jgreig

jgreig, 12 days ago to random

Analygence is the company NIST has chosen to help deal with the backlog of vulnerabilities at the NVD

When asked about the cost implications, NIST said they have “relied on a combination of contract and full-time staff to support NVD for years.”

https://therecord.media/nist-nvd-backlog-contractor-analygence

jgreig, 12 days ago to random

Senator Wyden said UnitedHealth's CEO and board should face fines/charges for their handling of the Feb ransomware attack

The company's CISO had never worked in a full time cybersecurity role before he was elevated to the job in June 2023

https://therecord.media/unitedhealth-ciso-wyden-letter-sec-ftc

GossiTheDog, 21 days ago to random

For those who aren’t aware, Microsoft have decided to bake essentially an infostealer into base Windows OS and enable by default.

From the Microsoft FAQ: “Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers."

Info is stored locally - but rather than something like Redline stealing your local browser password vault, now they can just steal the last 3 months of everything you’ve typed and viewed in one database.

video/mp4

jgreig, 22 days ago to random

OpenSSF is creating an email list called Siren that aims to spread threat intelligence and security information related to open source projects

The org was prompted to create the list after the log4j, XZ Utils and OpenJS cybersecurity issues #OpenSSF

https://therecord.media/openssf-siren-open-source-threat-intelligence-mailing-list

jgreig, 1 month ago to random

Anne Neuberger said federal resources are being coordinated to help Ascension health network with a ransomware attack that is causing ambulance diversions and disruptions to care across the US

Ascension runs hundreds of hospitals and senior facilities

https://therecord.media/federal-agencies-helping-ascension-fbi-hhs

jgreig, 1 month ago to random

Cloud storage company #Dropbox reported that a hacker breached company systems on April 24 and gained access to sensitive information like passwords and more.

https://therecord.media/dropbox-data-breach-notification

jgreig, 1 month ago to random

The Play ransomware gang took credit for the attack on the New York State Drafting Commission that held up the signing of the latest state budget

https://therecord.media/new-york-state-budget-delayed-cyberattack

jgreig, 1 month ago to random

The D.C. Department of Insurance, Securities and Banking #DISB said recent #LockBit data theft claims were related to an attack on third-party software provider Tyler Technologies

https://therecord.media/dc-city-agency-ransomware-attack-lockbit

jgreig, 1 month ago to random

New York's governor said a cyberattack on the New York State Bill Drafting Commission was holding up passage of the state's budget

Hochul said they "have to go back to the more antiquated system we had in place from 1994."

https://therecord.media/new-york-state-budget-delayed-cyberattack

jgreig, 1 month ago to random

The United Nations Development Programme told me that a locally hosted server was targeted by a ransomware gang and personal info of past and current personnel and procurement information relating to suppliers and other contractors was stolen

#8Base took credit for the attack two weeks ago

https://therecord.media/un-agency-data-stolen-ransomware-attack

jgreig, 1 month ago to random

Volexity has released a ton of new insights about CVE-2024-3400 -- which they say is likely being exploited by state-backed actors

https://therecord.media/vpn-zero-day-palo-alto-networks

jgreig, 2 months ago to microsoft

CISA is warning that Russian state hackers have accessed emails from U.S. federal civilian agencies after breaching the email accounts of senior #Microsoft execs in January

https://therecord.media/cisa-microsoft-breach-emergency-directive

jgreig, 2 months ago to random

St. Cloud is the latest Florida city hit with ransomware this year

Pensacola and Jacksonville Beach have both had incidents over the last three months.

https://therecord.media/st-cloud-hit-with-ransomware-florida-string

jgreig, 3 months ago to random

SCOOP: Unidentified hackers breached CISA's systems last month through Ivanti vulnerabilities, forcing the agency to take its IP Gateway and Chemical Security Assessment Tool (CSAT) offline

The agency wouldn't say who was behind the attack or if data was stolen.

https://therecord.media/cisa-takes-two-systems-offline-following-ivanti-compromise

jgreig, 3 months ago to random

The Treasury Department announced sanctions against Intellexa founder Tal Jonathan Dilian and Sara Aleksandra Fayssal Hamou as well as five entities tied to the Predator spyware operation

#Intellexa #Predator

https://therecord.media/predator-spyware-makers-sanctioned-for-targeting-government-officials

jgreig, 4 months ago to random

One of the largest unions in California confirmed this week that it is dealing with network disruptions due to a cyber incident following claims of an attack last month by LockBit

#LockBit #SEIU1000

https://therecord.media/california-union-lockbit-attack-ransomware

jgreig, 4 months ago to iran

The US sanctioned six IRGC officials for the run of attacks on water utilities in November and December

#Iran

https://therecord.media/sanctions-iran-hackers-us-water-utilities-attacks

jgreig, 4 months ago to chicago

Tough week for Chicago hospitals.

Lurie Children's Hospital had to take its network offline due to a cyberattack. This is the second hospital to announce a cyberattack this week after Saint Anthony Hospital.

#Chicago

https://therecord.media/lurie-childrens-hospital-chicago-cyberattack

jgreig, 4 months ago to random

@CISACyber essentially ordered all federal civilian agencies to disconnect Ivanti Connect Secure and Policy Secure products by Friday

#Ivanti

https://therecord.media/federal-civilian-agencies-ordered-to-disconnect-at-risk-ivanti-products-cisa

jgreig, 4 months ago to Russia

Hackers with ties to the Russian government gained access to Hewlett Packard Enterprise’s cloud-based email environment, the company said in SEC filings on Wednesday

#Hewlett #HPE #CozyBear #russia

https://therecord.media/hpe-tells-sec-breached-by-cozy-bear

jgreig, 5 months ago to random

LoanCare, a subsidiary of title insurance giant Fidelity National Financial, reported a data breach to state regulators this week after a cyberattack in November

#LoanCare #Fidelity

https://therecord.media/fidelity-national-financial-subsidiary-breach-disclosure

jgreig, 6 months ago to Futurology

CISA said the agency is working to identify water utility operators using devices from Israeli company Unitronics and notifying those organizations if they are at risk of cyberattack

#water #Unitronics #CISA

https://therecord.media/cisa-water-utilities-outreach-unitronics-plcs

jgreig, 6 months ago to random

CISA is offering “cutting-edge cybersecurity shared services” to critical infrastructure organizations that need it most

#CISA

https://therecord.media/cisa-launches-pilot-program-offering-services-to-critical-infrastructure

jgreig, 6 months ago to SEC

The chairman of the House subcommittee on cybersecurity @RepGarbarino has proposed legislation that would overturn a controversial SEC rule set to come into effect next month mandating that companies disclose cybersecurity incidents

#SEC

https://therecord.media/rep-andrew-garbarino-legislation-to-overturn-sec-cyber-disclosure-rules

jgreig, 7 months ago to random

US Radiology is paying a $450,000 fine in an agreement with New York State's Attorney General after a 2021 ransomware attack caused in part by the company's failure to address a SonicWall vulnerability

#USradiology #NewYork #SonicWall

https://therecord.media/new-york-attorney-general-fines-radiology-firm-after-ransomware-attack