LATEST POST
US sanctions Chinese firm for hacking firewalls in ransomware attacks; $10 million reward for information
The U.S. Treasury Department has sanctioned Chinese cybersecurity company Sichuan Silence and one of its employees for their involvement in a series of Ragnarok ransomware attacks targeting U.S. critical infrastructure companies and many other victims worldwide in April 2020. BleepingComputer reports: According to the Department’s Office of Foreign Assets Control (OFAC), Sichuan Silence is a […]
HealthAlliance of Hudson Valley Pays $550,000 to NYS; Failed to Address a Known Cybersecurity Vulnerability
New York State Attorney General Letitia James announced another data security enforcement settlement yesterday. HIPAA Journal writes: A New York healthcare provider that experienced a breach of the personal and protected health information of 242,641 New Yorkers has been ordered to pay a financial penalty of $550,000 and take steps to strengthen its data security […]
Croatia’s Port of Rijeka hacked by 8Base Ransomware Group
Security Affairs reports that the ransomware group known as “8Base” claims to have attacked Croatia’s Port of Rijeka and to have stolen data. The CEO of the port, Duško Grabovac, told news outlet Novi list that despite threats actors stole some data, the incident had no impact on the operations at the post and that they will […]
Chemonics discloses months-long breach affecting more than 263,000 people
SC Media reports that Chemonics International, a major contractor for the U.S. Agency for International Development (USAID) has provided notice of a months-long breach that began in May 2023. The unauthorized intrusion and data access reportedly affected 263,136 people. The intrusion was first detected on December 15, 2023, but the intrusion was not successfully terminated […]
Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data
GBHackers reports that threat actors known as Brain Cipher have claimed to have breached Deloitte UK and exfiltrated over 1 terabyte of sensitive data. According to statements released by Brain Cipher, they have exploited critical weaknesses within Deloitte UK’s cybersecurity infrastructure. The group has promised to unveil detailed information regarding the breach Read more at […]
Chinese hack of global telecom providers is ‘ongoing,’ officials urge people to use encrypted apps to communicate
The U.S. may not have totally kicked China-affiliated Salt Typhoon out of U.S. telecommunication systems, a new publication by CISA explains. Politico reports that CISA and the FBI are advising people to use encrypted communications: Jeff Greene, [executive assistant director of cybersecurity at the Cybersecurity and Infrastructure Security Agency], strongly urged Americans to “use your […]
Six password takeaways from the updated NIST cybersecurity framework
Specops Software has some useful advice to share and some of it may be surprising, Password security is changing — and updated guidelines from the National Institute of Standards and Technology (NIST) reject outdated practices in favor of more effective protections. Don’t have time to read the 35,000-word guidelines? No problem. Here are the six takeaways from NIST’s new […]
Should regulators do more naming and shaming?
The U.K. Information Commissioner’s Office did an interesting two-year trial and the results suggest that publicly reprimanding public sector entities over breaches and data leaks is an effective strategy — even without any monetary penalties. Infosecurity Magazine reports: The publication of reprimands following data leaks has been cited as an “effective” deterrent for public authorities. […]