A criminal complaint was unsealed today in federal court in Brooklyn charging Idris Dayo Mustapha, a citizen of the United Kingdom, with computer intrusion, securities fraud, money laundering, bank fraud and wire fraud, among other offenses. The charged crimes stem from a variety of alleged criminal conduct between 2011 and 2018 in which Mustapha gained…
Category: Of Note
OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief
Theresa Defino reports: Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and business associates (BAs). And, if Congress agrees, its impact would expand significantly in the coming months. As part of its…
Hackers are now hiding malware in Windows Event Logs
Ionut Ilascu reports: Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques…
Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating
Dan Goodin reports: Researchers are marveling at the scope and magnitude of a vulnerability that hackers are actively exploiting to take full control of network devices that run on some of the world’s biggest and most sensitive networks. The vulnerability, which carries a 9.8 severity rating out of a possible 10, affects F5’s BIG-IP, a…
Insufficient Data Security and Disregard for Student Data Privacy Plague the DeKalb County School District; With Commentary by Jim Siegl
Keegan Brooks writes: The DeKalb County School District has been making thousands of files containing sensitive student and staff information widely accessible to anyone in the district. Types of information exposed have included social security numbers, academic records, medical forms, course transcripts, standardized test scores, discipline records, and the 504/IEP information of students, among others….
Conti and Hive ransomware operations: Leveraging victim chats for insights
Kendall McKay and colleagues Paul Eubanks and Jaime Filson of Talos issued a report this week with some interesting insights. EXECUTIVE SUMMARY Through open-source research, we obtained and analyzed over four months of chat logs — more than 40 separate conversations — between Conti and Hive ransomware operators and their victims. The findings in this…