LockBit’s old leak site — the one seized by a coalition of law enforcement agencies under Operation Cronos — has been resurrected. As it did in February when LockBit victim listings were replaced by teasers about what information law enforcement would be releasing, the old leak site reappeared on Sunday with new teasers about what…
Category: Commentaries and Analyses
Guardant notifies patients of unintended information exposure going back to October 2020
A notification by Guardant Health, Inc. in California (“Guardant”) caught DataBreaches’ eye yesterday. Guardant is a laboratory that performs cancer screening tests on samples received from its physician and hospital partners. Patient information that they received may have been inadvertently exposed between October 5, 2020 and February 29, 2024. They explain: Guardant recently determined that…
Fred Hutch notifies more patients of November 2023 attack (1)
In December 2023, UW’s Fred Hutchinson Cancer Center (“Fred Hutch”) reported a November cyberattack that involved the exfiltration of patient data and attempted extortion of patients. DataBreaches contacted Fred Hutch on December 8 to ask whether the attackers had encrypted their files and whether they had negotiated with the threat actors. They did not reply….
CISA’s KEV catalog making a positive difference to defenders
Jonathan Greig reports that a CISA resource is having a positive effect at both a federal level as well as for non-governmental organizations: The Cybersecurity and Infrastructure Security Agency (CISA) has run its Known Exploited Vulnerabilities (KEV) catalog for nearly three years and it has quickly become the go-to repository for software and hardware bugs actively being exploited by hackers around the world. Experts…
Former Cybersecurity Consultant Arrested For $1.5 Million Extortion Scheme Against IT Company
For those who would like a timely reminder about making sure you terminate access and take control of devices immediately when an employee or contractor terminates employment, consider this press release from the Southern District of New York on May 1. Damian Williams, the United States Attorney for the Southern District of New York, announced…
Russian Hackers Target Industrial Systems in North America, Europe
Eduard Kovacs reports: Government agencies from the United States, Canada and the United Kingdom are providing recommendations to critical infrastructure organizations following a series of attacks launched by apparent pro-Russia hacktivists against industrial control systems (ICS) and other operational technology (OT) systems. A fact sheet authored by the cybersecurity agency CISA and its partners reveals that hacktivist…