Let us take time this week to thank current members of the military and all veterans for their service in protecting our country and democracy. As the daughter of a veteran, I am profoundly grateful to all of our service members who put their lives and families at risk every day, and those that forged
threat actors
Privacy Tip #378 – Bad Actors Selling Data of 23andMe Users of Ashkenazi Jewish and Chinese Descent
We previously reported on the unfortunate data breach suffered by 23andMe last month and its implications. We never imagined how horrible it could be.
According to an October 6, 2023, posting by Wired earlier that week, hackers involved with the 23andMe breach posted “an initial data sample on the platform BreachForums…claiming that it contained 1…
Resilience Midyear 2023 Claims Report: Ransomware Cybercriminals Shift Tactics
Resilience issued its Midyear 2023 Claims Report, which is well worth the read.
In addition to commenting on the impact of the MOVEit incident, some of the key findings include:
Urgent Joint Cybersecurity Advisory on Atlassian Vulnerability Issued
The Cybersecurity & Infrastructure Security Agency (CISA), FBI, and MS-ISAC recently released an urgent Joint Advisory on the Atlassian Confluence Vulnerability CVE-2023-22515.
According to the Alert, “this critical vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious threat actors to obtain initial access to Confluence instances by creating unauthorized Confluence administrator…
HC3 Warns Healthcare Organizations of NoEscape Ransomware
On October 12, 2023, the Health Sector Cybersecurity Coordination Center (HC3) issued an Alert to the healthcare industry about a “new threat actor and ransomware,” NoEscape, which is threatening health care organizations.
According to the Alert, the cybercriminals behind NoEscape “have constructed their malware and its associated infrastructure entirely from scratch.” Offering Ransomware-as-a-Service, they…
23andMe Confirms Threat Actors Accessed Accounts Without Authorization
We have published blog posts before on sharing genetic information and the risk associated with the disclosure of such sensitive information.
Unfortunately, our concerns have been realized. On Monday, October 9, 2023, 23andMe confirmed that its investigation into a data security incident involving customer profile information shared through its DNA Relatives feature “was compiled from…
High Alert: China Linked BlackTech Hides in Router Firmware
Not only is the People’s Republic of China (PRC) a threat with its use of TikTok, but it also supports threat actors that have for years attacked U.S. based companies as well as the governments of the U.S. and Japan. According to a Joint Advisory published on September 27, 2023, by the National Security Agency…
Joint Advisory Warns of Snatch Ransomware
The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of compromise and observed tactics, techniques, and procedures of Snatch so organizations can identify, mitigate, and respond to an attack using the Snatch ransomware variant.
Snatch has been hitting the Defense Industrial Base (DIB)…
Privacy Tip #371 – Internet Safety Guide for Seniors
I was talking to a client today about a security incident and the discussion turned to how threat actors are using increasingly more sophisticated ways to attack individuals and companies. She lamented that we know more than the average individual about how they implement attacks, but she worries about her mother, who is frequently online.
CISA Urges Secure by Design for AI Tools
CISA released a blog post last week reminding software designers that artificial intelligence (AI) tools are software and that they “must consider the security of the customers as a core business requirement, not just a technical feature, and prioritize security throughout the whole lifecycle of the product, from inception of the idea to planning for…