LATEST POST
Senator Grassley demands answers from CISA on Ivanti-enabled hack of sensitive systems
The Record reports: Sen. Charles Grassley (R-IA) on Wednesday sent Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly a stern letter seeking documentation and answers relating to a January hack of the agency’s Chemical Security Assessment Tool (CSAT) along with the breach of a second sensitive system. Grassley noted that the cyberattack led to “malicious activity” […]
Attack on TeamViewer did not reach production environment or customer data
On June 27, TeamViewer issued a statement stating that it had detected an irregularity in its internal corporate environment. The statement emphasized that the internal corporate environment is completely independent from its product environment. An update issued on June 28 stated that current findings pointed to an attack tied to the credentials of a standard […]
Lurie Children’s Hospital ransomware incident affected more than 791K people
In late January, Lurie Children’s Hospital took its phones, email, electronic health records system, and patient portal offline to deal with a ransomware attack. As a result, some patient care was disrupted or delayed. The hospital would not meet the threat actor’s demands for more than $3 million, and it wasn’t until a month later […]
Meet Brain Cipher — The new ransomware behind Indonesia’s data center attack
Yet another ransomware group is causing major damage and headaches. Bleeping Computer has a helpful write-up on Brain Cipher. It begins: The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia’s temporary National Data Center. Indonesia is building out National Data Centers to securely store […]
FTC Defends Investigation Into Cyberattack on MGM as Casino Giant Seeks to Block Probe
Occasionally, a business giant with the funds to fight the government will challenge a federal agency’s enforcement action. This time, it is MGM taking on the FTC. Law.com reports: The Federal Trade Commission this week defended its investigation of MGM Resort International’s data security practices as the Las Vegas-based casino is seeking a court order […]
Supreme Court Restricts Ability of Federal Agencies To Issue Fines
The Supreme Court issued a decision today that could limit federal agencies attempting to impose fines for data security violations or breaches. Although the decision in Securities and Exchange Commission v. Jarkesy did not involve data security or a data breach, the issue before the court involved the agency’s authority to charge someone with a violation […]
Another MOVEit vulnerability: PATCH immediately!
Once again, threat actors are jumping to exploit a newly identified vulnerability in Progress MOVEit Transfer software. As Bleeping Computer reports, exploit attempts were noted less than 24 hours after the vendor disclosed the vulnerability. The new security issue received the identifier CVE-2024-5806 and allows attackers to bypass the authentication process in the Secure File Transfer Protocol […]
‘I don’t see it happening’: CISA chief dismisses ban on ransomware payments
Despite some calls to ban ransomware payments in hopes that criminals will abandon financially motivated ransomware attacks, finding a way to get everyone to comply with any such ban has seemed challenging, to say the least, and there has been a lot of pushback. Now, one more expert with clout has suggested that the idea […]