The Office of Inadequate Security
On Christmas, December 2023, Anna Jaques Hospital (AJH) in Massachusetts was grappling with a cyberattack that knocked out their EHR system and resulted in them having to divert ambulances to other area hospitals. On January 23, they posted a preliminary website notice (archived) about the attack. That notice was posted four days after threat actors…
Termite threat actor(s) have now claimed responsibility for the Blue Yonder ransomware attack that has caused widespread impact. They provide no proof as yet, but a note posted on their dark web leak site several hours ago says, “Our team got 680gb of data such as DB dumps Email lists for future attacks (over 16000)…
Jessica Lyons reports: American energy contractor ENGlobal disclosed that access to its IT systems remains limited following a ransomware infection in late November. In a Monday filing with the US Securities and Exchange Commission (SEC), the company said it became aware of a cybersecurity incident on November 25 after criminals broke into its networks and locked…
Irvin Jackson reports: Parties involved in the federal Change Healthcare data breach lawsuits have been ordered to meet separately with a U.S. Magistrate Judge over the next two months, to discuss the most effective structure for settlement talks and the optimum timing for when negotiations should begin that may provide payouts to millions of Americans. The potential…
Sergiu Gatlan reports: Russian law enforcement has arrested and indicted notorious ransomware affiliate Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin) for developing malware and his involvement in several hacking groups. While the prosecutor’s office has yet to release any details on the individual’s identity (described as a “programmer” in court documents),…
Maybe some victims will decide not to pay ransom since they will have to disclose the payment anyway? Jayant Chakravart reports: The Australian government’s proposed cybersecurity legislation passed both houses of the Parliament on Monday, formalizing the government’s strategy to boost ransomware payment reporting, mandate basic cybersecurity standards for connected devices and enhance critical infrastructure…