Law enforcement and experienced ransomware professionals generally advise victims not to pay any ransom demands. Yet the University of Hawaiʻi Community College decided that they would pay following an attack that they first disclosed on June 13. So why did they make that decision? In a statement on their website this week, they explain: After…
Category: Commentaries and Analyses
Read more Health3PT Releases Blueprint for Third Party Risk Management to Fix the Ineffective Cyber Risk Assessment Process for the Healthcare Industry
Survey finds 60% of covered entities and 72% of their vendors believe today’s third-party risk management practices are not effective: new guidance provides a consistent set of practices to reduce cyber risk for the health industry FRISCO, Texas–July 27, 2023–The Health 3rd Party Trust (Health3PT) Initiative today announced the release of the Health3PT Recommended Practices &…
ALPHV ransomware adds data leak API in new extortion strategy
Ionut Ilascu reports: The ALPHV ransomware gang, also referred to as BlackCat, is trying to put more pressure on their victims to pay a ransom by providing an API for their leak site to increase visibility for their attacks. […] Multiple researchers spotted earlier this week that the ALPHV/BlackCat data leak site added a new…
Recent NYS audits of K-12 school districts’ infosecurity
A toot by Doug Levin yesterday reminded me that I haven’t posted NYS Comptroller audits of school districts in a while. So here are three to get caught up: Jericho Union Free School District – Acceptable Use Policy (2022M-194) Issued Date: July 21, 2023 Audit Objective Determine whether Jericho Union Free School District (District) officials…
North Korean hackers targeting JumpCloud mistakenly exposed their IP addresses, researchers say
Zack Whittaker reports: Security researchers say they have high confidence that North Korean hackers were behind a recent intrusion at enterprise software company JumpCloud because of a mistake the hackers made. Mandiant, which is assisting one of JumpCloud’s affected customers, attributed the breach to hackers working for North Korea’s Reconnaissance General Bureau, or RGB, a hacking unit…
IBM Report: Half of Breached Organizations Unwilling to Increase Security Spend Despite Soaring Breach Costs
From IBM: IBM Security today released its annual Cost of a Data Breach Report,1 showing the global average cost of a data breach reached $4.45 million in 2023 – an all-time high for the report and a 15% increase over the last 3 years. Detection and escalation costs jumped 42% over this same time frame, representing the highest…