KrakenLabs writes: This is the second part of Outpost24’s KrakenLabs investigation into EncryptHub, an up-and-coming cybercriminal who has been gaining popularity in recent months and is heavily expanding and evolving operations at the time of writing. We’ve already published one article explaining EncryptHub’s campaigns and TPPs, infrastructure, infection methods, and targets. This article will follow a different approach. We’ll…
Category: Commentaries and Analyses
Could Trump Budget Cuts Lead to More Cyberattacks Against Schools?
Arianna Prothero and Lauraine Langreo report: Schools stand to lose vital cybersecurity support from the federal government as the Trump administration takes dramatic steps to shrink its size, and the Education Department suspends a major cybersecurity support initiative. […] Education Week has confirmed that the U.S. Department of Education, at the behest of Homeland Security,…
16 months after they experienced a ransomware attack, Dameron Hospital notifies those affected
In 2017, Dameron Hospital in Texas reported a breach to the California Attorney General’s Office. No copy of its breach notification was uploaded to California’s breach site, and Dameron did not respond to this site’s email asking for details of the breach. The incident never appeared on HHS’s public breach tool, so we never found…
Lawmakers warn of impact HHS firings will have on medical device cybersecurity efforts
Jonathan Greig reports: As thousands were laid off from the Department of Health and Human Services on Tuesday morning, Congress held a hearing on medical device cybersecurity where experts raised concerns about the ramifications of the firings. Termination letters were sent out and the Trump administration said it plans to cut at least 10,000 staff from several arms…
Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS service
Remember, kids: tell the truth or someone will tell it for you. Kevin Beaumont picks up the story of how Oracle denies a breach when there has been so much confirmation of it, e..g.: Oracle told Bleeping Computer, and customers, “There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud….
Shoot the Messenger, Sunday Edition: Reporting on a leak is not unethical, Hamilton County
On March 26, DataBreaches linked to reporting by the Chattanooga Times Free Press. Their report indicated that the local government had not notified residents of a data breach potentially affecting 14,000 people despite having been notified of the incident 240 days ago. According to the memo, the firm sent a letter on Feb. 17 saying…