There is an update to the reports of a Cleo file transfer vulnerability being exploited by hackers. Bleeping Computer reports that the same actors who were responsible for the massive MoveIT breach have also claimed responsibility for the Cleo breach: The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo […]
Here we go again: threat actors are taking advantage of vulnerabilities in file transfer products. This time it is Cleo file transfer products. The Record reports: Cybersecurity researchers are warning that vulnerabilities in several file transfer products are being exploited by hackers, even after a patch was released by the developer. The vulnerability — CVE-2024-50623 — was […]
The U.S. Treasury Department has sanctioned Chinese cybersecurity company Sichuan Silence and one of its employees for their involvement in a series of Ragnarok ransomware attacks targeting U.S. critical infrastructure companies and many other victims worldwide in April 2020. BleepingComputer reports: According to the Department’s Office of Foreign Assets Control (OFAC), Sichuan Silence is a […]
New York State Attorney General Letitia James announced another data security enforcement settlement yesterday. HIPAA Journal writes: A New York healthcare provider that experienced a breach of the personal and protected health information of 242,641 New Yorkers has been ordered to pay a financial penalty of $550,000 and take steps to strengthen its data security […]
The U.S. may not have totally kicked China-affiliated Salt Typhoon out of U.S. telecommunication systems, a new publication by CISA explains. Politico reports that CISA and the FBI are advising people to use encrypted communications: Jeff Greene, [executive assistant director of cybersecurity at the Cybersecurity and Infrastructure Security Agency], strongly urged Americans to “use your […]
More late woes from the massive 2023 MoveIT databreach. The Register reports that more companies are now seeing their data leaked online on a popular hacking forum: Hundreds of thousands of employees from major corporations including Xerox, Nokia, Koch, Bank of America, Morgan Stanley and others appear to be the latest victims in a massive […]
If you’re old enough to remember when neighbors “borrowed” your wi-fi or cable connection so they didn’t have to pay for services, then you may appreciate the “nearest neighbor” attack as part of cyberwar. Kyiv Post reports: Russian military spies have employed an innovative technique using neighboring Wi-Fi systems to breach secure networks in an […]
CBS reports that the owner of Stoli brand vodka and Kentucky Owl bourbon has filed for Chapter 11 bankruptcy protection. Stoli Group (USA) “is experiencing financial difficulties,” according to the court filing. The firm claims it has assets estimated between $100 million and $500 million, and liabilities between $50 million and $100 million. The company’s […]
Security +Week reports that T-Mobile has shared additional information on a cyberattack believed to have been conducted by the China-linked threat group Salt Typhoon. T-Mobile’s Chief Security Officer, Jeff Simon, on Wednesday shared additional information in an attempt to clear up what the company described as “misleading media reports”. “Many reports claim these bad actors […]
Should regulators do more naming and shaming?
The U.K. Information Commissioner’s Office did an interesting two-year trial and the results suggest that publicly reprimanding public sector entities over breaches and data leaks is an effective strategy — even without any monetary penalties. Infosecurity Magazine reports: The publication of reprimands following data leaks has been cited as an “effective” deterrent for public authorities. […]