Collaborate Disseminate
What happens when threat actors leak data on the dark web but the victim entity doesn’t access it in time to figure out what was leaked? That’s what happened to PruittHealth in Georgia last year. How many people are they notifying because t… Continue reading PruittHealth was hacked back in November. Here’s what we STILL don’t know.
May 30, 2024 HC3: Analyst Note TLP:CLEAR Report: 20240530120 Executive Summary A Distributed-Denial-of-Service (DDoS) attack is a type of cyber attack in which an attacker uses multiple systems, often referred to as a botnet, to send a high volume of t… Continue reading HC3: Analyst Note: Healthcare Sector DDoS Guide
Jai Vijayan reports: In recent attacks involving the ominously growing RansomHub ransomware, attackers have exploited the so-called ZeroLogon flaw in the Windows Netlogon Remote Protocol from 2020 (CVE-2020-1472) to gain initial access to a victim̵… Continue reading RansomHub Actors Exploit ZeroLogon Vuln in Recent Ransomware Attacks
Joseph Cox reports: Google has accidentally collected childrens’ voice data, leaked the trips and home addresses of car pool users, and made YouTube recommendations based on users’ deleted watch history, among thousands of other employee-reported priva… Continue reading Google Database Reveals Thousands of Privacy Incidents
Solomon Klappholz reports: Snowflake has pinned the blame on a series of high-profile data breaches in recent days on customers failing to adequately secure production environments by using two-factor authentication. In a statement on 2 June 2024, Snow… Continue reading Snowflake data breach claims spark war of words over culpability; researchers may have been trolled
Matt Burgess reports: Russian cybercriminals are almost untouchable. For years, hackers based in the country have launched devastating ransomware attacks against hospitals, critical infrastructure, and businesses, causing billions in losses. But they’r… Continue reading Cops Are Just Trolling Cybercriminals Now
The New Yorker decided to make fun of security incident notices in a piece by Jay Katsir. From the notice’s “What Happened?” section: In or around November or February, 2018/24, we detected suspicious activity within our system. It wa… Continue reading Notice of Security Incident – The New Yorker
The Office of the Information & Privacy Commissioner for British Columbia issued the following statement on May 23 about a case that raises issues of transparency and claims of privileged information: LifeLabs has announced that it is seeking leav… Continue reading LifeLabs to appeal court’s decision to release Ontario IPC and BC OIPC breach investigation report
Kevin Beaumont writes: Yesterday, Microsoft CEO Satya Nadella sat down with the media to introduce a new feature called Recall, as part of their Copilot+ PCs. It takes screenshots of what you’re doing on constantly, by design. Previously, Kevin wrote: … Continue reading How the new Microsoft Recall feature fundamentally undermines Windows security – Beaumont
Marianne Kolbasuk McGee reports: More than 100 medical associations and industry groups representing tens of thousands of U.S. doctors and healthcare professionals have banded together to urge federal regulators to hold Change Healthcare responsible fo… Continue reading 100 Groups Urge Feds to Put UHG on Hook for Breach Notices