Phil Muncaster reports: Over a third (35%) of global healthcare organizations suffered cloud data theft by malicious insiders last year, according to data from Netwrix. The findings come from the security vendor’s 2021 Netwrix Cloud Data Security Report, based on interviews with 937 IT professionals around the world. It claimed that while insider theft was less…
Category: Of Note
CISA Releases Joint Cybersecurity Advisory on Exploitation of Accellion File Transfer Appliance
The cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States have released Joint Cybersecurity Advisory AA21-055A: Exploitation of Accellion File Transfer Appliance. Cyber actors worldwide have exploited vulnerabilities in Accellion File Transfer Appliance to attack multiple federal, and state, local, tribal, and territorial government organizations as well as private industry organizations…
SolarWinds hackers targeted NASA, Federal Aviation Administration networks
Zack Whittaker reports: Hackers are said to have broken into the networks of U.S. space agency NASA and the Federal Aviation Administration as part of a wider espionage campaign targeting U.S. government agencies and private companies. The two agencies were named by the Washington Post on Tuesday, hours ahead of a Senate Intelligence Committee hearing tasked with…
Fake whistleblower sentenced to federal prison for trying to frame a former acquaintance for violating patient privacy
This is a bit different. From the U.S. Attorney’s Office, Southern District of Georgia: A Rincon man who portrayed himself as a whistleblower while falsely accusing a former acquaintance of violating patient privacy has been sentenced to federal prison. Jeffrey Parker, 44, of Rincon, Ga., was sentenced to six months in prison by U.S. District…
NY Department of Financial Services Issues Cyber Fraud Alert to Regulated Entities Using Instant Quote Websites
Hunton Andrews Kurth writes: On February 16, 2021, the New York Department of Financial Services (“NYDFS”) issued a Cyber Fraud Alert (the “Alert”) to regulated entities in light of a growing campaign to steal Nonpublic Information (“NPI”), as defined under New York law, from public-facing websites that provide instant quotes for products like auto insurance (“Instant Quote…
Follow-up: Data from the Toledo Public Schools attack by Maze reportedly being misused
In September, DataBreaches.net reported that Maze threat actors claimed to have attacked an Ohio public school district, but the district was not responding to inquiries from this site about the claims. One month later, this site named the district as Toledo Public Schools and reported that while Maze had dumped files with student and employee…