LATEST POST
Irish Data Protection Commission fines Meta €251 Million
A press release from the DPC explains the penalty:
SEC Charges Flagstar for Misleading Investors About Cyber Breach
ADMINISTRATIVE PROCEEDINGFile No. 3-22360 December 16, 2024 – The Securities and Exchange Commission today filed settled charges against Flagstar Bancorp, Inc. (now known as “Flagstar Financial, Inc.”), for making materially misleading statements regarding a cybersecurity attack on Flagstar’s network in late 2021 (the “Citrix Breach”). The SEC’s order finds that Flagstar negligently made materially misleading statements […]
Deloitte Sued Over Breach of Rhode Island Government Benefits Recipient Data
Deloitte has been getting its name in the news this month, but not in a good way. First, a ransomware group named “Brain Cipher” claimed to have attacked Deloitte UK. Deloitte responded to their claims by denying that their network was breached and stating that the breach involved a single client’s system that is not […]
Clop ransomware claims responsibility for Cleo data theft attacks
There is an update to the reports of a Cleo file transfer vulnerability being exploited by hackers. Bleeping Computer reports that the same actors who were responsible for the massive MoveIT breach have also claimed responsibility for the Cleo breach: The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo […]
Multiple Cleo file transfer products being exploited by hackers; patch isn’t sufficient
Here we go again: threat actors are taking advantage of vulnerabilities in file transfer products. This time it is Cleo file transfer products. The Record reports: Cybersecurity researchers are warning that vulnerabilities in several file transfer products are being exploited by hackers, even after a patch was released by the developer. The vulnerability — CVE-2024-50623 — was […]
US sanctions Chinese firm for hacking firewalls in ransomware attacks; $10 million reward for information
The U.S. Treasury Department has sanctioned Chinese cybersecurity company Sichuan Silence and one of its employees for their involvement in a series of Ragnarok ransomware attacks targeting U.S. critical infrastructure companies and many other victims worldwide in April 2020. BleepingComputer reports: According to the Department’s Office of Foreign Assets Control (OFAC), Sichuan Silence is a […]
Should regulators do more naming and shaming?
The U.K. Information Commissioner’s Office did an interesting two-year trial and the results suggest that publicly reprimanding public sector entities over breaches and data leaks is an effective strategy — even without any monetary penalties. Infosecurity Magazine reports: The publication of reprimands following data leaks has been cited as an “effective” deterrent for public authorities. […]