Summary from the OIG: Objective The objective of this audit was to determine whether the DoD effectively controlled access to health information of well-known DoD personnel. Background The DoD maintains millions of electronic health records on its DoD beneficiaries, [REDACTED] DoD personnel who are granted access to health information to perform their official duties…
Nigerian hacker and a repeat offender sentenced to federal prison for unemployment fraud and tax fraud scheme
Bamidele Muraina, a Nigerian national who hacked into tax preparation firms and filed fraudulent unemployment benefit claims and tax returns using stolen personally identifiable information, and Gabriel Kalembo, a previously convicted fraudster who laundered the fraudulent assets, have both been sentenced to federal prison. The sentencing was announced today by the U.S. Attorney’s Office for…
SEC fines three companies over hacked employee email accounts
Catalin Cimpanu reports: The US Securities and Exchange Commission has fined three brokerage firms on Monday for neglecting to secure employee accounts, incidents that led to the exposure of their customers’ data. Cetera Advisor Networks LLC, Cetera Investment Services LLC, Cetera Financial Specialists LLC, Cetera Advisors LLC, and Cetera Investment Advisers LLC (collectively, the Cetera entities); Cambridge…
15-Year-Old Malware Proxy Network VIP72 Goes Dark
Brian Krebs reports: Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. But roughly two weeks ago, VIP72’s online storefront — which ironically enough has remained at the same U.S.-based Internet address for more than…
Industry lobbies Congress to extend notification timeline after cybersecurity incidents
Maggie Miller reports: Key industry groups on Wednesday pushed to give organizations at least three days to report cybersecurity incidents to the federal government, effectively opposing Senate legislation that would give them 24 hours to report breaches. Read more on The Hill.
Career Group, Inc. notifies more than 49,000 after paying ransom to threat actors
I haven’t seen any mention of this in news or on their web site, but Career Group Inc. suffered a ransomware attack recently and is notifying those impacted. In a copy of the notification submitted to the Maine Attorney General’s Office, they report that on July 2, Career Group Companies detected potential unauthorized access to…