Tuesday, April 30, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

XL8, a deep-tech startup specializing in AI-powered machine translation technology, announced the completion of its SOC 2 Type 2 accreditation.

CyberArk, an identity security company, announced the completion of its SOC 2 Type 2 and SOC 3 accreditations.

OSARO, a robotics AI software company in the e-commerce fulfillment sector, announced the completion of its SOC 2 Type 2 accreditation.

SessionGuardian, a provider of continuous identity assurance and data protection solutions, announced the completion of its SOC 2 and ISO/IEC 27001:2022 certifications.

WurkNow, a leader in workforce management solutions, announced the completion of its SOC 2 Type 1 accreditation.

HSBlox, Inc., an organization that provides healthcare organizations with the tools and support to manage value-based programs successfully and sustainably, announced the completion of its SOC 2 Type 1 accreditation. 

Sora Finance, a technology firm in the financial advisory sector, announced the completion of its SOC 2 accreditation.

3. Company Fines

Four of America’s largest mobile operators sold access to customer location data to third parties without gaining customer consent or putting adequate safeguards in place, the FCC has claimed. The US communications regulator issued its judgement yesterday, fining Sprint ($12m), T-Mobile ($80m), AT&T ($57m) and Verizon ($47m) close to $200m in total for breaking the law. Read more here.

Monday, April 29, 2024

1. Ransomware Attacks

Coffee County, GA – The computer infrastructure of a Georgia county at the center of an effort to falsely claim that the state’s 2020 presidential election was marked by fraud was struck by a cyberattack earlier this month that prompted state officials to sever Coffee County’s access to statewide election systems. Officials have been forced to use laptops and cellular networks to connect to the system since last week. Read more here.

2. Certifications

DigiCert, a global provider of digital trust, announced the completion of its SOC 2 Type 2 accreditation.

3. Company Fines

Nothing to report.

Friday, April 26, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

EchoGlobal, a Ukraine-based IT staffing and team augmentation provider, obtained ISO 27001 certification.

3. Company Fines

Nothing to report.

Thursday, April 25, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Joshu, the platform to build, distribute, and grow digital insurance products, announced the completion of its SOC 2 accreditation..

The Coterie, a provider of software products for investors and managers of alternative assets, announced the completion of its SOC 2 Type 2 accreditation.

Devexperts, a provider of software and services for the financial industry, announced the completion of its SOC 2 Type 2 accreditation.

3. Company Fines

The Czech Republic’s data protection authority (DPA) issued a fine of 351 million Czech koruna (USD $15 million) against antivirus software vendor Avast for alleged violations of the GDPR. Read more here.

Wednesday, April 24, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Axiom Cloud, which uses AI and automation to efficiently detect refrigerant leaks for grocery retailers and cold storage facilities, announced the completion of its SOC 2 accreditation.

ScalePad, announces the achievement of SOC 2 Type II and ISO 27001 compliance certifications for its products Lifecycle Manager, Lifecycle Insights, Backup Radar, and ControlMap.

3. Company Fines

Nothing to report.

Tuesday, April 23, 2024

1. Ransomware Attacks

Change Healthcare – Change Healthcare, a major US medical firm, has suffered a disruptive ransomware attack by AlphV (BlackCat), impacting pharmacies nationwide.

Current Status:

• 4/23/24– UnitedHealth confirmed yesterday that it paid the ransom to try and protect patient data. The company also confirmed that files containing personal information were compromised in the breach. Read more here.
• 4/8/24 – RansomHub is demanding the health insurance provider pay another ransom or else it’ll sell the company’s stolen data to the highest bidder. It now claims to have stolen 4TB of data from Change Healthcare, including the personal details and medical records of “millions” of patients.
• 3/28/24 – The U.S. State Department offered up to $10 million for information on the Blackcat ransomware gang.
• 3/14/24 – UnitedHealth Group said it identified the source of the intrusion into Change Healthcare’s system, which remains partially non-operational following the cyberattack.
• 03/06/24 – After 10 days, the company reportedly paid $22M in ransom via bitcoin to get its systems back online.
• 03/02/24 – Still offline.
• 02/28/24 – Services currently unavailable.

