Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write: Last week, in its Cybersecurity Summer Newsletter, the Office of Civil Rights (OCR) published best practices for creating an IT asset inventory list to assist healthcare providers and business associates in understanding where electronic protected health information (ePHI) is located within their organization, and improve HIPAA Security Rule compliance. OCR investigations often…
Category: Commentaries and Analyses
DLL Fixer leads to Cyrat Ransomware
Karsten Hahn writes about a new ransomware, Cyrat: While hunting for new malware we often use Yara rules to find suspicious samples. One of my generic ransomware hunt rules found this new ransomware sample. At the time it had only 2 detections on Virustotal. The first submission date is 25. August 2020. […] The malware…
Morgan Stanley Is Sued Over Data Breaches Tied to Missing Equipment
Melanie Waddell reports: Morgan Stanley is embroiled in a class-action lawsuit over two separate data breaches involving missing equipment that exposed clients’ personal identifiable information — including Social Security and account numbers — to third parties. The case, brought by a retirement account client and filed in the U.S. District Court for the Southern District of New York…
Former Chief Security Officer For Uber Charged With Obstruction Of Justice
This was a press release from the Department of Justice on August 20: SAN FRANCISCO – A criminal complaint was filed today in federal court charging Joseph Sullivan with obstruction of justice and misprision of a felony in connection with the attempted cover-up of the 2016 hack of Uber Technologies Incorporated, announced United States Attorney…
More Ransomware Gangs Threaten Victims With Data Leaking
Mathew J. Schwartz reports: Ransomware gangs are increasingly not just claiming that they’ll leak stolen data from victims that don’t meet their ransom demand, but actually following through. […] Speaking at Information Security Media Group’s Virtual Cybersecurity Summit: New York last week, attorney Craig Hoffman, who’s co-leader for the digital risk advisory and cybersecurity team at BakerHostetler, said…
National Cyber Awareness System Alert: FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks
Summary This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), the Federal Bureau of Investigation (FBI) and U.S. Cyber Command (USCYBERCOM). Working with U.S. government partners, CISA, Treasury, FBI, and USCYBERCOM identified malware and indicators of compromise (IOCs) used by the…