In December 2023, UW’s Fred Hutchinson Cancer Center (“Fred Hutch”) reported a November cyberattack that involved the exfiltration of patient data and attempted extortion of patients. DataBreaches contacted Fred Hutch on December 8 to ask whether the attackers had encrypted their files and whether they had negotiated with the threat actors. They did not reply….
Forensic reports are NOT privileged — Ontario Divisional Court
A comment by Canadian attorney David Fraser caught my eye on Infosec.Exchange: This decision is going to be significant for all lawyers who work in cyber incident response and breach coaching. The IPC’s decision that forensic reports are NOT privileged was upheld as correct by the ON Divisional Court. The case is LifeLabs LP v….
Years later, Marriott admits data were not encrypted before its 2018 data breach. Now what?
What might happen to a company that has been making false claims about its system security for more than five years after experiencing a massive data breach? Will state attorneys general, the SEC, and the FTC investigate and possibly penalize them for a significant misrepresentation to consumers and regulators? CSO Online has a significant update…
CISA’s KEV catalog making a positive difference to defenders
Jonathan Greig reports that a CISA resource is having a positive effect at both a federal level as well as for non-governmental organizations: The Cybersecurity and Infrastructure Security Agency (CISA) has run its Known Exploited Vulnerabilities (KEV) catalog for nearly three years and it has quickly become the go-to repository for software and hardware bugs actively being exploited by hackers around the world. Experts…
UK makes weak default passwords illegal
Three cheers for the U.K. on this one. Kevin Purdy reports: If you build a gadget that connects to the Internet and sell it in the United Kingdom, you can no longer make the default password “password.” In fact, you’re not supposed to have default passwords at all. A new version of the 2022 Product Security…
Germany summons Russian envoy over Fancy Bears cyberattack
DW reports: Germany accused Russia’s military intelligence service, the GRU, on Friday of being behind a 2023 cyberattack that targeted the Social Democrats (SPD). NATO member Germany has been among the Western nations providing military support to Ukraine as it fights a Russian invasion and there have also been recent accusations of increased espionage. In June 2023, the SPD announced that cybercriminals had…