When the AlphV site went offline yesterday, rumors started. Now intel firm RedSense has tweeted that they can confirm it was a law enforcement takedown: Today, RedSense can confirm that #ALPHV aka #BlackCat ransomware gang’s site has been taken down by law enforcement @4D435A There has been no statement from the Department of Justice yet….
Category: Of Note
Seattle cancer patients face blackmail threats after recent Fred Hutch data breach
Brittany Toolis reports: As if battling cancer isn’t hard enough, now patients at UW’s Fred Hutchinson Cancer Center are being extorted. Last month, the Cancer Center experienced a data breach, exposing data for an unknown number of patients. Some of those patients are getting emails threatening to leak their personal information if they don’t pay…
HHS’ Office for Civil Rights Settles First Ever Phishing Cyber-Attack Investigation
Louisiana Medical Group settles after investigation reveals large cybersecurity breach affecting nearly 35,000 patients Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Lafourche Medical Group, a Louisiana medical group specializing in emergency medicine, occupational medicine, and laboratory testing. The settlement resolves an investigation following a…
Millions of patient scans and health records spilling online thanks to decades-old protocol bug
Carly Page reports: Thousands of exposed servers are spilling the medical records and personal health information of millions of patients due to security weaknesses in a decades-old industry standard designed for storing and sharing medical images, researchers have warned. This standard, known as Digital Imaging and Communications in Medicine, or DICOM for short, is the internationally…
Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements (GAO Report)
GAO-24-105658 Published: Dec 04, 2023. Publicly Released: Dec 04, 2023. Fast Facts Federal agencies have made progress in preparing for and responding to cyber threats. For instance, agencies have improved their ability to detect, analyze, and handle incidents like ransomware attacks and data breaches. However, some agencies have not met the federal requirements for event…
Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
The Hacker News reports: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. “The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution,” CISA said,…