Tom Olson reports: A hacking group with ties to the Russian government is suspected of carrying out a cyberattack in January that caused a tank at a Texas water facility to overflow, experts from US cybersecurity firm Mandiant said Wednesday. The attack took place in Muleshoe, Texas, and coincided with other towns in north Texas…
Category: Of Note
Lawsuits mount and cyberattack could cost UnitedHealth Group up to $1.6B this year
Christopher Snowbeck of the Star Tribune in Minnesota is doing some great reporting on the Change Healthcare UnitedHealth Group cyberattack. Yesterday, he did a write-up on a Minneapolis therapy clinic suing Change Healthcare. He reports, in part: Twin Cities Counseling says it hasn’t been able to submit payment claims for more than 100 appointments —…
Prominent US senator sees new momentum for healthcare cybersecurity push
Eric Geller reports: As U.S. hospitals struggle to pay their employees amid a cyberattack that knocked out a major payment vendor, a powerful Democratic senator is seizing the moment to push for better security in the sorely vulnerable healthcare sector. Sen. Mark Warner (D-VA) has introduced legislation that would require hospitals and their technology vendors…
Why CISA is Warning CISOs About a Breach at Sisense
Brian Krebs reports: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been…
Proporsed Rule: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements
A quick note that the official draft of CIRCA is now published: A Proposed Rule by the Homeland Security Department on 04/04/2024 All information is linked from https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements NOTE: This is quite long, so leave yourself time to read it. Comments and related material must be submitted on or before June 3, 2024.
Threat actors walked away from a $1.8 million offer because the victim talked to the media?! (1)
A recent listing on LockBit’s leak site about Crinetics Pharmaceuticals seemed unusual. It included a disclaimer: “Those responsible for the exfiltration of data belonging to this victim have no association, indirect or direct, with the Lockbit group.” If those who exfiltrated the data had no association with LockBit, why was the listing on LockBit’s site?…