There’s an interesting monetary penalty notice involving a UK law firm stemming from a ransomware attack in 2020 and the ICO’s investigation of their data protection and security. The Information Commissioner announced today that it has issued Tuckers Solicitors a monetary penalty under section 155 of the Data Protection Act 2018 (“the DPA”). The penalty…
Category: Of Note
“Alexa, hack yourself” – researchers describe new exploit that turns smart speakers against themselves
Graham Cluley reports: Researchers have discovered a novel way of exploiting Amazon Echo smart speakers to perform commands. They get the Amazon Echo speaker to say the commands to itself. In a technical paper, researchers from London’s Royal Holloway University in London and the University of Catania in Italy describe their findings, which exploits how an…
Cloudflare, CrowdStrike, and Ping Identity Join Forces to Strengthen U.S. Cybersecurity in Light Of Increased Cyber Threats
They deserve good press for this — here’s their full press release from today: Cloudflare, CrowdStrike, and Ping Identity Join Forces to Strengthen U.S. Cybersecurity in Light Of Increased Cyber Threats The Critical Infrastructure Defense Project will provide comprehensive, no-cost cyber protections for U.S. hospitals and water and power utilities SAN FRANCISCO — March…
HC3: Destructive Malware Targeting Organizations in Ukraine
HHS Cybersecurity Program has issued another alert and whitepaper report (202202280900): Executive Summary Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable. Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical…
ContiLeaks providing new insights and evidence against Conti
It almost felt like Christmas came early in a winter of despair. As noted yesterday, a Conti member who appears furious with Conti for its statement supporting Russia started dumping internal records from Conti with a statement ending, “Glory to Ukraine!” The leak was first reported on Twitter by VX-Underground: Conti ransomware group previously put…
Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits
I’ve occasionally seen evidence that one victim was hit by more than one group or threat actor, but Sophos provides the most detailed reporting I’ve ever seen on one such incident. Sean Gallagher takes us through the saga that impacted a healthcare provider in Canada hit by two separate ransomware groups — Karma and Conti….