Commentaries and Analyses – Page 366

FTC Requires Zoom to Enhance its Security Practices as Part of Settlement

Posted on November 9, 2020 by Dissent

Let’s start with the FTC’s press release in Zoom Video Communications, Inc., In the Matter of Matter Number: 192 3167 The Federal Trade Commission today announced a settlement with Zoom Video Communications, Inc. that will require the company to implement a robust information security program to settle allegations that the video conferencing provider engaged in a series…

Eight months after ransomware attack, Advanced Urgent Care of Florida Keys notifies patients

Posted on November 9, 2020 by Dissent

On March 14, DataBreaches.net reported that Advanced Urgent Care of the Florida Keys had been attacked, and patient data dumped. The data dump had been listed on a Russian-language forum known for data dumps, and the threat actor, then known as “m1x,” called the medical group “Malicious Defaulters” because they wouldn’t pay to prevent data…

Patients need to be notified sooner of ransomware dumps

Posted on November 9, 2020 by Dissent

In the past year, we have seen a significant increase in the use of dedicated leak sites where ransomware threat actors post the names of victims and dump some of their data to pressure them to pay demanded ransom. In the U.S., HIPAA gives covered entities no more than 60 days from discovery of a…

CERT-in warns Indian companies about Egregor that sweeps IT system of organisations and steals data

Posted on November 9, 2020 by Dissent

CIOL Bureau reports: The country’s cybersecurity agency CERT-in has alerted users against the malicious spread of ransomware virus ‘Egregor’ that threatens to release sensitive corporate data of the victim organisation if not paid. The CERT-In or the Indian Computer Emergency Response Team said in the latest advisory that “while the initial infection vector and propagation…

NYS Comptroller Audit of Susquehanna Valley Central School District IT Controls

Posted on November 9, 2020 by Dissent

It almost seems surreal to discuss a routine school audit in the midst of all the news right now, but here we go… The NYS Comptroller’s Office released its report on Susquehanna Valley Central School District to determine whether district officials established information technology (IT) controls over user access to protect against unauthorized use, access…

Warning after 75,000 ‘deleted’ files found on used USB drives

Posted on November 7, 2020 by Dissent

BBC reports: Cybersecurity researchers discovered about 75,000 files after buying 100 of the drives on an internet auction site. Some USB drives contained files named “passwords” and images with embedded location data. All but two of the drives appeared empty, but the team said it had been “worryingly easy” to retrieve data. Read more on…