Post-cybersecurity incident, organizations must undertake detailed post-mortem evaluations to understand the attack's specifics, identify vulnerabilities, and improve future incident responses. This analysis includes reviewing attack vectors, timelines, and the effectiveness of the responses. It is essential to share the findings and learnings within the organization and with the wider cybersecurity community to enhance collective knowledge and defenses. Feedback loops should be established to continuously improve security measures. The goal is to build a culture of continuous learning and collaboration without attributing blame, ensuring timely and constructive reviews post-incident to adapt to evolving cyber threats effectively.

After the Dust Settles: Post-Incident Actions publication

LockBit 3.0 continues to be the leading ransomware gang according to Palo Alto Networks' Unit 42, despite law enforcement actions six months ago. Analyzing the first half of 2024, Unit 42 observed 1,762 posts on ransomware gangs' leak sites, a slight increase from 2023. The six most active groups accounted for over half of the infections, with LockBit 3.0 leading at 325 victims. The Play gang moved to second place with 155 victims, and the newcomer 8base ranked third with 119 victims. Other notable gangs included Akira, BlackBasta, and Medusa. Law enforcement disruptions have temporarily hindered certain groups like ALPHV/BlackCat and CLOP, but the criminal ecosystem quickly adapts, with new groups and rebrands emerging, leading to a resilient and evolving ransomware threat landscape.

Six ransomware gangs behind over 50% of 2024 attacks The Register

The Federal Trade Commission (FTC) has updated its Health Breach Notification Rule (HBNR), effective July 29, 2024, to address the evolving landscape of health data privacy. The revised rule now explicitly includes health apps and connected devices, such as wearables, under its purview and defines a breach to include unauthorized disclosures of personal health information to third-party platforms like Facebook and Google. Key changes involve new definitions of “PHR identifiable health information,” expanded requirements for breach notifications, and specific timeframes for informing both consumers and the FTC in case of data security breaches. The rule emphasizes the importance of protecting personal health data amid increasing data collection and usage for marketing purposes.

FTC revised Health Breach Notification Rule now in effect PharmaLive

CrowdStrike's president, Michael Sentonas, accepted the "Most Epic Fail" award at the Def Con hacking conference for a software update that led to a global IT outage. The Pwnie Awards highlight both achievements and failures in the security community. Sentonas acknowledged the award while emphasizing its significance as a lesson for the company. The faulty update caused Windows machines to fail globally, impacting entities such as airlines and prompting Microsoft to reconsider its policies on kernel access. CrowdStrike attributed the issue to a test software bug and committed to improving their testing processes and implementing staged updates to prevent recurrence.

CrowdStrike accepted a ‘Most Epic Fail’ award at Def Con hacking conference The Verge