Research by: Tom Fakterman Over the course of the last few months, the Cybereason Nocturnus team has been investigating the activity of the Evilnum group. The group first emerged in 2018, and since then, Evilnum’s activity has been varied, with recent reports using different components written in Javascript and C# as well as tools bought from the Malware-as-a-Service provider Golden Chickens. The group’s…
Category: Commentaries and Analyses
Gartner Warns CEOs Will Be Personally Liable for Breaches by 2024
Fahmida Y. Rashid writes: Cyberattacks against connected devices having an impact on the physical world is not yet a commonplace occurance, but are very much in the realm of possibility. Hijacked medical devices may be unable to dispense life-saving drugs, or a connected car could receive instructions to crash itself and potentially injure the human…
HIPAA Covered Entities and Business Associates Need an IT Asset Inventory List, OCR Recommends
Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write: Last week, in its Cybersecurity Summer Newsletter, the Office of Civil Rights (OCR) published best practices for creating an IT asset inventory list to assist healthcare providers and business associates in understanding where electronic protected health information (ePHI) is located within their organization, and improve HIPAA Security Rule compliance. OCR investigations often…
DLL Fixer leads to Cyrat Ransomware
Karsten Hahn writes about a new ransomware, Cyrat: While hunting for new malware we often use Yara rules to find suspicious samples. One of my generic ransomware hunt rules found this new ransomware sample. At the time it had only 2 detections on Virustotal. The first submission date is 25. August 2020. […] The malware…
Morgan Stanley Is Sued Over Data Breaches Tied to Missing Equipment
Melanie Waddell reports: Morgan Stanley is embroiled in a class-action lawsuit over two separate data breaches involving missing equipment that exposed clients’ personal identifiable information — including Social Security and account numbers — to third parties. The case, brought by a retirement account client and filed in the U.S. District Court for the Southern District of New York…
Former Chief Security Officer For Uber Charged With Obstruction Of Justice
This was a press release from the Department of Justice on August 20: SAN FRANCISCO – A criminal complaint was filed today in federal court charging Joseph Sullivan with obstruction of justice and misprision of a felony in connection with the attempted cover-up of the 2016 hack of Uber Technologies Incorporated, announced United States Attorney…