix it
John Xavier reports that India’s government has been slow to respond to a report by ethical hackers that had been shared with the U.S. Department of Defense Cyber Crime Center (DC3): which initiated contact with the India’s National Critical Infrastructure Information Protection Centre (NCIIPC). Following this, the security team shared its 34-page threat report to…
Personal info compromised at 88 firms in Japan in 2020
Let’s see how things are doing elsewhere. JiJi reports: Personal information was compromised or lost at a total of 88 publicly traded companies and their subsidiaries in Japan in 2020, the highest number since such data began being collected in 2012, according to a survey by Tokyo Shoko Research Ltd. In total, personal information on…
IT: Guarantor for privacy: two hospitals and one AUSL sanctioned
Marco De Felice reports: The Guarantor for privacy has sanctioned two hospitals and an AUSL, they had communicated medical information to the wrong people. The three structures fined are the Sienese University Hospital , the University Hospital of Parma and the Romagna Local Health Authority . The two hospitals received a fine of €10,000, while for the Romagna AUsl the fine was €50,000. ……
New York regulator issues cyber insurance risk framework with implications for insurers and insureds
Tim Tobin, Harriet Pearson, Paul Otto, and Jonathan Hirsch of Hogan Lovells write: On February 4, the New York Department of Financial Services (NYDFS) released Insurance Circular Letter No. 2 (2021), a Cyber Insurance Risk Framework (Framework) for insurers that write cyber insurance. The Framework identifies best practices that property/casualty insurers “should employ” to manage…