From HHS’s October cybersecurity newsletter: Last year, the Department of Health and Human Services’ (HHS) Health Sector Cybersecurity Coordination Center (HC3) released a threat brief on the different types of social engineering1 that hackers use to gain access to healthcare information systems and data.2 The threat brief recommended several protective measures to combat social engineering, one of…
Police employee arrested for computer trespassing and violation of official secrecy
Politie reports an alleged insider breach in the police department itself: An employee of the Amsterdam police unit was arrested this week on suspicion of computer trespassing and violation of official secrecy. The investigation into the employee is conducted by the Safety, Integrity and Complaints department (VIK) of the Amsterdam unit under the direction of…
Another small firm suffers a serious ransomware attack: Cadre Services gets mauled by AlphV
There are some data leaks that make you shake your head and wonder about how a firm responded to a ransomware attack. This is one of them. Cadre Services (previously known as Premier Staffing) is a Wisconsin-based company providing employment and staffing services for office professionals. They have been in business since 1994. In a…
BlackCat threatens to leak data from Morrison Community Hospital (1)
On October 13, AlphV threat actors added Morrison Community Hospital to their dark web leak site. Within hours, it appeared to have been removed. Today, it was re-listed with this commentary by AlphV: HUGE LEAK COMING! SQL + DATA = 5TB Given that we haven’t received a clear response from MCH representatives, we’ve decided to…
Casio discloses data breach impacting customers in 149 countries
Sergiu Gatlan reports: Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform. Casio detected the incident on Wednesday, October 11, following the failure of a ClassPad database within the company’s development environment. Evidence suggests that the attacker accessed customers’ personal…
RagnarLocker ransomware dark web site seized in international sting
Carly Page reports: An international group of law enforcement agencies have seized the dark web portal used by the notorious RagnarLocker ransomware group, TechCrunch has learned. A message on the RagnarLocker website now states that, “this service has been seized by a part of a coordinated international law enforcement action against the RagnarLocker group.” According…