For initial coverage, read this post. Updates: A threat actor, “Twister Canyon,” claims that MCG Health has made false claims about the incident. Their claims can be found in the Comments section under the original post. MCG Health was asked to respond to their claims but have not replied as of this June 14 posting….
GA: Funds stolen from Floyd County Schools in cyberattack, police investigating
John Bailey and John Druckenmiller reported this on June 8: The Floyd County school system confirmed on Wednesday reports of a cyberattack, discovered Monday, that resulted in $194,672.76 being stolen from the school system. “Floyd County Schools has been made aware of a spear phishing incident, which is a targeted email attack pretending to be…
Kennesaw State researchers highlight gaps in data security considerations for brainwave tech
Thomas Hartwell writes: Kennesaw State University researchers are urging a greater focus on cybersecurity in emerging brainwave technologies, which they say are vulnerable to hacking and breaches of personal data. Brainwave technologies can be used with a wired cap that feeds and decodes information straight into a computer, or wirelessly by wearing sensors on the…
More details emerge on Palermo ransomware attack — threat actors claim 350 GB stolen and 70% of files encrypted
Last week, the municipality of Palermo, Italy issued a statement that it had shut down systems in response to a cyberattack and that all services had been impacted. The Vice Society ransomware group subsequently claimed responsibility for the attack by adding Palermo to their list of “partners” on their dark web leak site. As DataBreaches.net…
Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware
Sergiu Gatlan reports: Ransomware gangs are now targeting a recently patched and actively exploited remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks. If successfully exploited, this OGNL injection vulnerability (CVE-2022-26134) enables unauthenticated attackers to take over unpatched servers remotely by creating new admin accounts…
OCR Presents: Recognized Security Practices Video Presentation
The HHS Office for Civil Rights (OCR) is producing a pre-recorded video presentation for HIPAA covered entities and business associates (regulated entities) on “recognized security practices,” as set forth in Public Law 116-321 (Section 13412 of the Health Information Technology for Economic and Clinical Health Act (HITECH). The statute requires OCR to take into consideration…