2. Certifications

DwellFi, a provider in the fintech industry specializing in AI, blockchain, and tokenization solutions for Private Funds and Fund Administrators, announced the completion of its SOC 2 Type 1 accreditation.

Konnech Inc., a provider of software solutions for election management, announced the completion of its SOC 2 accreditation.

Bluemeteor, a provider n AI-powered product content management, obtained ISO 27001 certification.

3. Company Fines

Nothing to report.

Monday, April 22, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

BurstIQ, a provider of advanced data management solutions for the secure handling and sharing of data, announced the completion of its SOC 2 Type 2 accreditation.

Tiny Technologies, a provider of innovative rich text editing solutions under the Tiugo Technologies brand, announced the completion of its SOC 2 Type 2 accreditation.

3. Company Fines

Nothing to report.

Friday, April 19, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Pickcel, a provider of digital signage solutions ,recently achieved ISO 27001 certification.

3. Company Fines

Nothing to report.

Thursday, April 18, 2024

1. Ransomware Attacks

New York State Legislature – State officials are investigating a major cyberattack on the government agency charged with drafting state budget bills.The investigation comes as the Legislature and governor are finalizing the details of the $237 billion state budget. Read more here.

The United Nations Development Programme (UNDP) – In a statement, the organization said the attack targeted local IT infrastructure in UN City, the Copenhagen-based complex that houses nearly a dozen UN agencies. The UNDP said it learned on March 27 that a “data-extortion actor had stolen data which included certain human resources and procurement information”.  While UNDP has not shared any additional information on the incident, the organization was apparently targeted in a ransomware attack conducted by a group named 8base.

2. Certifications

DataDome, whose mission is to rid the web of fraudulent traffic, announced the renewal of its SOC 2 Type 2 accreditation.

QualiZeal Inc., a provider of Digital Quality Engineering services, announced the completion of its SOC 2 Type 2 accreditation.

EarlyBirds, an Australian innovation intelligence platform, recently achieved ISO 27001 certification.

Pano AI, a company focused in artificial intelligence-driven wildfire detection, recently achieved ISO 27001:2022 certification.

3. Company Fines

Nothing to report.

Wednesday, April 17, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Forward Networks, a company that develops enterprise software for network management and software-defined networking, announced the completion of its SOC 2 Type 2 accreditation.

Landis, a platform paving the way for renters to become homeowners, announced the completion of its SOC 2 Type 2 accreditation.

3. Company Fines

Nothing to report.

Tuesday, April 16, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Certify, a provider intelligence platform powered by API integrations and hundreds of verified data points, announced the completion of its SOC 2 Type 2 accreditation.

TaxDome, a provider of integrated software solutions for tax professionals and accountants, announced the completion of its SOC 2 Type 1 accreditation.

Circle, a financial technology company and $USDC issuer, announced the completion of its SOC 2 Type 2 accreditation.

Polygon Labs, a player in the blockchain industry, has achieved ISO 27001:2022 certification.

3. Company fines

Nothing to report.

Monday, April 15, 2024

1. Ransomware Attacks

Nexperia, a Chinese-owned semiconductor company headquartered in the Netherlands, has announced being hacked after a ransomware group uploaded what it claimed were stolen confidential documents to a darknet extortion site. In a statement late last week, the company said it had “become aware that an unauthorized third party accessed certain Nexperia IT servers in March 2024.

2. Certifications

Jumbula, a provider of online registration, payment, and class/camp management, announced the completion of its SOC 2 Type 1 accreditation.

Layer3, a provider of cloud and AI-driven network solutions in Nigeria, has achieved ISO 27001:2022 recertification.

Orbyt, is an integrated Software-as-a-Service platform providing a one-stop shop for multi-channel distribution and payments, recently completed the ISO 27001 certification.

3. Company Fines

Nothing to report.

