Here’s today’s reminder not to just repeat threat actors’ claims without checking or attempting to verify them first: Qilin added a company to their dark web leak site that they misidentified as Richardson Sales Performance. It wasn’t Richardson Sales Performance. What they appear to have hit, based on their proof of claims screenshot, was a…
Category: Commentaries and Analyses
European Commission Publishes Action Plan on Cybersecurity of Hospitals and Healthcare Providers
Mark Young & David Brazil of Covington and Burling write: On 15 January 2025, the European Commission published an action plan on the cybersecurity of hospitals and healthcare providers (the “Action Plan”). The Action Plan sets out a series of EU-level actions that are intended to better protect the healthcare sector from cyber threats. The publication of…
The U.K. is considering prohibiting ransom payments. It’s a difficult issue.
How many times have the FBI and CISA urged entities NOT to pay ransom because it just encourages the attackers to attack more, while others suggest that a total ban would make things a lot worse? On January 14, the U.K. government opened a consultation, Ransomware legislative proposals: reducing payments to cyber criminals and increasing…
New Amazon Ransomware Attack—‘Recovery Impossible’ Without Payment
Davey Winder reports: Ransomware is a cybersecurity threat that just won’t go away. Be it from groups such as those behind the ongoing Play attacks, or kingpins such as LockBit returning from the dead the consequences of falling victim to an attack are laid bare in reports exposing the reach of ransomware across 2024. A new ransomware threat, known as…
RIBridges has many lines of defense. How was the system breached?
This article by Alexander Castro originally appeared in Rhode Island Current on January 10, 2025 and is republished here under Creative Commons License. It was updated to replace several paragraphs in the “Slow Leak” section to include a response Deloitte sent the author post-publication. Rhode Island’s online public benefits system appears to be a fortress…
PowerSchool Incident: A few resources for teachers, parents, and former students (2)
DataBreaches is trying to keep up with updates from PowerSchool, but from the outset, DataBreaches has recommended districts, parents, and teachers assume the worst — i.e., assume that all of the data really weren’t deleted permanently. On the premise of better safe than sorry, and reminding people that PowerSchool’s attorney is not YOUR attorney, here…