Commentaries and Analyses

VA sending letter to 1,501 Montana vets about business associate ransomware incident

The Great Falls Tribune reports: The U.S. Department of Veterans Affairs Veterans Health Administration on Thursday announced actions taken to protect veterans’ personal information following a recent privacy breach involving files from the Montana VA Health Care System. Officials said they were notified June 4, by former contractor Benefits Recovery Specialists Inc. of “a...

Inside REvil Extortionist “Machine”: Predictive Insights

A new paper by AdvIntel is out, and it looks at the psychology of REvil, something that it obviously of great interest to me: We have investigated REvil’s discourse and behavior by applying the methodologies and concepts of criminal psychology to identify the group’s unique characteristics revealed by their recent involvement in large, ethically...

No-Log VPNs Exposed Users’ Logs and Personal Details for All to See

Ugh.  vpnMentor reports: A group of free VPN (virtual private network) apps left their server completely open and accessible, exposing private user data for anyone to see. …..  Each of these VPNs claims that their services are “no-log” VPNs, which means that they don’t record any user activity on their respective apps. However, we found...

Citrix denies dark web claim of network compromise and ransomware attack

Simon Sharwood reports: Citrix has taken the unusual step of rebutting dark web discourse that alleges its networks have been compromised. A Wednesday post penned by CISO Fermin J. Serna says the company is aware of “threat intelligence report circulated concerning claims made on the dark web by a threat actor alleging compromise of the Citrix...