Dan Goodin reports: Government officials in the US, UK, and Australia are urging public- and private-sector organizations to secure their networks by ensuring firewalls, VPNs, and other network-perimeter devices are patched against the most widespread exploits. In a joint advisory published Wednesday, the US FBI and CISA (Cybersecurity and Infrastructure Security Agency), the Australian Cyber Security Center,…
Category: Of Note
Understanding the increase in Supply Chain Security Attacks
The European Union Agency for Cybersecurity mapping on emerging supply chain attacks finds 66% of attacks focus on the supplier’s code. Supply chain attacks have been a concern for cybersecurity experts for many years because the chain reaction triggered by one attack on a single supplier can compromise a network of providers. Malware is the attack…
Uber found to have breached Australian’s privacy following 2016 hack
Cameron Abbott and Jacqueline Patishmanof K&L Gates write: In 2017, Uber disclosed to the Office of the Australian Information Commissioner (OAIC) a breach of its some 57 million global users and driver’s personal information (including approximately 1.2 million Australians). Last Friday, the OAIC determined that Uber had breached the Australian Privacy Act by failing to take reasonable steps to…
Inside Forkbombo, the dreaded Kenyan cybercrime gang
Brian Wasuna reports: When financial institutions in Kenya started recording increased cyber-attacks in 2010, it was believed the country’s detectives would easily stamp out the crime. Back then, most cybercrime incidents involved hackers stealing small amounts of money that were near impossible to detect, before graduating to big money heists, in a what is known…
Convenience Store Chain Can’t Shield Investigative Report on Data Breach From Discovery, Judge Rules
We often hear of firms having their counsel running incident response and contracting of forensics, etc., so that any reports would be protected by work product doctrine as well as attorney-client privilege. But if the attorney doesn’t word the contract carefully, any report may not be covered by the doctrine. We saw that in a…
Kaseya obtains universal decryptor for REvil ransomware victims
Lawrence Abrams reports: … Today, Kaseya has stated that they received a universal decryptor for the ransomware attack from a “trusted third party” and are now distributing it to affected customers. “We can confirm we obtained a decryptor from a trusted third party but can’t share anymore about the source,” Kaseya’s SVP Corporate Marketing Dana…