CISA Must Update Critical Infrastructure Protection Plans

Scott Ferguson • September 20, 2021

CISA must update its plans to improve the security - both physical and cyber - within the nation's critical infrastructure, according to a report that specifically looked at issues related to the country's dams and levees. Attacks targeting critical infrastructure have raised the issue.

Critical Infrastructure Security

Massachusetts Attorney General Probing T-Mobile Breach

Latest

Critical Infrastructure Security

Ransomware Reportedly Hits Iowa Farm Services Cooperative

Scott Ferguson , Doug Olenick • September 20, 2021

NEW Cooperative, an Iowa-based farm services cooperative, has reportedly been targeted by the BlackMatter ransomware gang, demanding a $5.9 million payment from the organization, according to security researchers and published reports. The cooperative is working with law enforcement.

Breach Notification

Post-Attack, Health Agency Notifying 'All Alaskans'

Marianne Kolbasuk McGee • September 20, 2021

Alaska's Department of Health and Social Services says it is notifying "all Alaskans" that their personal and protected health information may have been compromised in a nation-state-sponsored cyberattack that was detected in May, from which the department is still recovering.

3rd Party Risk Management

Web Hoster Epik's Breach Exposes 15 Million Email Addresses

Mathew J. Schwartz • September 20, 2021

More than 15 million email addresses and individuals' personal details have been leaked by Anonymous in reprisal for Texas' new law restricting abortion. The leaked information allegedly comes from Epik, which has hosted far-right websites, including for the Republican Party of Texas.

Electronic Healthcare Records

HHS OCR's Latest HIPAA Enforcement Action

Marianne Kolbasuk McGee • September 17, 2021

While the wait continues for the Biden administration to name a new leader for the Department of Health and Human Services' Office for Civil Rights, the HIPAA enforcement agency recently issued its 20th settlement to date in a case involving a patient "right of access" dispute.

Cybercrime

Fraudster Gets 12-Year Sentence for AT&T 'Unlocking' Scheme

Dan Gunderman • September 17, 2021

A dual citizen of Pakistan and Grenada has been sentenced to 12 years in prison for orchestrating a seven-year scheme that unlawfully unlocked nearly 2 million AT&T smartphones, which the carrier says amounted to $200 million in subscriber losses, according to the U.S. DOJ.

Critical Infrastructure Security

Good News: REvil Ransomware Victims Get Free Decryptor

Mathew J. Schwartz • September 17, 2021

Score one for the good guys in the fight against ransomware: Anyone who fell victim to REvil, aka Sodinokibi, crypto-locking malware before July 13 can now decrypt their files for free, thanks to a decryptor released by security firm Bitdefender.

Blockchain & Cryptocurrency

OCC's Hsu Addresses Need for Cryptocurrency Oversight

Dan Gunderman • September 17, 2021

Amid growing calls for cryptocurrency regulations, the U.S. acting comptroller of the currency has made a definitive statement on safeguarding investors and how cryptocurrency should intersect with traditional financial institutions.

Business Continuity Management / Disaster Recovery

Is White House Crackdown on Ransomware Having Any Effect?

Mathew J. Schwartz • September 17, 2021

The latest edition of the ISMG Security Report features an analysis of the state of the Biden administration's efforts to disrupt ransomware attackers, as well as how a newly patched Apple iMessage flaw was being targeted by Pegasus spyware to effect zero-click exploits.

Business Continuity Management / Disaster Recovery

Is Grief's Threat to Wipe Decryption Key Believable?

Doug Olenick • September 16, 2021

Regarding the recent tactical innovation by the Grief ransomware gang that is threatening to wipe a victim's data and decryption key if the victim engages a ransom negotiator, analysts are calling this a desperate ploy to scare a target into paying the ransom demand.

Breach Notification

FTC: Health App, Device Makers Must Report Breaches

Marianne Kolbasuk McGee • September 16, 2021

The FTC warns makers of personal health records, mobile health apps, fitness devices and a variety of similar products and services that they will face stiff civil monetary penalties for failure to comply with the commission's 12-year-old - but never-yet enforced - Health Breach Notification Rule.

CISO Trainings

Profiles in Leadership: Tim Nedyalkov, Commonwealth Bank

Jeremy Kirk • September 16, 2021

Cloud-based services are affecting governance, risk management and compliance practices in Australia, says Tim Nedyalkov, who is a technology information security officer with Commonwealth Bank. He discusses the differences between how managers and practitioners approach the problems.

Blockchain & Cryptocurrency

New York Court Shuts Down Crypto Platform 'Coinseed'

Dan Gunderman • September 15, 2021

New York officials won a court order shuttering cryptocurrency trading platform Coinseed, after it allegedly defrauded thousands of investors out of millions of dollars, according to State Attorney General Letitia James. The court also awarded a $3 million judgment against Coinseed and its CEO.