John E. Dunn reports: Someone on the dark web is touting for sale an unusual database a lot of people might pay handsomely to get their hands on. Another rich cache full of sensitive company data, or perhaps something stolen from a military power? In fact, according to the security company that verified its authenticity, Cyble,…
Category: Of Note
Maze Team under the spotlight
Maze has seemingly done such a good job getting media attention that we’re also seeing more analyses of their methods. This week, check out this report from FireEye: Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents and this report from Sophos: Maze ransomware: extorting victims for 1 year and counting In…
Paying the Ransom Doubles Cost of Recovering from a Ransomware Attack, According to Sophos
One of the interesting things I learned this past week at the Privacy+Security Forum Spring Academy was that 75% of a prominent law firm’s clients were able to recover from a ransomware attack without having to pay ransom. I was surprised to hear that statistic, as I would have guessed a higher percentage paid ransom….
Washington, D.C. Adds Security Requirements in New Data Breach Notification Law
Rachel Marmor of Davis Wright Tremaine writes: Washington, D.C. amended its data breach notification law (D.C. Act 23-268) on March 26, 2020, expanding the definition of personal information covered by the law and requiring businesses collecting data from D.C. residents to implement “reasonable security safeguards.” Because D.C. law already provides a private right of action…
Managed Service Providers Face Threats From Hackers and Clients
James Rundle reports: With wide-ranging client bases and trusted access to their computer systems, managed service providers are attractive targets for hackers seeking to ransom data or steal information. But they also face threats from their clients, who may have had patchy security in place for years. It only took a few months for Clear…
15-year-old hacker and crew of ‘evil geniuses’ accused of $24 million crypto theft
Bob Van Voris of Bloomberg reports: A 15-year-old hacker and his crew of “evil computer geniuses” stole nearly $24 million in cryptocurrency from an adviser to blockchain companies, according to a lawsuit filed in New York. Michael Terpin claims his phone was hacked and his money stolen in 2018 by a ring led by Westchester…