The United States DOJ announced last month that they have seized 13 domains associated with DDoS-for-hire services per court order.
A DDoS-for-hire is a service or platform that allows individuals to launch Distributed Denial of Service (DDoS) attacks on target websites or online services in exchange for a fee.
A breach of the US Department of Transportation's TRANServe program, which offers transportation-related benefits and services to help federal employees commute to and from work, has impacted 114,000 current and 123,000 former federal employees.
According to Reuters, the USDOT found that the breach was isolated to "certain systems at the department used for administrative functions" such as benefits processing.
The parent of Harvard Pilgrim Health Care and Tufts Health Plan, Point32Health, suffered a major cybersecurity breach and ransomware event in April, according to new information released by the corporation.
According to a statement released by Point32Health, "The investigation identified signs that data was copied and taken from Harvard Pilgrim systems between March 28, 2023, and April 17, 2023. Harvard Pilgrim is taking this incident extremely seriously and deeply regrets any inconvenience this incident may cause.
This piece was first published in Direct iT President and CEO David Javaheri's newsletter, the Good, The Bad, and the Ugly.
On May 1st, I spoke to over 100 attorneys at the 2023 Real Estate Bar Association Spring Conference in a joint presentation with FBI Special Agent Vivian Barrios.
According to NCC Group, an international cyber and software resilience business, March 2023 broke the record for the number of ransomware attacks, with 459 attacks measured. This is a 62% jump from numbers reported in March 2022. Even more concerning is that this is a 91% increase from February 2023.
The Common Vulnerability Exploit CVV-2023-0669 was the main culprit for the skyrocketing number of attacks.
The American Bar Association suffered a data breach affecting 1.5 million lawyers who use their website, according to Reuters. On Thursday, April 20, the ABA posted on their website and in an e-mail to members that the breach exposed usernames and passwords that had been used to log in to the site they had used prior to 2018, as well as their current Career Center site.
In Early March, the Biden Administration released their "National Cybersecurity Strategy," a roadmap for "a safe and secure digital ecosystem for all Americans," which "reimagines cyberspace as a tool to achieve our goals in a way that reflects our values: economic security and prosperity; respect for human rights and fundamental freedoms; trust in our democracy and democratic institutions; and an equitable and diverse society.
An ongoing phishing campaign has been arriving in victims' inboxes posing as Internal Revenue Service (IRS) containing Microsoft OneNote files that are supposedly W-9 tax forms. Once opened, a hidden script allows for malware known as Emotet to self-install itself on your system and spread.
The Federal Bureau of Investigation on March 24 sent out a special bulletin warning companies of criminals spoofing US-based companies who make large vendor purchases. This type of attack, Business Email Compromise (BEC), happens when you or someone within your organization received an e-mail that is spoofing either your company, or a company that you often deal with.
Nantucket Public Schools fell victim to a ransomware attack at the end of January, which forced the early dismissal and subsequent cancellation of the next school day at their four public schools.
"Earlier this morning, we discovered that Nantucket Public Schools computer systems were compromised by Ransomware," wrote Superintendent Elizabeth Hallett in a statement to the community.