Friday, April 12, 2024

1. Ransomware Attacks

New Mexico Highlands University officials canceled classes through April 14 as they’re still dealing with a ransomware incident. Officials say the incident took systems offline and prompted an ongoing investigation. Several systems are still offline, including the MyNMHU portal.

2. Certifications

Nothing to report.

3. Company Fines

Nothing to report.

Thursday, April 11, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Fraud.net, a fraud and risk management platform, announced the completion of its SOC 2 Type 2 accreditation.

Balance, Canada’s oldest and largest digital asset custodian, announced the completion of its SOC 2 Type 2 accreditation.

Nuvo, the leading trade credit technology platform, announced the completion of its SOC 2 Type 2 accreditation.

Computers Unlimited, a software development company, announced the completion of its SOC 2 Type 2 accreditation.

Bridgeline Digital, Inc., a global leader in AI-powered marketing technology, announced the completion of its SOC 2 Type 2 accreditation.

3. Company Fines

Nothing to report.

Wednesday, April 10, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

DocNetwork, an electronic records oganization for camps, schools and childcares, announced the completion of its SOC 2 Type 2 accreditation.

Kredit, a centralized debt resolution platform and network, announced the completion of its SOC 2 Type 1 accreditation.

Uniken, a provider of security, authentication, and identity verification, announced the completion of its SOC 2 Type 2 accreditation.

Interpres Security, a company dedicated to optimizing defenses against prioritized threats targeting organizations to reduce threat exposure, announced the completion of its SOC 2 Type 2 accreditation.

Blue Mountain, a leader in GMP-compliant EAM (Enterprise Asset Management) software for life sciences, announced the completion of its SOC 2 Type 2 accreditation.

Enlyft, a predictive selling platform for go-to-market teams, obtained ISO 27001 and ISO 27701 certifications and renewed its SOC 2 Type 2 accreditation.

Quickparts, a global provider of on-demand manufacturing services, has achieved ISO 27001:2022 certification.

3. Company Fines

Nothing to report.

Tuesday, April 9, 2024

1. Ransomware Attacks

GBI Genios, a database company used by numerous media organizations in Germany, announced on Tuesday its servers were unavailable “due to a massive hacker attack.” In a post on LinkedIn, Genios said the incident was a ransomware attack and cautioned, “unfortunately we have to assume an outage for several days.”

The Group Health Cooperative of South Central Wisconsin (GHC-SCW) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that it was the target of a ransomware attack. In this notice, GHC-SCW explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, addresses, telephone numbers, email addresses, dates of birth, Social Security numbers, member numbers, and Medicare / Medicaid numbers.

2. Certifications

Interpres Security, a company optimizing defenses against prioritized threats targeting organizations to reduce threat exposure, announced the completion of its SOC 2 Type 2 accreditation.

TradeCentric, a provider of B2B connected commerce solutions powering integration and automation between eCommerce and eProcurement systems, announced the completion of its SOC 2 Type 2 accreditation.

Certiverse, an exam development and delivery platform that leverages advanced technology to transform the way exams are created and administered, announced the completion of its SOC 2 Type 2 accreditation.

Smith, a leading global distributor of electronic components and semiconductors, recently completed the ISO/IEC 27001 certification.

3. Company Fines

Nothing to report.

Monday, April 8 2024

1. Ransomware Attacks

Change Healthcare – Change Healthcare, a major US medical firm, has suffered a disruptive ransomware attack by AlphV (BlackCat), impacting pharmacies nationwide.

Current Status:

• 4/8/24 – RansomHub is demanding the health insurance provider pay another ransom or else it’ll sell the company’s stolen data to the highest bidder. It now claims to have stolen 4TB of data from Change Healthcare, including the personal details and medical records of “millions” of patients.
• 3/28/24 – The U.S. State Department offered up to $10 million for information on the Blackcat ransomware gang.
• 3/14/24 – UnitedHealth Group said it identified the source of the intrusion into Change Healthcare’s system, which remains partially non-operational following the cyberattack.
• 03/06/24 – After 10 days, the company reportedly paid $22M in ransom via bitcoin to get its systems back online.
• 03/02/24 – Still offline.
• 02/28/24 – Services currently unavailable.

