Now Available!
Join Us On LinkedIn
Join the Cybersecurity and Incident Response Group on LinkedInRansomware Group Turns to Facebook Ads — Krebs on Security
It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. Source: Ransomware Group Turns to Facebook Ads — Krebs on […]
Cyber Consulting Firms Get Tied Up in Post-Breach Lawsuits
Cybersecurity consultants could be on the hook for data breaches at companies they contract with after two recent court rulings in consumer class actions. Accenture Plc’s U.S. unit in October failed to escape claims made against the consultant in a consumer lawsuit over a hack of Marriott International Inc.’s hotel reservations database. The decision came […]
Fragomen, a law firm used by Google, confirms data breach | TechCrunch
Immigration law firm Fragomen, Del Rey, Bernsen & Loewy has confirmed a data breach involving the personal information of current and former Google employees. The New York-based law firm provides companies with employment verification screening services to determine if employees are eligible and authorized to work in the United States. via Fragomen, a law firm […]
Judge Signs Off on $7.75m Equifax Settlement – Infosecurity Magazine
Chief Judge Thomas Thrash of the Northern District of Georgia gave final approval to the $7.75m settlement yesterday during a hearing held via Zoom. Legal fees of $2m were included in the resolution. As part of the agreement, Equifax has committed to investing an additional $25m to enhance data security measures tailored to financial institutions. The investment is […]
Anthem to pay nearly $40 million to settle data breach probe by U.S. states | Reuters
Anthem Inc said on Wednesday it would pay $39.5 million as part of a settlement with U.S. states attorneys general following an investigation into a massive cyber-attack at the company in 2015. The second largest U.S. health insurer said a state sponsored criminal group had perpetrated the attack, adding that it does not believe the […]
What’s it really like to negotiate with ransomware gangs? – The Red Tape Chronicles
It can sound strange, but during a recent lecture at Duke University, Ehuan said there were “good” cybercriminals — gangs that have a reputation for keeping those promises. After all, it’s their business. If they were to take the Bitcoin and run, security firms would stop making payments. On the other hand, you can’t trust […]
D&O coverage issues arising from increased cyberattacks, shareholder lawsuits | PropertyCasualty360
As cybersecurity incidents and data breaches become increasingly common, D&O insurers need to be aware of the recent trend of securities and shareholder derivative lawsuits brought against public companies and their directors and officers for failing to implement adequate protections against cyber-related risks, and/or to engage in a sufficient oversight of such protections. While some […]
It’s never the data breach — it’s always the cover-up | ZDNet
WHAT SHOULD CISOS TAKE AWAY FROM THE CHARGES? Here’s what senior security leaders should know and understand about these events: This is a warning to CSOs and CISOs: Remove all sense of impropriety in IR. Concealing a data breach is illegal. Every decision made during an incident might be used in litigation and will be […]
Uber’s former security chief charged for allegedly concealing data breach – CNN
Uber’s former chief security officer has been charged with trying to conceal from federal investigators a 2016 data breach that exposed the information of 57 million users to hackers. A complaint filed Thursday in the US District Court in San Francisco alleges that Joe Sullivan, who led Uber’s security team for more than two years […]
University reports data breach with third-party provider – The DePaulia
The Office of Advancement announced a data breach involving third-party service provider Blackbaud in a statement sent out to members of the DePaul community Thursday. The company suffered from a “ransomware attack” in which backup files containing personal information from various institutions across the United States, Canada and the United Kingdom were obtained. According to […]
Over Half of Indian Companies in India Faced Data Breach Since Implementing Remote Working: Report
Nearly 66 per cent of Indian organisations have had at least one data breach or cybersecurity incident since shifting to a remote working model during the pandemic, a survey by Barracuda Networks said on Thursday. The findings indicated employees in 67 per cent of organisations experienced an increase in email phishing attacks. via Over Half […]
CCPA Regulations Take Effect, Six Weeks After CCPA Enforcement Begins | Steptoe & Johnson LLP
On Friday, August 14, 2020, California Attorney General Xavier Becerra announced that the regulations implementing the California Consumer Privacy Act (CCPA) have been approved by the California Office of Administrative Law (OAL) and are effective immediately. The attorney general had already begun enforcing the CCPA itself on July 1. But now that the regulations have […]
Congressman Barr introduces NIST COVID-19 Cybersecurity Act | 2020-08-13 | Security Magazine
Congressman Andy Barr (KY-06) introduced the NIST COVID-19 Cyber-Security Act, which instructs the Director of the National Institute of Standards and Technology (NIST) to produce standards for mitigating and protecting against cyberattacks to American universities researching COVID-19. “Congress must act to safeguard critical scientific Coronavirus research being conducted at universities nationwide,” said Congressman Barr. “My bill would […]
Capital One will pay $80 million over hack. – The New York Times
Capital One has agreed to pay $80 million to settle federal bank regulators’ claims that it lacked proper cybersecurity protocols, more than a year after a Seattle-based software engineer hacked into a cloud server and stole customers’ social security numbers, bank account information and credit card applications, regulators said Thursday. via Capital One will pay […]
Garmin is the latest big name taken out by ransomware
Having a well-developed cybersecurity system is important for young companies, says John Reed Stark, a former SEC internet enforcement chief. “If your goal is to someday be bought or to someday to grow or go public,” he says, “you want to surround yourself with sophisticated people early on when it comes to your biggest problems. […]