Micaela McMurrough, Ashden Fein, Caleb Skeath, and Shayan Karbassi of Covington & Burling write: Earlier this week, the Securities and Exchange Commission (“SEC”) published an update to its rulemaking agenda indicating that it does not plan to approve two proposed cyber rules until at least October 2023 (the agenda’s timeframe is an estimate). The proposed…
Google claims it caught China government hackers redhanded breaking into hundreds of networks around the world
Frank Bajak and AP report: Suspected state-backed Chinese hackers used a security hole in a popular email security appliance to break into the networks of hundreds of public and private sector organizations globally, nearly a third of them government agencies including foreign ministries, the cybersecurity firm Mandiant said Thursday. “This is the broadest cyber espionage…
Snooping in Medical Records by Hospital Security Guards Leads to $240,000 HIPAA Settlement
Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement with Yakima Valley Memorial Hospital, a not-for-profit community hospital located in Yakima, Washington resolving an investigation under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). OCR investigated allegations that several security guards from Yakima Valley Memorial…
Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses
The Justice Department today announced charges against a Russian national for his involvement in deploying numerous LockBit ransomware and other cyberattacks against victim computer systems in the United States, Asia, Europe, and Africa. Ruslan Magomedovich Astamirov (АСТАМИРОВ, Руслан Магомедовичь), 20, of Chechen Republic, will make his initial appearance later today. “This Lockbit-related arrest, the second…
State governments among victims of MoveIT Transfer breach
Alexander Culafi reports: Illinois, Minnesota and Missouri state governments are among a growing list of organizations attacked via a critical flaw in Progress Software’s MoveIT Transfer product. Progress Software on May 31 detailed an SQL injection bug in its managed file transfer (MFT) software MoveIt Transfer. Progress urged customers to immediately apply mitigations for the…
Court unseals long-awaited election security reports
Analysis by Tim Starks with research by David DiMolfetta: A long-awaited report on the cybersecurity vulnerabilities of election machines in Georgia was finally released alongside another report on Wednesday, but the two sides of a long-running dispute over the security of the state’s election machines can’t agree on what conclusions to draw. The first report — by University…