LATEST POST
Iran-linked hackers claim to leak troves of documents from Israeli hospital
The Record reports: A hacker group allegedly linked to Iran claimed to have leaked thousands of medical records from an Israeli hospital, including those of Israeli soldiers. In a cyberattack on Ziv Medical Center in the city of Safed, near the border with Syria and Lebanon, the hackers claimed to have accessed 500GB of data dating back […]
Ransomware gang tests new approach to extort victims
Researchers and analysts who track developments in ransomware leak sites are buzzing this morning about a post by the AlphV (“BlackCat”) threat actors. Normally, threat actors try to extort their victims and then, if the victims do not pay or respond, they start leaking information about the attack and any data. This time, AlphV is […]
Cactus ransomware exploiting Qlik Sense flaws to breach networks
If there’s anything the past few years should have taught businesses, it is that if you think you can just wait a month or a few months to patch vulnerabilities when a patch is released, expect to hacked by threat actors who are already searching for businesses that haven’t patched. In this week’s example, Bleeping […]
The EU’s Cyber Resilience Act Has Now Been Agreed
Inside Privacy writes: Read more at Inside Privacy.
Southwestern Ontario hospitals facing $480M class action after patient data breached, sold on dark web
CTV reports: A group of southwestern Ontario hospitals is facing a potential $480-million class action lawsuit after at least 270,000 patients in the region had their data breached and reportedly sold by hackers on the dark web. The breach, first detected on Oct. 23, targeted Bluewater Health, Chatham-Kent Health Alliance, Erie Shores HealthCare, Hôtel-Dieu Grace […]
Scores of US credit unions offline after ransomware infects backend cloud firm Trellance
The Register reports: Read more at The Register.
Fortune-Telling Website WeMystic Exposes 13m+ User Records
Cybernews reports: Telling the future is a tricky business, and failure to foretell your own mishaps doesn’t help. The content platform WeMystic is a good example of this, with the Cybernews research team discovering that it exposed its users’ sensitive data. WeMystic offers its users astrology, spiritual well-being, and esotericism alongside an online shop for […]
Update on Cyber Incident Reporting for Critical Infrastructure Act of 2022
Constangy, Brooks, Smith & Prophete, LLP writes: As we near the end of another year, it is time to look ahead to developments in the information security and privacy landscape. One area of particular importance is the development of regulations implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022. CIRCIA, which was signed into […]