Justin Ling reports: For years, cybersecurity professionals, watchdogs, and government agencies have warned that a malicious cyberattack on the US power grid could be devastating. With ample evidence that state-sponsored hacking groups are eyeing the decentralized and deeply vulnerable power grid, the risk is more acute than ever. Case in point: Hackers, believed to be…
US govt login portal could be one cyberattack away from collapse, say auditors
Brandon Vigliarolo reports: The US government’s Login.gov identity verification system could be one cyberattack, or just a routine IT hiccup, away from serious trouble, say auditors, because it hasn’t shown its backup testing policy is actually in use or effective. The US Government Accountability Office reported Tuesday that Login.gov, which is managed by the federal government’s General…
Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
There’s an update to a previously reported case. From the U.S. Attorney’s Office, Eastern District of New York, yesterday: Earlier today, in federal court in Brooklyn, United States District Judge Frederic Block sentenced Sagar Steven Singh, also known as “Weep,” to 27 months’ imprisonment for conspiracy to commit computer intrusion and aggravated identify theft. On…
100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
Nadeem Badshah reports: HM Revenue and Customs has lost £47m after a phishing scam breached tens of thousands of tax accounts, a group of MPs has heard. Two senior civil servants at the tax authority told the Treasury committee on Wednesday that 100,000 people had been contacted, or were in the process of being contacted,…
CISA Alert: Updated Guidance on Play Ransomware
CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play ransomware group and provides updated indicators of compromise (IOCs) to enhance threat detection. Since June…
Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
U.S. Dermatology Partners, which has over 100 locations across eight states, recently posted a notice of a data security incident on its website. As stated in their notice: On June 19, 2024, USDP experienced a network disruption. Upon detecting the incident, we quickly took steps to secure our network, immediately initiated our incident response processes…