Mark Young and Paul Maynard of Covington and Burling write: UKG) proposals for new, sector-specific cybersecurity rules continue to take shape. Following the announcement of a Product Security and Telecommunications Infrastructure Bill and a consultation on the security of apps and app stores in the Queen’s Speech (which we briefly discuss here), the UKG issued a…
Unpatched and Outdated Medical Devices Provide Cyber Attack Opportunities
FBI Private Industry Notification PIN 20220912-001 TLP: WHITE Summary The FBI has identified an increasing number of vulnerabilities posed by unpatched medical devices that run on outdated software and devices that lack adequate security features. Cyber threat actors exploiting medical device vulnerabilities adversely impact healthcare facilities’ operational functions, patient safety, data confidentiality, and data integrity….
Lorenz ransomware breaches corporate network via phone systems
Sergiu Gatlan reports: The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises, using their phone systems for initial access to their corporate networks. Arctic Wolf Labs security researchers spotted this new tactic after observing a significant overlap with Tactics, Techniques, and Procedures (TTPs) tied to ransomware attacks…
Vasile Mereacre testifies against former Uber security chief in criminal trial
Maria Dinzeo reports: When hackers Vasile Mereacre and Brandon Glover teamed up in 2016 and began scouring Github for exploitable security flaws, they weren’t looking to hack any one company specifically. But Uber’s lax security quickly made the ride-hail giant the pair’s top target. Testifying Monday in the former Uber security head Joe Sullivan’s criminal obstruction…
Member of Roanoke-Area ATM Skimming Conspiracy Pleads Guilty
ROANOKE, Va. – A member of a Romanian criminal organization who traveled to the United States to conduct ATM skimming pleaded guilty last week in federal court. Catalin Puscasu, 38, pleaded guilty to conspiracy to commit bank fraud, access device fraud, and aggravated identity theft. Puscasu is the third defendant to have pleaded guilty for…
LockBit updates leak site with post about Sud-Francilien hospital
After weeks of information and misinformation leaking out, and after some outstanding reporting by Valéry Rieß-Marchive on LeMagIT, LockBit 3.0 has publicly confirmed that they are responsible for the attack on South Francilien Hospital Center (CHSF). Consistent with the usual rhetoric we see from threat actors in such circumstances, LockBit tries to put responsibility on…