Release Date: July 27, 2023 Alert Code: AA23-208A SUMMARY The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object…
Category: Commentaries and Analyses
Smartphone Vulnerability That Could Expose User Location to Hackers Found by Researchers
Jace Dela Cruz A recent discovery by a PhD student of Northeastern University has revealed a potential vulnerability in text messaging that could expose smartphone users’ location to hackers. PhD student in cybersecurity at Northeastern Evangelos Bitsikas and his research group employed a sophisticated machine-learning program to analyze data from the traditional SMS system, which…
Hawaiʻi Community College pays ransom to attackers
Law enforcement and experienced ransomware professionals generally advise victims not to pay any ransom demands. Yet the University of Hawaiʻi Community College decided that they would pay following an attack that they first disclosed on June 13. So why did they make that decision? In a statement on their website this week, they explain: After…
Read more Health3PT Releases Blueprint for Third Party Risk Management to Fix the Ineffective Cyber Risk Assessment Process for the Healthcare Industry
Survey finds 60% of covered entities and 72% of their vendors believe today’s third-party risk management practices are not effective: new guidance provides a consistent set of practices to reduce cyber risk for the health industry FRISCO, Texas–July 27, 2023–The Health 3rd Party Trust (Health3PT) Initiative today announced the release of the Health3PT Recommended Practices &…
ALPHV ransomware adds data leak API in new extortion strategy
Ionut Ilascu reports: The ALPHV ransomware gang, also referred to as BlackCat, is trying to put more pressure on their victims to pay a ransom by providing an API for their leak site to increase visibility for their attacks. […] Multiple researchers spotted earlier this week that the ALPHV/BlackCat data leak site added a new…
Recent NYS audits of K-12 school districts’ infosecurity
A toot by Doug Levin yesterday reminded me that I haven’t posted NYS Comptroller audits of school districts in a while. So here are three to get caught up: Jericho Union Free School District – Acceptable Use Policy (2022M-194) Issued Date: July 21, 2023 Audit Objective Determine whether Jericho Union Free School District (District) officials…