Collaborate Disseminate
A criminal complaint was unsealed today in federal court in Brooklyn charging Idris Dayo Mustapha, a citizen of the United Kingdom, with computer intrusion, securities fraud, money laundering, bank fraud and wire fraud, among other offenses. The charg… Continue reading Cybercriminal Charged with Unauthorized Computer Intrusion, Securities Fraud, Wire Fraud and Other Crimes
Theresa Defino reports: Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and business associates (BAs). And, if Congress agrees, its… Continue reading OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief
Ionut Ilascu reports: Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. The method enabled the threat actor behind… Continue reading Hackers are now hiding malware in Windows Event Logs
Dan Goodin reports: Researchers are marveling at the scope and magnitude of a vulnerability that hackers are actively exploiting to take full control of network devices that run on some of the world’s biggest and most sensitive networks. The vuln… Continue reading Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating
Keegan Brooks writes: The DeKalb County School District has been making thousands of files containing sensitive student and staff information widely accessible to anyone in the district. Types of information exposed have included social security number… Continue reading Insufficient Data Security and Disregard for Student Data Privacy Plague the DeKalb County School District; With Commentary by Jim Siegl
Kendall McKay and colleagues Paul Eubanks and Jaime Filson of Talos issued a report this week with some interesting insights. EXECUTIVE SUMMARY Through open-source research, we obtained and analyzed over four months of chat logs — more than 40 separate… Continue reading Conti and Hive ransomware operations: Leveraging victim chats for insights
The Department of State is offering a reward of up to $10,000,000 for information leading to the identification and/or location of any individual(s) who hold a key leadership position in the Conti ransomware variant transnational organized crime group…. Continue reading Reward Offers for Information to Bring Conti Ransomware Variant Co-Conspirators to Justice
Emily Bamforth reported this on April 21 on EdScoop. Somehow I missed it, but it’s so important that I am adding it now: As Illinois’ Lincoln College approached its two-week winter hiatus last December, workers walked in one weekend to find print… Continue reading Lincoln College was already struggling. Then came ransomware.
Hunton Andrews Kurth writes: On April 5, 2022, North Carolina became the first state in the U.S. to prohibit state agencies and local government entities from paying a ransom following a ransomware attack. North Carolina’s new law, which was passed as … Continue reading North Carolina Becomes First State to Prohibit Public Entities from Paying Ransoms
Brianna Soltys and Kristin L. Bryan of Squire Patton Boggs write that the the Judicial Panel on Multidistrict Litigation, which had consolidated all federal lawsuits against Blackbaud in the District of South Carolina, has rejected plaintiffs’ mo… Continue reading Court Rejects Demand for “Corrective” Notice in Blackbaud Data Breach MDL