May 30, 2024

I just heard some concerning news about incident response and forensic reports not being considered protected legal documents in Australia, Canada, and the US. This means these reports may now be subject to disclosure in court cases or to authorities upon request, posing significant implications for companies dealing with data breaches. There’s also a worrying trend of breached companies requesting incident response investigators to deliver their findings orally, in order to avoid leaving a paper trail for potential lawsuits.

Cyber attacks continue to be a major issue, with ransomware attacks targeting various companies and services, resulting in significant data breaches and financial impacts. Additionally, new APT groups like Moonstone Sleet have been discovered engaging in cyber-espionage, highlighting the ongoing threat of cyber attacks and the need for enhanced cybersecurity measures to protect against such malicious activities. Immediate attention and action are required to address these growing cybersecurity challenges.

I just heard about a new North Korean hacker group called Moonstone Sleet, also known as Storm-17, which has been targeting financial and cyberespionage targets using various tactics, including deploying a new custom FakePenny ransomware variant. Additionally, a notorious hacker named ShinyHunters claims to have stolen the personal data of 560 million TicketMaster customers globally, raising potential concerns about identity theft and financial fraud for affected customers.

There are also reports of a major US medical entity, American Clinical Solutions, LLC (ACS), being breached by the RansomHub group, resulting in the exfiltration of over 700GB of data, including the medical records of over 400,000 patients. With the ransomware group threatening to make the data public, this situation requires immediate attention to prevent the release of sensitive information. Additionally, the rise in disruptive digital attacks linked to Russian-backed groups in the European Union poses a serious threat to European infrastructure and requires proactive measures to mitigate the impact of these attacks.

Furthermore, the disclosure of a major data breach at First American Financial Corporation, impacting 44,000 individuals, underscores the ongoing vulnerability of sensitive personal and financial information. This breach, coupled with the company’s previous cybersecurity violations and penalties, raises concerns about the security practices in the financial and insurance sectors. Overall, the news highlights the urgent need for enhanced cybersecurity measures and international cooperation to address the growing threats posed by state-sponsored and criminal cyber actors.

Stay Well!