On March 21, this site reported that Maze Team had attacked Hammersmith Medicines Research (HMR) in London — a clinical testing firm that conducts early Phase 1 and Phase 2 pharmacological tests. Maze had attacked and locked up their data on March 14, but HMR was reportedly able to quickly restore their ability to function and…
Sixth Annual Data Security Incident Response Report Released – Managing Enterprise Risks and Leveraging Data in a Digital World
There are many firms that issue yearly reports on data breach trends and incident response based on their experience. When a law firm has been involved in more than 1000 cases, it’s worth taking a look at their findings. I have always found my discussions with BakerHostetler lawyers to be informative. I’m looking forward to…
Maze ransomware operators claim to have stolen millions of credit cards from Banco BCR
Lawrence Abrams reports on a new “press release” from the Maze ransomware operators. The release was posted yesterday and claims that the Maze Team had successfully attacked Banco BCR, the state-owned bank of Costa Rico in August, 2019 The attackers claim that the bank never complied with its obligations to notify other banks and regulators….
Clop ransomware leaks ExecuPharm’s files after failed ransom
Sergiu Gatlan reports: Clop ransomware leaked files stolen from U.S pharmaceutical company ExecuPharm after ransom negotiations allegedly failed. ExecuPharm is a contract research organization (CRO) that provides clinical research support services to companies from the pharmaceutical industry. The company has more than 18,000 global clinical operational specialists in its network and it is one largest…
Spear-phishing campaign compromises executives at 150+ companies
Catalin Cimpanu reports: A cybercrime group operating since mid-2019 has breached the email accounts of high-ranking executives at more than 150 companies, cyber-security firm Group-IB reported today. The group, codenamed PerSwaysion, appears to have targeted the financial sector primarily, which accounted for more than half of its victims; although, victims have been recorded at companies…
“Government” hackers cracked the mail of dignitaries of Estonia
The following is a Google translation of a story that appears on securitylab.ru: For hacking, it was enough for the victim to open a malicious email; no other action was required on her part. Government-sponsored hackers exploited the zero-day vulnerability in the Estonian email service Mail.ee and hacked the accounts of a number of dignitaries….