One of the interesting things I learned this past week at the Privacy+Security Forum Spring Academy was that 75% of a prominent law firm’s clients were able to recover from a ransomware attack without having to pay ransom. I was surprised to hear that statistic, as I would have guessed a higher percentage paid ransom….
Category: Of Note
Washington, D.C. Adds Security Requirements in New Data Breach Notification Law
Rachel Marmor of Davis Wright Tremaine writes: Washington, D.C. amended its data breach notification law (D.C. Act 23-268) on March 26, 2020, expanding the definition of personal information covered by the law and requiring businesses collecting data from D.C. residents to implement “reasonable security safeguards.” Because D.C. law already provides a private right of action…
Managed Service Providers Face Threats From Hackers and Clients
James Rundle reports: With wide-ranging client bases and trusted access to their computer systems, managed service providers are attractive targets for hackers seeking to ransom data or steal information. But they also face threats from their clients, who may have had patchy security in place for years. It only took a few months for Clear…
15-year-old hacker and crew of ‘evil geniuses’ accused of $24 million crypto theft
Bob Van Voris of Bloomberg reports: A 15-year-old hacker and his crew of “evil computer geniuses” stole nearly $24 million in cryptocurrency from an adviser to blockchain companies, according to a lawsuit filed in New York. Michael Terpin claims his phone was hacked and his money stolen in 2018 by a ring led by Westchester…
Shiny Hunters’ bursts onto dark web scene following breaches, Microsoft data theft claims
Bradley Barth reports: A malicious actor known as Shiny Hunters has emerged as a serious dark web player following a spate of high-profile breaches, and now the hacker or hackers is claiming to have stolen data from Microsoft’s private GitHub repositories and is threatening to release the code for free. According to researchers from ZeroFOX Alpha Team,…
APT Groups Target Healthcare and Essential Services
May 6, 2020 APT Groups Target Healthcare and Essential Services National Cyber Awareness System: AA20-126A: APT Groups Target Healthcare and Essential Services Original release date: May 5, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber…