Collaborate Disseminate
CSO reports: Zero-day exploits, supply chain attacks fuel 72% increase over previous record for incidents of compromise. Another increase is expected for 2024. A new record for data breaches reported to the Identity Theft Resource Center (ITRC) was set… Continue reading Zero-day, supply-chain attacks drove data breach high for 2023
The UT investigated the decision-making process of victims who had to pay ransoms during ransomware attacks. UT researcher Tom Meurs and his colleagues analyzed 481 ransomware attacks, data from the Dutch police and a Dutch incident response party. Org… Continue reading University of Twente Maps Decision-Making Process for Ransomware Victims
Sergiu Gatlan reports: Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week… Continue reading CISA pushes federal agencies to patch Citrix RCE within a week
Zack Whittaker reports: Over the past year we’ve seen Uber’s former chief security officer convicted in federal court for mishandling a data breach, a federal regulator charge SolarWinds’ security chief with allegedly misleading investors prior to its … Continue reading As hacks worsen, SEC turns up the heat on CISOs
On December 28, DataBreaches published snippets from a chat with a threat actor (TA) who claimed to have involvement with both the Fred Hutch cyberattack and the Integris cyberattack. In the course of that exchange, the TA surprised DataBreaches by cla… Continue reading Fred Hutch failed to reveal threats of potential swatting attacks until this site revealed the threat. Should they have disclosed it themselves?
January 12, 2024 New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris today announced that Genesis Global Trading, Inc. (“Genesis Global Trading”) will pay an $8 million penalty to New York State for compliance failur… Continue reading NYS announces $8 Million Penalty Against Genesis Global Trading, Inc. After DFS Investigation Finds Significant Failings in Anti-Money Laundering and Cybersecurity Programs
Bill Toulas reports: The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups. The agency says that the threat actor’s attacks accoun… Continue reading Finland warns of Akira ransomware wiping NAS and tape backup devices
Bill Toulas of Bleeping Computer reported on a recent Arctic Wolf Labs investigation that caught my eye. Arctic Wolf investigated two cases where victims of the Royal and Akira ransomware gangs who had paid ransoms were subsequently approached by threa… Continue reading Follow-on extortion campaign: confirmation of some findings by Arctic Wolf
January 5, 2024 NEW YORK – New York Attorney General Letitia James today announced an agreement with a Hudson Valley-area health care provider, Refuah Health Center, Inc. (Refuah), for failing to safeguard the personal and private health information of… Continue reading Attorney General James Reaches Agreement with Refuah Health Center to Invest $1.2 Million to Protect Patient Data and Pay $450,000 in Penalties to State
January 4 – Tampa, Florida – United States Attorney Roger B. Handberg announces the culmination of a transnational cybercrime investigation involving the xDedic Marketplace. According to court documents, the xDedic Marketplace was a website on th… Continue reading 19 Individuals Worldwide Charged In Transnational Cybercrime Investigation Of The xDedic Marketplace