![]() ![]() Meta's fined in Australia: Australia's Federal Court has ordered Meta to pay a fine of AUD$20 million (USD$13.5 million). Spear-phishing links were successful only 33% of the time, according to CISA's yearly risk and vulnerability assessment report. This includes credentials for admin accounts, VPN servers, and other crucial systems. ĬISA report: CISA says that half (54%) of the security incidents that impacted government agencies and critical infrastructure organizations in 2022 have been traced back to attackers using valid credentials to access the victim's network. Ambulances are still servicing patients, but staff doesn't have access to patient records in real-time in cases of emergency. The two ambulance services serve more than 12 million people across South England. Ortivus cyberattack: A cyberattack on Swedish IT provider Ortivus has left at least two UK ambulance services without access to MobiMed ePR, the company's electronic patient records platform. Since the attack, the company says users can't access cloud-stored readings but that devices are working as intended. ĪlphaPo hack: Blockchain sleuth ZachXBT has linked the AlphaPo $60 million cyber heist to North Korea's Lazarus Group.ĬardioComm incident: Healthcare IT service provider CardioComm says that a cyberattack has taken down some of its services, including some servers that support the company's handheld electrocardiogram monitoring devices. SiegedSec claimed the leak had nothing to do with the war in Russia and Ukraine. The files appear to have been obtained through the NATO Community of Interest Cooperation Portal, a web portal for exchanging unclassified information. NATO investigates breach: NATO is investigating a possible security breach after a hacktivist group named SiegedSec posted a batch of NATO documents on its official Telegram channel this week. If you want to keep an eye on new disclosures, set a CapEdge email alert for a query like this in your account. Pro-tip: If you're an SEC EDGAR lurker like me, the new breaches will have to be filed via 8-K forms. Foreign companies get 90 days, while smaller reporting companies get 180 days. The new rules will enter into effect for US companies 30 days after they're published in the official Federal Register. ![]() In addition to the disclosure rules, companies will also be required to disclose to the SEC in a yearly filing how they manage cybersecurity risks and what cybersecurity expertise their boards and managers have.Īn IANS study published in June found 90% of public companies lacked even one qualified cyber expert on their board. This was more than obvious when the SEC delayed announcing the new rules last month, citing more work needed on the language. The four-day disclosure is also double the 48 hours the SEC initially proposed in a draft of the regulation it put out for public comment back in March, suggesting it received some serious pushback from companies and industry groups on the short deadline it initially proposed. Publicly traded companies previously had to disclose security breaches to the SEC, per 20 guidance, so this doesn't change much, but no strict timeline was previously enforced. The rules also allow for some incidents to be delayed if a breach is considered to have an impact on public safety or national security-but these delayed disclosures will need express written approval from the US Attorney General, which suggests they might not be granted except for extreme and very large cybersecurity incidents. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |