The Office of Inadequate Security
From an INTERPOL announcement yessterday: A global INTERPOL operation has taken down more than 22,000 malicious IP addresses or servers linked to cyber threats. Operation Synergia II (1 April – 31 August 2024) specifically targeted phishing, ransomware and information stealers and was a joint effort from INTERPOL, private sector partners and law enforcement agencies from…
Margi Murphy and Brian Platt report: Canadian authorities have arrested a man suspected of being behind a string of hacks involving as many as 165 customers of Snowflake Inc., according to people familiar with the matter. Following a request from the US, Alexander “Connor” Moucka was taken into custody on a provisional arrest warrant on…
On October 29, the Fourth Circuit Court of Appeals heard oral arguments in the government’s appeal of Conor Brian Fitzpatrick’s sentence. At issue was whether District Court Judge Leonie M. Brinkema had abused her discretion in sentencing Fitzpatrick and whether her sentence was “substantively unreasonable.” Judges have discretion in sentencing and courts are often reluctant…
HHS OCR announced a second ransomware investigation settlement today. This one involved Bryan County Ambulance Authority (BCAA), a provider of emergency medical services in Oklahoma. The Bryan County Ambulance Authority breach occurred in November 2021, but was only first reported to HHS on May 18, 2022. It affected 14,273 patients. HHS’s press release (below) notes…
Over on Infosec.Exchange, Wendy Nather mentioned an open letter that is noteworthy for its approach to improving cybersecurity. The letter to presidential candidates’ transition teams, relevant federal agencies, and members of Congress begins: The federal government focuses primarily on cybersecurity as it relates to national security. This priority is essential, but the framing allows many small,…
How many data breaches can an entity have before either some regulator steps in with a corrective action plan or something happens to reduce the likelihood of more breaches? Consider the following: Breach # 1 On February 22, 2022, Minuteman Senior Services (MSS) identified suspicious activity related to an employee’s email account. According to the notification…