Dan Goodin reports: Researchers have unearthed an attack campaign that uses previously unseen malware to target Middle Eastern organizations, some of which are in the industrial sector. Researchers with Kaspersky Lab, the security firm that discovered the campaign, have dubbed it WildPressure. Read more on Ars Technica.
Category: Commentaries and Analyses
An old HIPAA incident rears its very ugly head again
Like other journalists who cover data breaches in the healthcare space, I routinely check HHS’s public breach disclosure tool (sometimes called “The Wall of Shame”) to see what breaches have been reported to them and with what numbers. One of the recent entries was from a “Stephan C. Dean” who listed himself as a business…
Elite hackers target WHO as coronavirus cyberattacks spike
Raphael Satter, Jack Stubbs, and Christopher Bing report: Elite hackers tried to break into the World Health Organization earlier this month, sources told Reuters, part of what a senior agency official said was a more than two-fold increase in cyberattacks. WHO Chief Information Security Officer Flavio Aggio said the identity of the hackers was unclear,…
Liar, Liar, Pants on Fire? Did Maze Team go back on its word to leave medically related facilities alone?
We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus. — Maze Team, March 18, 2020. Three days after issuing a press release claiming that they would stop all activity against all kinds of medical organizations, Maze Team appears to have gone back on its word….
NIST asks for public comments on new cybersecurity risk management document
Andrew Eversden reports: The National Institute of Standards and Technology is asking for public comments on a new report that provides insight into how organizations can integrate cybersecurity into enterprise risk management. The document, titled “NIST-Interagency Report 8286 Integrating Cybersecurity and Enterprise Risk Management,” advises organizations on how to improve the cybersecurity risk information they…
COVID-19 Cybersecurity Advice: FTC, NIST, and CISA Release Guidance on Secure Teleworking and Critical Infrastructure Jobs
Ashden Fein, Trisha Anderson, Libbie Canter and Caleb Skeath of Covington & Burling write: In response to the drastic increase of U.S. employees working remotely, the U.S. Federal Trade Commission (“FTC”) and the U.S. National Institute of Standards and Technology (“NIST”) have both issued guidance for employers and employees on best practices for teleworking securely. …