Microsoft network breached through password-spraying by Russian-state hackers
Ars Technica reports: Read more at Ars Technica.
CISA pushes federal agencies to patch Citrix RCE within a week
Bleeping Computer reports: Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. The cybersecurity agency added the flaws to its Known Exploited Vulnerabilities Catalog today, saying that such vulnerabilities are “frequent attack […]
Inside the Massive Naz.API Credential Stuffing List
Troy Hunt of HaveIBeenPwned writes: Read more at TroyHunt.com
Law firm that handles data breaches was hit by data breach
TechCrunch reports: An international law firm that works with companies affected by security incidents has experienced its own cyberattack that exposed the sensitive health information of hundreds of thousands of data breach victims. San Francisco-based Orrick, Herrington & Sutcliffe said last week that hackers stole the personal information and sensitive health data of more than 637,000 […]
Attorney General James Reaches Agreement with Hudson Valley Health Care Provider to Invest $1.2 Million to Protect Patient Data After 2021 Data Breach
From the NYS Attorney General’s Office:
BakerHostetler: 2023 Data Security Incident Response Report
BakerHostetler law firm is well-known for data breach incident response. They write, “Three years ago we set a new industry standard by creating our Digital Assets and Data Management (DADM) practice group, which now has more than 100 attorneys and technologists. Every year we organize and publish our collective insights in this report. It is […]
The State of Ransomware in the U.S.: Report and Statistics 2023
Emsisoft reports: In 2023, the U.S. was once again battered by a barrage of financially-motivated ransomware attacks that denied Americans access to critical services, compromised their personal information, and probably killed some of them. In total, 2,207 U.S. hospitals, schools and governments were directly impacted by ransomware over the course of the year, with many […]
Cactus Ransomware Gang Hit the Swedish Retail and Grocery Provider Coop (1)
Security Affairs reports: The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden. Coop is one of the largest retail and grocery providers in Sweden, with approximately 800 stores across the country. The stores are co-owned by 3.5 million members in 29 consumer associations. All surplus that […]
Happy New Year 2024!
We wish you all a Happy and Healthy New Year for 2024. We fully expect to fail some of our personal goals like losing weight and exercise, but we are definitely looking forward to bringing you more news and then new resources for those who have experienced breaches. Stay tuned for some exciting developments in […]
How SolarWinds Responded to the 2020 SUNBURST Cyberattack
From the Harvard Business Review: In December of 2020, SolarWinds learned that they had fallen victim to hackers. Unknown actors had inserted malware called SUNBURST into a software update, potentially granting hackers access to thousands of its customers’ data, including government agencies across the globe and the US military. General Counsel Jason Bliss needed to […]