Ina Fried reports: Data breaches and ransomware attacks are getting worse. Some 2.6 billion personal records have been exposed in data breaches over the past two years and that number continues to grow, according to a new report commissioned by Apple. Why it matters: Apple says the escalating intrusions, combined with increases in ransomware means the tech industry needs to move toward greater use…
Category: Commentaries and Analyses
Records reveal new information about Sweetwater Union High School District ransomware incident
Melissa Mecija reports: New records reveal how widespread a data breach was at the Sweetwater Union High School District. Information given to ABC 10News through a request from the California Public Records Act shows more than 22,000 people were affected by the breach, and the district paid a ransom to the alleged hackers. It was…
HHS’ Office for Civil Rights Settles First Ever Phishing Cyber-Attack Investigation
Louisiana Medical Group settles after investigation reveals large cybersecurity breach affecting nearly 35,000 patients Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Lafourche Medical Group, a Louisiana medical group specializing in emergency medicine, occupational medicine, and laboratory testing. The settlement resolves an investigation following a…
Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements (GAO Report)
GAO-24-105658 Published: Dec 04, 2023. Publicly Released: Dec 04, 2023. Fast Facts Federal agencies have made progress in preparing for and responding to cyber threats. For instance, agencies have improved their ability to detect, analyze, and handle incidents like ransomware attacks and data breaches. However, some agencies have not met the federal requirements for event…
Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
The Hacker News reports: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. “The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution,” CISA said,…
Russian hackers exploiting Outlook bug to hijack Exchange accounts
Bill Toulas reports: Microsoft’s Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka “Fancybear” or “Strontium”) actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted entities include government, energy, transportation, and other key organizations in the United States, Europe, and the…