Brandi Vesco reports: The K12 Security Information eXchange (K12 SIX) has updated its cybersecurity recommendations for the 2024-25 school year to keep pace with evolving cybersecurity best practices, such as the need for multifactor authentication (MFA) for vendors and segmentation of student traffic. The framework of recommendations is weighted, which means it allows users to…
Since June, two groups claim to have attacked The Eye Clinic Surgicenter. What do we know?
One cyberattack is distressing enough. But has The Eye Clinic Surgicenter been attacked by two different groups this year? Silence is not golden if patient data has already been leaked. Last week, Meow Leaks added The Eye Clinic Surgicenter in Montana to their leak site. Meow’s site indicates that is offering 59 GB of files…
Postel S.p.A. and the 2023 Data Breach: The Medusa Attack and Sanctions from the Data Protection Authority
Over on SuspectFile, Marco A. De Felice writes: In August 2023, Postel S.p.A., a leading Italian company in the postal services and digital communications sector, became the victim of a serious cyberattack. The Medusa cybercriminal group exploited unresolved vulnerabilities in the company’s systems, gaining access to a large amount of sensitive data. This breach raised significant…
In legal first, Japan convicts man of abusing AI to generate ransomware
Malay Mail reports: A 25-year-old man has become the first person in Japan to be convicted for criminal activities involving generative AI. According to The Yomiuri Shimbun, the Tokyo District Court found Ryuki Hayashi guilty of creating a computer virus using interactive generative artificial intelligence. He was sentenced to three years in prison, suspended for four…
Italy police arrest four over alleged illegal database access, source says
Reuters reports: Italian police have placed four people under house arrest including Leonardo Maria Del Vecchio, son of the late billionaire founder of Luxottica, as part of a probe into alleged illegal access to state databases, a source said on Saturday. A lawyer for Leonardo Maria Del Vecchio said he was “eagerly awaiting the completion…
Update to Change Healthcare breach
From HHS OCR: “On October 22, 2024, Change Healthcare notified OCR that approximately 100 million individual notices have been sent regarding this breach. ” As DataBreaches mentioned this morning on Infosec.Exchange, is that 100 million an interim update and we should expect another update with even bigger numbers, or is 100 million the total number…