Security Leftovers
-
New York State ☛ NYS announces $8 Million Penalty Against Genesis Global Trading, Inc. After DFS Investigation Finds Significant Failings in Anti-Money Laundering and Cybersecurity Programs
New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris today announced that Genesis Global Trading, Inc. (“Genesis Global Trading”) will pay an $8 million penalty to New York State for compliance failures that violated DFS’s virtual currency and cybersecurity regulations and left the company vulnerable to illicit activity and cybersecurity threats. Under Superintendent Harris, the Department has imposed its first penalties against virtual currency companies, to date levying more than $140 million to hold companies accountable.
-
Data Breaches ☛ Family Healthcare notifying patients of November 2022 breach at Brady Martz & Associates
If abnormal activity was “promptly detected” on November 19, 2022 why did it take Brady Martz until August 2023 to recognize that personal and protected health information was involved and until September 2023 to disclose the breach? And why did it take until January 2024 for Family Healthcare to alert its patients? Were they notified by Brady Martz in September or were they only notified later? Their submission to HHS has yet to be posted on HHS’s public breach tool.
-
Pharma Giant Alkem Laboratories Faces Security Breach, Rs 52 Crores at Stake
Pharmaceutical giant Alkem Laboratories confirmed Friday that a cybersecurity incident led to a fraudulent transfer of Rs 52 crore from one of its subsidiaries. While the company maintained the impact was minimal and confined to a specific incident, the disclosure raises concerns about vulnerabilities in India’s pharmaceutical sector to cyberattacks.
Without revealing the exact nature of the security breach, Alkem stated that fraudulent actors compromised the business email IDs of some employees at its subsidiary. Though the amount stolen wouldn’t trigger mandatory reporting thresholds as per company policy, the Board of Directors chose transparency, disclosing the incident to the stock exchanges.
-
Information Security Media Group, Corporation ☛ Fertility Test Lab Will Pay $1.25M to Settle Breach Lawsuit
A Massachusetts federal court preliminarily approved the proposed settlement on Wednesday. The proposed class action litigation, which consolidated two similar lawsuits against Marlborough, Massachusetts-based ReproSource Fertility Diagnostics, had alleged negligence, violations of Massachusetts data breach reporting and other state laws, and an array of other claims involving the data security incident.
The lawsuit sought punitive and other financial damages as well as n injunctive order for the fertility testing laboratory to improve its data security practices.
Besides a settlement fund of $1.25 million for payments to class members and plaintiffs, the agreement calls for ReproSource to implement a long list of data security improvements. One is that the company, at its own expense, will strengthen its monitoring and detection tools as safeguards against ransomware and other cyberthreats.
-
Computer Weekly ☛ Babuk Tortilla ransomware decryptor made available
Cyber security experts at Cisco Talos and Avast, working alongside law enforcement in the Netherlands, have collaborated to make available a decryptor for the Tortilla variant of the infamous Babuk ransomware, allowing victims compromised by the gang dating back to 2021 to recover their files.
[...]
The locker itself can be compiled for several different hardware and software platforms, with the most commonly observed versions targeting Microsoft Windows and ARM for Linux.