A.J. Vicens reports: A new and increasingly active ransomware group that’s attacked nearly 200 organizations in less than two months has a different spin on its extortion efforts: Don’t pay us, pay a charity. So far, this unnamed group that is at least publicly claiming to be driven by anti-capitalist sentiment and its own brand…
Category: Of Note
Hacker attack Asl Abruzzo, Guarantor: downloading data is a crime
A press release (machine translated) from the Italian data protection regulator, Garante per la Protezione dei Dati Personali: With reference to the recent hacker attack suffered by Asl 1 Abruzzo, the Guarantor for the protection of personal data reminds that anyone who comes into possession or downloads data published on the dark web by criminal…
North Korea and Russia, notorious for hacking, team up on cybersecurity proposal
Shreyas Reddy reports: North Korea has thrown its weight behind a Russian effort to shore up global cyber “stability and security,” Moscow announced Tuesday, forming an unlikely coalition of states better known for instigating cyberattacks than stopping them. Belarus, Syria and Nicaragua also joined the two to submit the Concept of the U.N. Convention on…
#StopRansomware: BianLian Ransomware Group
Release Date: May 16, 2023 Alert Code: AA23-136A Summary Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs)…
HHS Office for Civil Rights Settles HIPAA Investigation with Arkansas Business Associate MedEvolve Following Unlawful Disclosure of Protected Health Information on an Unsecured Server for $350,000
As background: this case began with someone finding an unsecured FTP server owned by MedEvolve. He reported it to DataBreaches. This site first reported on the leak in 2018. This site also reported when MedEvolve issued a statement months later, and again two years later when HHS got them to notify patients. Today, the U.S….
New York audit: School districts unprepared for cyber attacks
Kathleen Moore reports: Student data, including names, birth dates and addresses, are not always kept secure by school districts or the state Education Department, the state Comptroller’s Office found in an audit issued Tuesday. The Education Department “has not taken the fundamental steps or improved the technical controls needed to secure its own critical systems,” the…