Phoebe Taylor-Vuolo, Report for America corps member, reports: Guthrie Lourdes Hospital in Binghamton continues to feel the impact of a recent cyberattack on Ascension, its former parent organization. Ascension said it was hit with a ransomware attack on May 8. Lourdes was officially acquired by the Guthrie health system in February, but officials say that transition is…
Category: Of Note
BreachForums seized by FBI and law enforcement partners; administrator arrested (3)
It probably will not surprise anyone who has checked BreachForums recently, but there is now a seizure notice on the forum. The notice claims that BreachForums is under the control of the FBI and has been taken down by the FBI and DOJ with assistance from international partners. The forum’s owner, ShinyHunters, or whoever is…
‘Got that boomer!’: How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts
Here’s your “definitely want to read this one today” piece. Zack Whittaker reports: The incoming phone call flashes on a victim’s phone. It may only last a few seconds, but can end with the victim handing over codes that give cybercriminals the ability to hijack their online accounts or drain their crypto and digital wallets….
CISA Advisory: #StopRansomware: Black Basta
The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Black Basta this week. The alert was likely released this week because the attack on Ascension that is disrupting that health system has been attributed to Black Basta. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and…
Fred Hutch notifies more patients of November 2023 attack (1)
In December 2023, UW’s Fred Hutchinson Cancer Center (“Fred Hutch”) reported a November cyberattack that involved the exfiltration of patient data and attempted extortion of patients. DataBreaches contacted Fred Hutch on December 8 to ask whether the attackers had encrypted their files and whether they had negotiated with the threat actors. They did not reply….
UK makes weak default passwords illegal
Three cheers for the U.K. on this one. Kevin Purdy reports: If you build a gadget that connects to the Internet and sell it in the United Kingdom, you can no longer make the default password “password.” In fact, you’re not supposed to have default passwords at all. A new version of the 2022 Product Security…