Commentaries and Analyses – Page 346

Patients need to be notified sooner of ransomware dumps

Posted on November 9, 2020 by Dissent

In the past year, we have seen a significant increase in the use of dedicated leak sites where ransomware threat actors post the names of victims and dump some of their data to pressure them to pay demanded ransom. In the U.S., HIPAA gives covered entities no more than 60 days from discovery of a…

CERT-in warns Indian companies about Egregor that sweeps IT system of organisations and steals data

Posted on November 9, 2020 by Dissent

CIOL Bureau reports: The country’s cybersecurity agency CERT-in has alerted users against the malicious spread of ransomware virus ‘Egregor’ that threatens to release sensitive corporate data of the victim organisation if not paid. The CERT-In or the Indian Computer Emergency Response Team said in the latest advisory that “while the initial infection vector and propagation…

NYS Comptroller Audit of Susquehanna Valley Central School District IT Controls

Posted on November 9, 2020 by Dissent

It almost seems surreal to discuss a routine school audit in the midst of all the news right now, but here we go… The NYS Comptroller’s Office released its report on Susquehanna Valley Central School District to determine whether district officials established information technology (IT) controls over user access to protect against unauthorized use, access…

Warning after 75,000 ‘deleted’ files found on used USB drives

Posted on November 7, 2020 by Dissent

BBC reports: Cybersecurity researchers discovered about 75,000 files after buying 100 of the drives on an internet auction site. Some USB drives contained files named “passwords” and images with embedded location data. All but two of the drives appeared empty, but the team said it had been “worryingly easy” to retrieve data. Read more on…

Almost 11 million patients impacted by Blackbaud incident — and still counting

Posted on November 6, 2020 by Dissent

Earlier this week, Marianne Kolbasuk McGee had a follow-up piece on the Blackbaud ransomware incident. As part of her update, she reported that Blackbaud would not provide answers when asked about the number or names of clients involved in the incident who had patient data or medical information of donors involved. McGee notes: A snapshot…

Hackers are exploiting unpatched VoIP flaws to compromise business accounts

Posted on November 6, 2020 by Dissent

Danny Palmer reports: A hacking campaign has compromised VoIP (Voice over Internet Protocol) phone systems at over 1,000 companies around the world over the past year in a campaign designed to make profit from selling compromised accounts. While the main purpose appears to be dialling premium rate numbers owned by attackers or selling phone numbers…