Kumar Hemant reports: ShadowSyndicate group (formerly known as Infra Storm) has been suspected of deploying seven different ransomware families in a series of attacks that have spanned the past year. Security researchers from Group-IB, working in conjunction with Bridewell and independent researcher Michael Koczwara, exposed the clandestine operations of the threat actor. Their findings point…
Category: Commentaries and Analyses
Audits of New York schools and the State Education Department reveal ongoing significant concerns
In May, the NYS Comptroller’s Office released an audit conducted to determine if the New York State Education Department (SED) consistently follows all laws and regulations regarding the safety and privacy of students’ data, and whether SED is properly monitoring school districts to ensure they are complying with the legislation and regulations that govern data…
MGM, Caesars casino hacks point to an alliance of teens and ransomware gangs
Joseph Menn reports on the group of hackers some have called “Scattered Spider:” … New research being presented Friday at the LABScon security conference outside Phoenix gives an origin story to the hackers, who the experts say call themselves Star Fraud. They say the group consists of a few dozen hackers who have connected online…
DHS Pushes for Common Cyber Incident Reporting Definitions
Jose Rascon reports: The Department of Homeland Security (DHS) has released a new report looking to wrangle the different avenues in which the Federal government and its agencies report cyber incidents in a more ‘reportable’ fashion. The report, titled “Harmonization of Cyber Incident Reporting to the Federal Government” and released on Sept. 19, comes as…
Covington Client Intervenes in SEC Battle, Objecting to Disclosure of Identity
Abigail Adcox reports: A Covington & Burling client whose information may have been exposed in a 2020 cyberattack is insisting that its identity should not be disclosed to the Securities and Exchange Commission, which had sought out client names in a subpoena to the law firm. The client, following a subpoena battle between Covington and SEC,…
Mount Desert Island Hospital updates its breach disclosure again but still doesn’t reveal what data were leaked
On July 1, DataBreaches reported that Mount Desert Island Hospital (MDIH) in Maine notified HHS on June 30 that 24,180 patients had been affected by a breach between April 28 and May 7. The types of protected health information involved included name, address, date of birth, driver’s license/state identification number, Social Security number, financial account…