2. Certifications

OMS, is an end-to-end platform which covers product areas such as residential, buy-to-let, second charge, equity release, bridging, commercial plus general insurance, and protection., recently completed the ISO 27001 certification.

AddSecure, a European provider of secure IoT connectivity and end-to-end solutions and a fast-growing business, recently completed the ISO 27001 certification.

3. Company Fines

Nothing to report.

Friday, April 5, 2024

1. Ransomware Attacks

Panera Bread recently experienced a week-long outage due to a ransomware attack, according to reports. The attack encrypted many of the company’s virtual machines, causing data and application access issues. Panera Bread has restored some systems from backups to address the situation. Read more here.

Jackson County, Missouri, declared a state of emergency and indefinitely closed key offices due to a ransomware attack, causing significant disruptions in its IT systems.

Current Status:

• 4/5/24 – An overnight corrections officer fell for a phishing email, which gave hackers a way in.
• 3/28/24 – Officials reported operational inconsistencies and confirmed inoperable systems, including tax and online property payments, marriage license issuance, and inmate searches. As a result, Assessment, Collection, and Recorder of Deeds offices at all county locations are closed until further notice.

2. Certifications

KopenTech LLC, an electronic trading and analytics platform for structured products, announced the completion of its SOC 2 Type 2 accreditation.

Cymbio, the leading marketplace and dropship automation platform for brands, has achieved the ISO27001:2022 certification.

3. Company Fines

Nothing to report.

Thursday, April 4, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Wrike, a work management platform, announced the completion of its SOC 2 Type 2 accreditation and all ISO 27k series certifications.

Routespring, a provider of corporate travel solutions, announced the completion of its SOC 2 Type 2 accreditation.

Barcoding, Inc., a company in supply chain efficiency, accuracy and connectivity, announced the completion of its SOC 2 Type 1 accreditation.

Ireckonu, a Hospitality Middleware and Customer Data Platform for hotel chains, has achieved the ISO27001:2022 certification.

WiTTRA, an innovator in the Internet of Things (IoT) solutions, proudly announces its achievement of the ISO 27001 certification.

3. Company Fines

Nothing to report.

Wednesday, April 3, 2024

1. Ransomware Attacks

2. Certifications

Strategic Technology Solutions (STS), a firm specializing in delivering Managed IT, Cloud and Cybersecurity services to the legal sector, announced the completion of its SOC 2 Type 2 accreditation.

VIQ Solutions Inc., a global provider of secure, AI-driven, digital voice, and video capture technology and transcription services, announced the completion of its SOC 2 Type 1 accreditation.

Zero&One, a cloud-focused consultancy firm, has achieved the ISO27001:2022 certification.

3. Company Fines

Nothing to report.

Tuesday, April 2, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

BridgeFT, a cloud-native, API-first wealth infrastructure software company, announced the completion of its SOC 2 Type 2 accreditation.

XiltriX North America, a provider of real-time environmental monitoring systems for the life science industry, announced the completion of its SOC 2 Type 2 accreditation.

TicketRev, a demand-driven technology platform for live event tickets, announced the completion of its SOC 2 Type 1 accreditation.

RallyWare , the Performance Enablement Platform for large sales forces, announced the completion of its SOC 2 Type 1 accreditation.

ChurnZero, the platform and partner for customer success, has earned ISO 27001 certification.

3. Company Fines

Nothing to report.

Monday, April 1, 2024

1. Ransomware Attacks

Florida Memorial University (FMU), South Florida’s sole historically Black college or university, has reportedly been targeted in a cybersecurity breach by the ransomware group INC Ransom. The extent of compromised data remains uncertain and FMU has not released an official statement regarding the breach. INC Ransom has demonstrated their malicious intent by uploading a ‘proof pack’ on their website, featuring scans of passports, Social Security numbers, and contractual documents allegedly obtained from FMU’s databases.

2. Certifications

Tether, a cryptocurrency company, announced the completion of its SOC 2 Type 1 accreditation.

3. Company Fines

Nothing to report.