Cyber Security Intelligence reports: Cyber security experts have recently revealed the top six government impersonation scams they have removed from the Internet in 2022 as they urged the public to remain vigilant to cyber crime in 2023. The scams unveiled by the National Cyber Security Centre (NCSC), part of GCHQ, included phishing emails and messages from cyber criminals…
Category: Commentaries and Analyses
Private health data breach in Isle of Man to be dealt within 3 months, officials say
Seen on diabetes.co.uk: An organisation set up to focus on the delivery of health and social care on the Isle of Man has been given a three-month deadline to stop data breaches. Manx Care will be ordered to pay £170,000 if they fail to prevent breaches of people’s private data within the next three months….
Impact of ransomware on healthcare: what’s confirmed and what’s just speculative?
Sunday musings….. What impact do ransomware attacks have on delivering healthcare services to patients? Some claims have been made, but are the claims supported by any objective data, or are people just guessing what the impact has been or could be? In this week’s news, a hospital in Illinois announced it will be temporarily closing…
Ransomware Revenue Falls by 40% as Majority of Victims Refuse to Pay
Abdul Karim Abdulwahab reports: The illegal revenue accruing to crypto criminals from ransomware exploits declined in 2022 as more victims refused to pay, according to recent data published by market intelligence firm, Chainalysis. The report noted that Ransomware attackers could only extort $456 million from victims in 2022 after stealing nearly twice that value in…
Chinese, North Korean hackers continue exploiting zero-day vulnerabilities
Ionut Arghire reports that Chinese hackers exploited Fortinet FortiOS SSL-VPN vulnerability when it was still a zero-day. Mandiant tracks the bug as CVE-2022-42475 (CVSS score of 9.8), and described it as “a buffer overflow issue that could be exploited by remote, unauthenticated attackers to execute code or commands via crafted requests.” Read more at Security Week….
New Cybersecurity Directives (NIS2 and CER) Enter into Force in EU
Hunton Andrews Kurth writes: On January 16, 2023, the Directive on measures for a high common level of cybersecurity across the Union (the “NIS2 Directive”) and the Directive on the resilience of critical entities (“CER Directive”) entered into force. The NIS2 Directive repeals the current NIS Directive and creates a more extensive and harmonized set of rules on cybersecurity…