News

DOJ Seizes 13 Criminal Websites

The United States DOJ announced last month that they have seized 13 domains associated with DDoS-for-hire services per court order.

A DDoS-for-hire is a service or platform that allows individuals to launch Distributed Denial of Service (DDoS) attacks on target websites or online services in exchange for a fee.

US Department of Transportation Suffers Data Breach

A breach of the US Department of Transportation's TRANServe program, which offers transportation-related benefits and services to help federal employees commute to and from work, has impacted 114,000 current and 123,000 former federal employees.

According to Reuters, the USDOT found that the breach was isolated to "certain systems at the department used for administrative functions" such as benefits processing.

Major Massachusetts Healthcare Provider Suffers Ransomware Incident

The parent of Harvard Pilgrim Health Care and Tufts Health Plan, Point32Health, suffered a major cybersecurity breach and ransomware event in April, according to new information released by the corporation.

According to a statement released by Point32Health, "The investigation identified signs that data was copied and taken from Harvard Pilgrim systems between March 28, 2023, and April 17, 2023. Harvard Pilgrim is taking this incident extremely seriously and deeply regrets any inconvenience this incident may cause.

Ransomware Attacks in March 2023 Broke Records

According to NCC Group, an international cyber and software resilience business, March 2023 broke the record for the number of ransomware attacks, with 459 attacks measured. This is a 62% jump from numbers reported in March 2022. Even more concerning is that this is a 91% increase from February 2023.

The Common Vulnerability Exploit CVV-2023-0669 was the main culprit for the skyrocketing number of attacks.

American Bar Association Victim to Large Data Breach

The American Bar Association suffered a data breach affecting 1.5 million lawyers who use their website, according to Reuters. On Thursday, April 20, the ABA posted on their website and in an e-mail to members that the breach exposed usernames and passwords that had been used to log in to the site they had used prior to 2018, as well as their current Career Center site.

White House seeks to shift cybersecurity blame from End Users to Big Tech

In Early March, the Biden Administration released their "National Cybersecurity Strategy," a roadmap for "a safe and secure digital ecosystem for all Americans," which "reimagines cyberspace as a tool to achieve our goals in a way that reflects our values: economic security and prosperity; respect for human rights and fundamental freedoms; trust in our democracy and democratic institutions; and an equitable and diverse society.

Vendors Need to Be Vigilant, FBI Says

The Federal Bureau of Investigation on March 24 sent out a special bulletin warning companies of criminals spoofing US-based companies who make large vendor purchases. This type of attack, Business Email Compromise (BEC), happens when you or someone within your organization received an e-mail that is spoofing either your company, or a company that you often deal with.

Nantucket Cancels School Due to Ransomware, Urges Students Not to Use School-issued Devices at Home

Nantucket Public Schools fell victim to a ransomware attack at the end of January, which forced the early dismissal and subsequent cancellation of the next school day at their four public schools.

"Earlier this morning, we discovered that Nantucket Public Schools computer systems were compromised by Ransomware," wrote Superintendent Elizabeth Hallett in a statement to the community.