NIST Requests Comments on Potential Significant Updates to the Cybersecurity Framework

Micaela McMurrough, Ashden Fein, Caleb Skeath, and Matthew Harden of Covington and Burling write: On January 19, 2023, the National Institute of Standards and Technology (“NIST”) published a Concept Paper setting out “Potential Significant Updates to the Cybersecurity Framework.”  Originally released in 2014, the NIST Cybersecurity Framework (“CSF” or “Framework”) is a framework designed to assist organizations...

Australian man given two-year jail sentence for $69K phishing scams

Eileen Yu reports: An Australian man has been sentenced to jail for more than two years over an SMS phishing scam, during which he stole AU$100,000 ($69,751) and targeted 450 victims. The Sydney Local Court found the man guilty of various cybercrime offences, including obtaining and supplying data with intent to commit a computer...

Court records were lost in debilitating Vanuatu cyber attack

There’s another update to the crippling ransomware attack the archipelago of Vanuatu suffered months ago. RNZ reports: The Vanuatu Chief Justice has confirmed that court records were lost in the ransomware attack on government agency computer systems late last year. Vincent Lunabek said the courts were able to save some offline data concerning the...

Riot Games hack: Source codes of League of Legends and TFT stolen by hackers in latest cyber attack; source code allegedly up for auction

IANS reports: Riot Games was a victim of a recent cyber attack over the weekend. After an analysis of the attack, Riot Games has revealed that the source code for its popular video games League of Legends and TFT (Teamfight Tactics) were stolen in the recent cyber attack. In addition, the source code of a legacy anti-cheat platform was also...

LastPass owner GoTo says hackers stole customers’ backups

Carly Page reports: LastPass’ parent company GoTo — formerly LogMeIn — has confirmed that cybercriminals stole customers’ encrypted backups during a recent breach of its systems. The breach was first confirmed by LastPass on November 30. At the time, LastPass chief executive Karim Toubba said an “unauthorized party” had gained access to some customers’ information stored in a...

Data Breach Reporting Requirements: A Proposed Rule by the Federal Communications Commission on 01/23/2023

This document has a comment period that ends in 29 days. (02/22/2023) AGENCY: Federal Communications Commission. ACTION: Proposed rule. SUMMARY: In this document, the Federal Communications Commission (Commission) begins the process to update and strengthen its data breach rule to provide greater protections to the public. We propose to expand the Commission’s definition of...

Ticketmaster says cyberattack disrupted Taylor Swift ticket sales

Josh Sisco and Maggie Miller report: Ticketmaster was hit by a cyberattack in November that led to the problems with ticket sales for Taylor Swift’s upcoming U.S. tour, the president of its parent company plans to tell a congressional committee Tuesday. A massive influx of traffic on the Ticketmaster website caused the slowdown in...

North Korea-linked hackers behind $100 million crypto heist, FBI says

Arjun Kharpal reports: North Korean-linked actors were behind the theft of $100 million through the hack of a crypto product last year, the Federal Bureau of Investigation said. The FBI said it was “able to confirm” that Lazarus Group and APT38, two hacking groups linked to Pyongyang, were responsible for the attack on the so-called...