Bloomberg Law reports: Pilfered snapshots of patients baring their bodies ahead of life-saving cancer operations and plastic surgeries are unexpectedly landing in the vast landscape of the public internet after cyberattacks, as hackers seek new ways to turn a profit. Campaigns to extort victims during ransomware attacks against health-care providers are evolving, according to lawsuits […]
The Herald Sun reports: Medibank has thanked the Albanese government for pursuing the Russian hacker behind Australia’s worst cyber attack, although a leading IT security expert warns it is unlikely to deter further data breaches. The government named Russian man Aleksandr Ermakov as the perpetrator of the October 2022 Medibank data breach, imposing new sanctions on the […]
Ars Technica reports: Read more at Ars Technica.
Bleeping Computer reports: Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. The cybersecurity agency added the flaws to its Known Exploited Vulnerabilities Catalog today, saying that such vulnerabilities are “frequent attack […]
Troy Hunt of HaveIBeenPwned writes: Read more at TroyHunt.com
TechCrunch reports: An international law firm that works with companies affected by security incidents has experienced its own cyberattack that exposed the sensitive health information of hundreds of thousands of data breach victims. San Francisco-based Orrick, Herrington & Sutcliffe said last week that hackers stole the personal information and sensitive health data of more than 637,000 […]
From the NYS Attorney General’s Office:
BakerHostetler law firm is well-known for data breach incident response. They write, “Three years ago we set a new industry standard by creating our Digital Assets and Data Management (DADM) practice group, which now has more than 100 attorneys and technologists. Every year we organize and publish our collective insights in this report. It is […]
Emsisoft reports: In 2023, the U.S. was once again battered by a barrage of financially-motivated ransomware attacks that denied Americans access to critical services, compromised their personal information, and probably killed some of them. In total, 2,207 U.S. hospitals, schools and governments were directly impacted by ransomware over the course of the year, with many […]
How SolarWinds Responded to the 2020 SUNBURST Cyberattack
From the Harvard Business Review: In December of 2020, SolarWinds learned that they had fallen victim to hackers. Unknown actors had inserted malware called SUNBURST into a software update, potentially granting hackers access to thousands of its customers’ data, including government agencies across the globe and the US military. General Counsel Jason Bliss needed to […]