Department Answers Frequently Asked Questions, Provides Guidance, and Issues Limited Enforcement Policy for First 90 Days Today, the Justice Department took significant steps to move forward with implementing a critical program to prevent China, Russia, Iran, and other foreign adversaries from using commercial activities to access and exploit U.S. government-related data and Americans’ sensitive personal…
Category: Of Note
CISA, experts warn of Crush file transfer attacks after a controversial disclosure
Jonathan Greig reports on another vulnerability affecting file transfer software that has been exploited soon after disclosure. In this case, though, there’s some contentious statements about responsible disclosure or lack thereof. Federal cybersecurity officials as well as incident responders at cyber companies say hackers are exploiting a vulnerability within the popular file transfer tool Crush….
When the victimizers become the victims…. RansomHub the victim of a takeover?
In February, RansomHub was described as the leading Ransomware-as-a-Service group and as a pervasive threat to critical sectors. Weeks later, Trend Micro analyzed SocGholish’s MaaS framework and its role in deploying RansomHub ransomware. RansomHub was clearly developing and making a significant impact in the ransomware ecosystem. But in the blink of an eye, it seemed,…
Lawsuit: Pharmacist used spyware on UMMS computers to watch women, gain personal information
For your reminder of the insider threat for this week, Tolly Taylor reports: A Maryland pharmacist is accused of installing spyware on 400 computers over eight years to watch women at the hospital or in their homes, a lawsuit alleges. Six women filed a civil lawsuit on Thursday against the University of Maryland Medical System,…
16 months after they experienced a ransomware attack, Dameron Hospital notifies those affected
In 2017, Dameron Hospital in Texas reported a breach to the California Attorney General’s Office. No copy of its breach notification was uploaded to California’s breach site, and Dameron did not respond to this site’s email asking for details of the breach. The incident never appeared on HHS’s public breach tool, so we never found…
Shoot the Messenger, Sunday Edition: Reporting on a leak is not unethical, Hamilton County
On March 26, DataBreaches linked to reporting by the Chattanooga Times Free Press. Their report indicated that the local government had not notified residents of a data breach potentially affecting 14,000 people despite having been notified of the incident 240 days ago. According to the memo, the firm sent a letter on Feb. 17 saying…