LATEST POST
Twin cyberattacks but different incident responses: Comparing MGM Resorts and Caesars
As an article in DarkReading highlights, it’s tempting to compare the incident responses by MGM Resorts and Caesars Entertainment to their recent cyberattacks because both are the same kind of entity and both were victims of the same threat actors (Scattered Spider/AlphV). But: Caesars quickly negotiated with the cyberattackers, and handed over a $15 million ransom payout, which […]
Ransomware is not just attacking companies. Grandma and Grandpa can get hit, too.
Researchers have noted two new types of ransomware that appear to be hitting Windows users — Windows users like Mom and Pop on their home computers. They, too, can wake up to find that all of their personal files have been locked and there’s a ransom note demanding hundreds of dollars or $1,000.00 to get […]
No, T-Mobile has not had two more data breaches this month, but maybe just one small leak?
T-Mobile has had so many data breaches over the years that it’s somewhat understandable that people may rush to assume that something is a breach of their system when it was not. This week, we heard of two situations like that. The first involved customers reporting that after they logged in to T-Mobile’s app, they […]
College agrees to spend $3.5 million to improve cybersecurity to settle state claims of violations of state and federal laws
When New York State Attorney General Letitia James announced a settlement with Marymount Manhattan College stemming from a data breach in 2021, some people discussing the case online were surprised that a state could go after a non-profit college that way, and they wondered if the state could get that kind of settlement with a […]
Department of Homeland Security Pushes for Common Cyber Incident Reporting Definitions
The U.S. Department of Homeland Security has released a report, “Harmonization of Cyber Incident Reporting to the Federal Government.” The report, which was released on Sept. 19, notes that there are currently dozens of cyberattack reporting requirements at the federal level. DHS is seeking to come up with a manageable and solution: … this report […]
UnitedLex faces potential class action over data breach
In August, The Data Breach Times reported a data breach involving UnitedLex that raised questions about their security and incident response. The article also noted a lawsuit that was filed by a former employee. This week, the Kansas City Business Journal reports another lawsuit stemming from that breach. This one reportedly: accuses UnitedLex of negligence […]
Lazarus Group Exploits ManageEngine Vulnerability
HC3: Sector AlertTLP:CLEARReport: 202309181700 Executive Summary Cisco Talos has published an open-source report regarding the North Korean state-sponsored actor, the Lazarus Group, reported to be targeting internet backbone infrastructure and healthcare entities in Europe and the United States. The attackers have been exploiting a vulnerability in ManageEngine products, which is tracked as CVE-2022-47966. This vulnerability […]
MultiCare Health System Gets Unions’ Kronos Pay Case Win Overturned on Appeal
Bloomberg Law reports that MultiCare Health System will get another chance to avoid liability for attempts to recoup wage overpayments in litigation following a hack of its vendor timekeeping system Kronos in 2021. With the timekeeping system not functioning due to a ransomware attack, many firms wound up using old wage statements or other methods […]