New York law firm gets fined $200k for failing to protect health data

A New York law firm has agreed to pay $200,000 in penalties to the state because it failed to protect the private and electronic health information of approximately 114,000 patients. How did the data theft happen? Heidell, Pittoni, Murphy and Bach (HPM… Continue reading New York law firm gets fined $200k for failing to protect health data

Fake subscription invoices lead to corporate data theft and extortion

A threat actor dubbed Luna Moth has been leveraging social engineering and legitimate software to steal sensitive data and extort money from small and medium-size businesses. The group is eschewing the use of ransomware and instead relies on targeted e… Continue reading Fake subscription invoices lead to corporate data theft and extortion

Kaspersky catches hacker-for-hire group using ‘PowerPepper’ malware

The hack-for-hire business is thriving. Following the revelation in November that a new mercenary group had targeted organizations in South Asia, researchers on Thursday outlined how another suspected hack-for-hire shop has used malicious code to try to breach organizations in Europe and the Americas. It’s the latest innovation in a bustling market for buying access to government and corporate networks in a range of industries. The new code, uncovered by analysts at security firm Kaspersky, can be used to remotely take over victim devices, and it interacts with the attackers via a communications-concealing protocol. The group responsible for the malware, known theatrically as DeathStalker, has been around for at least eight years but has only drawn public scrutiny in recent months, according to Kaspersky. And researchers have more digging to do. “PowerPepper,” as the new malware is known, “is already the fourth malware strain affiliated with the actor, and we have discovered […]

The post Kaspersky catches hacker-for-hire group using ‘PowerPepper’ malware appeared first on CyberScoop.

Continue reading Kaspersky catches hacker-for-hire group using ‘PowerPepper’ malware

Legal industry at great risk from insider data breaches

A staggering 96% of IT leaders in the legal sector say insider breach risk is a significant concern, according to Egress. 77% think employees have put data at risk accidentally in the past 12 months and 78% think employees have put data at risk intenti… Continue reading Legal industry at great risk from insider data breaches

Maze ransomware spree continues amid advisories from French, FBI officials

Roughly a month after the FBI advised U.S. companies to protect themselves against a pernicious strain of ransomware, hackers have continued to attack victims and threaten to publicize their private information. A hacking group deploying Maze ransomware has used a network of websites to publicly identify organizations it claimed to hack, and which of them refused to pay a ransom. In one recent note, the group said it would release confidential data if three small law firms based in South Dakota didn’t meet their demands. While it remains unclear if the Maze group has made any information public in this case, this incident only is the latest example of scammers promising to publish data, rather than leaving it encrypted or deleting it outright. A French government cybersecurity agency on Wednesday published a Maze alert suggesting TA-2101, a hacker group which previously targeted German government agencies and U.S. tax professionals, was […]

The post Maze ransomware spree continues amid advisories from French, FBI officials appeared first on CyberScoop.

Continue reading Maze ransomware spree continues amid advisories from French, FBI officials

Firm Cybersecurity: Professional Services Firms are Vulnerable Targets

What Can Professional Services Firms Do to Protect Themselves from Cybersecurity Threats? Cybercriminals are frequently targeting mid-sized, service-based businesses such as law firms, accounting firms, and financial services firms at unprecedented rat… Continue reading Firm Cybersecurity: Professional Services Firms are Vulnerable Targets

A Guide to Law Firm Cybersecurity Risks & Ethical Compliance

Law firms are frequently targeted by hackers due to their sensitive client information. The ABA is taking notice and has issued Formal Opinion 483. This is a quick guide on that Opinion and tips for how Law Firm can approach cybersecurity
The post A G… Continue reading A Guide to Law Firm Cybersecurity Risks & Ethical Compliance

[New White Papers] Law Firms Face Cyber Security Challenges Around Client Confidentiality and Due Diligence

The post [New White Papers] Law Firms Face Cyber Security Challenges Around Client Confidentiality and Due Diligence appeared first on Delta Risk.
The post [New White Papers] Law Firms Face Cyber Security Challenges Around Client Confidentiality and Du… Continue reading [New White Papers] Law Firms Face Cyber Security Challenges Around Client Confidentiality and Due Diligence

Weekly Cyber Risk Roundup: Bad Rabbit Halted, Law Firm Breach Raises Questions

The week’s top trending event was the outbreak of Bad Rabbit ransomware, which quickly spread across Russia and Eastern Europe before most of the infrastructure behind the attack was taken offline hours later.  Bad Rabbit was largely spread via watering hole attacks using compromised news media websites that prompted users to install a fake “Flash… Read More

The post Weekly Cyber Risk Roundup: Bad Rabbit Halted, Law Firm Breach Raises Questions appeared first on Security Boulevard.

Continue reading Weekly Cyber Risk Roundup: Bad Rabbit Halted, Law Firm Breach Raises Questions