LATEST POST
As schools reopen, expect more cyberattacks.
Schools that haven’t already reopened this year will be reopening this week, which makes this a great time for ransomware gangs to strike. All school districts should be hypervigilant and make sure they have a rapid response plan and an emergency backup plan in place. A number of school districts have already been reporting attacks […]
GEICO to face class action over allegations of privacy breach
GEICO is set to confront a nationwide class action lawsuit after allegedly compromising its customers’ privacy through the unauthorized release of their driver’s license numbers that were later used by identity thieves to secure fraudulent unemployment benefits. US District Judge Kiyo Matsumoto delivered the decision to proceed with the lawsuit in Brooklyn earlier this week, Reuters […]
FBI, European partners seize Quakbot malware network in blow to global cybercrime
U.S. officials said Tuesday that the FBI and its European partners infiltrated and seized control of a major global malware network used for more than 15 years to commit a gamut of online crimes including crippling ransomware attacks. They then remotely removed the malicious software agent — known as Qakbot — from thousands of infected […]
Texas Amends Data Breach Notification Law, Updates Effective September 1
Texas recently enacted an amendment to its data breach notification law. As of September 1, 2023, there are two changes to the requirements when notifying the Texas Attorney General. In Texas, breaches of 250 residents or more must be reported to the Attorney General. Now, as amended, this will need to be done so as soon as […]
Hackers use brute force and credential stuffing attacks on Cisco VPNs to breach networks
Hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such as not enforcing multi-factor authentication (MFA). Last week, BleepingComputer reported that the Akira ransomware gang was breaching Cisco VPNs for initial network access. Rapid7 security researchers have provided additional insights regarding these […]
Prospect Medical Holdings admits some confidential information was stolen in a cyberattack on Connecticut hospitals
Prospect Medical Holdings has now confirmed what already seemed clear to researchers and those who check leak sites. The threat actors did get files with personal information. Prospect Medical Holdings is confirming new details about a massive data theft from three Connecticut hospitals and others around the country in a nearly month-old cyber attack by a shadowy […]
Cyber insurance audit: Painful necessity, or a valuable opportunity?
Not that long ago, few companies even considered purchasing insurance to mitigate their financial exposure from a cyber incident, and for those that did, obtaining a policy was as easy as filling out an application and writing a check. Those days are now squarely in the rearview mirror. Today, companies everywhere are rushing to get cyber […]
Should senior IT professionals be liable for breaches?
In July, SolarWinds CISO Tim Brown and CFO Bart Kalsu received Securities and Exchange Commission notices of potential enforcement action over alleged violation of securities laws. The issue stems from their response to the Russian hack of the Orion network monitoring software in 2020 — a product used by more than 30,000 organisations. This isn’t the first […]