New post by Mark Arena of Intel471 begins: This blog post takes a look at the credibility of claims in public reports of North Korean (referred to as DPRK for the rest of this post) links to Russian-speaking cybercriminals. The post is based as much as possible on public and open sources from credible parties…
Category: Commentaries and Analyses
Did ransomware threat actors hit a German medical clinic by mistake? Either way, someone died as a result.
It was our nightmare realized: a medical center was completely paralyzed by a ransomware attack and someone died as a result (SEE UPDATE2 below for correction on that). As of last week, the University Clinic in Düsseldorf reported that it was in a state of emergency. Operations had been canceled, and ambulances had to be…
COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic
A snippet from the Executive Summary of a new report written by Robert Gellman and Pam Dixon: This report offers an analysis of existing laws and practices regarding both types of HIPAA COVID-19 waivers. The report recommends that, when the current emergency subsides, the Secretary of HHS review in a systematic way the privacy, security,…
NY Attorney General James Gets Dunkin’ to Fill Holes in Security, Reimburse Hacked Customers
New York Attorney General Letitia James today announced a settlement with Dunkin’ Brands, Inc. (Dunkin’) — franchisor of Dunkin’ Donuts — resolving a lawsuit over the company’s failure to respond to successful cyberattacks that compromised tens of thousands of customers’ online accounts. The settlement requires the company to notify customers impacted in the attacks, reset those customers’…
Interim Report on the Blackbaud Breach: 3.4 Million Patients and Counting
The Blackbaud ransomware incident disclosed on July 16 will likely end up being the largest or one of the largest breaches of the year involving patient information. I’ve been reading disclosures from dozens of entities and have compiled a list of those Blackbaud clients whose disclosures state or suggest that Blackbaud had been storing some…
Researcher kept a major Bitcoin bug secret for two years to prevent attacks
Catalin Cimpanu reports: In 2018, a security researcher discovered a major vulnerability in Bitcoin Core, the software that powers the Bitcoin blockchain, but after reporting the issue and having it patched, the researcher opted to keep details private in order to avoid hackers exploiting the issue. Technical details were published earlier this week after the…