Feb 152019
 

Sir Julio reports:

A U.S.-based cybersecurity firm, Recorded Future, alleges to have identified a hacker allegedly responsible for exposing stolen data in a recent leak dubbed Collection #1.

Experts from Recorded Future’s threat intel team have claimed that the hacker goes by the pseudonym “C0rpz.”

According to the company, multiple individuals came out claiming to serve as the source of the breached data.

Read more on Dark Web News.

Feb 142019
 

Amsterdam, the Netherlands – September 29, 2018: Screenshot of GandCrab ransomware attack on a computer screen. Stock image credit: Dreamstime.

Catalin Cimpanu reports:

Hackers have used a two-year-old vulnerability in a software package used by remote IT support firms to gain a foothold on vulnerable networks and deploy the GandCrab ransomware on those companies’ customer workstations.

At least one company has been hit already, according to a report on Reddit, confirmed by cyber-security firm Huntress Labs.

The vulnerability used by the hackers impacts the Kaseya plugin for the ConnectWise Manage software, a professional services automation (PSA) product used by IT support firms.

Read more on ZDNet.

Feb 132019
 

HIPAA Journal reports:

Protenus has released its 2019 Breach Barometer report: An analysis of healthcare data breaches reported in 2018.

The data for the report came from Databreaches.net, which tracks data breaches reported in the media as well as breach notifications sent to the Department of Health and Human Services’ Office for Civil Rights and state attorneys general.

The report shows there was a small annual increase in the number of healthcare data breaches but a tripling of the number of healthcare records exposed in data breaches.

According to the report, there were 503 healthcare data breaches reported in 2018, up from 477 in 2017. 2017 was a relatively good year in terms of the number of healthcare records exposed – 5,579,438 – but the number rose to 15,085,302 exposed healthcare records in 2018.

Read more on HIPAA Journal.

You can request a copy of Protenus’s free report here.

Feb 132019
 

From Motherboard:

…. Although Google’s own hacker hunting team is focused more on protecting Google users than selling a particular threat intelligence product, the task is essentially much the same; find the bad guys, understand what they’re doing, and let others know so users can be safer online.

[…]

This week, CYBER host Ben Makuch talks to Shane Huntley, the Director of Google’s Threat Analysis Group (TAG). TAG is essentially Google’s hacker hunting team: they’re the ones tasked with monitoring Google networks for criminal and government hacking groups.

“We haven’t had a really big incident in a long time, in core Google, and there’s always that back of the mind of—is there some actor that’s going to come for us that I don’t know about?” Huntley says in this episode.

Listen to the podcast on Motherboard.

Feb 132019
 

Craig A. Newman writes:

Last month, the U.S. Securities and Exchange Commission charged nine defendants with hacking into the agency’s EDGAR system – the online platform used by public companies for making their public filings – and stealing material nonpublic information to use for illegal trading purposes.

While the charges are new, the insider trading scheme goes back years and underscores the challenges faced by U.S. law enforcement and regulatory authorities in pursuing foreign nationals who violate U.S. securities laws.

According to a 43-page complaint filed in federal court in New Jersey, a Ukrainian hacker and six individual traders based in the U.S., the Ukraine and Russia, made off with more than $4.1 million in illegal profits by hacking the EDGAR system and trading in front of market-moving news.

Read more on Data Security Law Blog.