Collaborate Disseminate
A quick note that the official draft of CIRCA is now published: A Proposed Rule by the Homeland Security Department on 04/04/2024 All information is linked from https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-fo… Continue reading Proporsed Rule: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements
A recent listing on LockBit’s leak site about Crinetics Pharmaceuticals seemed unusual. It included a disclaimer: “Those responsible for the exfiltration of data belonging to this victim have no association, indirect or direct, with the Loc… Continue reading Threat actors walked away from a $1.8 million offer because the victim talked to the media?!
CSRB’s Third Review Focuses on Actions Microsoft, Other Cloud Providers, and the U.S. Government Should Take to Protect Cloud Customers WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) f… Continue reading Cyber Safety Review Board Releases Report on Microsoft Online Exchange Incident from Summer 2023
Jagmeet Singh reports: The Indian government has finally resolved a years-long cybersecurity issue that exposed reams of sensitive data about its citizens. A security researcher exclusively told TechCrunch he found at least hundreds of documents contai… Continue reading Indian government’s cloud spilled citizens’ personal data online for years
As of this morning, more than a dozen rehabilitation hospitals have disclosed a breach with unauthorized access to their systems between January 16 and February 4. The intrusion was discovered on February 1. The attack resulted in access to patient dat… Continue reading Ernest Health rehabilitation hospitals notify patients of ransom attack in January (1)
KCRG Staff report: A former Iowa City hospital administrator pleaded guilty on Monday to an identity theft scheme that spanned three decades and caused the victim to be falsely imprisoned for nearly two years. Officials said 58-year-old Matthew Keirans… Continue reading This may be the worst ID theft case you’ve ever read about
CISA Alert of March 29, 2024: CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data compression software and may be… Continue reading CISA Alert: Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094
Ashden Fein, Micaela McMurrough, Caleb Skeath, Robert Huffman, John Webster Leslie, and Shayan Karbassi of Covington and Burling write: On March 27, 2024, the U.S. Cybersecurity and Infrastructure Security Agency’s (“CISA”) Notice of Proposed Rulemakin… Continue reading CISA Issues Notice of Proposed Rulemaking for Critical Infrastructure Cybersecurity Incident Reporting
Hunton Andrews Kurth writes: On March 19, 2024, Utah’s Governor Spencer J. Cox signed Senate Bill (SB) 98 (the “Bill”), Online Data Security and Privacy Amendments, into law. The Bill amends the Protection of Personal Information Act (§13-44-101 et seq… Continue reading Utah Enacts Amendments to State Breach Notification Law
WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), a Wuhan, China-based Ministry of State Security (MSS) front company that has s… Continue reading Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure