Back To Resource Center

Published: April 1, 2024

TalPoint’s Monthly Security Brief – April 2024

By TalPoint Marketing blog posts

Monday, April 22, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

BurstIQ, a provider of advanced data management solutions for the secure handling and sharing of data, announced the completion of its SOC 2 Type 2 accreditation.

Tiny Technologies, a provider of innovative rich text editing solutions under the Tiugo Technologies brand, announced the completion of its SOC 2 Type 2 accreditation.

3. Company Fines

Nothing to report.

Friday, April 19, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Pickcel, a provider of digital signage solutions ,recently achieved ISO 27001 certification.

3. Company Fines

Nothing to report.

Thursday, April 18, 2024

1. Ransomware Attacks

New York State Legislature – State officials are investigating a major cyberattack on the government agency charged with drafting state budget bills.The investigation comes as the Legislature and governor are finalizing the details of the $237 billion state budget. Read more here.

The United Nations Development Programme (UNDP) – In a statement, the organization said the attack targeted local IT infrastructure in UN City, the Copenhagen-based complex that houses nearly a dozen UN agencies. The UNDP said it learned on March 27 that a “data-extortion actor had stolen data which included certain human resources and procurement information”.  While UNDP has not shared any additional information on the incident, the organization was apparently targeted in a ransomware attack conducted by a group named 8base.

2. Certifications

DataDome, whose mission is to rid the web of fraudulent traffic, announced the renewal of its SOC 2 Type 2 accreditation.

QualiZeal Inc., a provider of Digital Quality Engineering services, announced the completion of its SOC 2 Type 2 accreditation.

EarlyBirds, an Australian innovation intelligence platform, recently achieved ISO 27001 certification.

Pano AI, a company focused in artificial intelligence-driven wildfire detection, recently achieved ISO 27001:2022 certification.

3. Company Fines

Nothing to report.

Wednesday, April 17, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Forward Networks, a company that develops enterprise software for network management and software-defined networking, announced the completion of its SOC 2 Type 2 accreditation.

Landis, a platform paving the way for renters to become homeowners, announced the completion of its SOC 2 Type 2 accreditation.

3. Company Fines

Nothing to report.

Tuesday, April 16, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Certify, a provider intelligence platform powered by API integrations and hundreds of verified data points, announced the completion of its SOC 2 Type 2 accreditation.

TaxDome, a provider of integrated software solutions for tax professionals and accountants, announced the completion of its SOC 2 Type 1 accreditation.

Circle, a financial technology company and $USDC issuer, announced the completion of its SOC 2 Type 2 accreditation.

Polygon Labs, a player in the blockchain industry, has achieved ISO 27001:2022 certification.

3. Company fines

Nothing to report.

Monday, April 15, 2024

1. Ransomware Attacks

Nexperia, a Chinese-owned semiconductor company headquartered in the Netherlands, has announced being hacked after a ransomware group uploaded what it claimed were stolen confidential documents to a darknet extortion site. In a statement late last week, the company said it had “become aware that an unauthorized third party accessed certain Nexperia IT servers in March 2024.

2. Certifications

Jumbula, a provider of online registration, payment, and class/camp management, announced the completion of its SOC 2 Type 1 accreditation.

Layer3, a provider of cloud and AI-driven network solutions in Nigeria, has achieved ISO 27001:2022 recertification.

Orbyt, is an integrated Software-as-a-Service platform providing a one-stop shop for multi-channel distribution and payments, recently completed the ISO 27001 certification.

3. Company Fines

Nothing to report.

Friday, April 12, 2024

1. Ransomware Attacks

New Mexico Highlands University officials canceled classes through April 14 as they’re still dealing with a ransomware incident. Officials say the incident took systems offline and prompted an ongoing investigation. Several systems are still offline, including the MyNMHU portal.

2. Certifications

Nothing to report.

3. Company Fines

Nothing to report.

Thursday, April 11, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Fraud.net, a fraud and risk management platform, announced the completion of its SOC 2 Type 2 accreditation.

Balance, Canada’s oldest and largest digital asset custodian, announced the completion of its SOC 2 Type 2 accreditation.

Nuvo, the leading trade credit technology platform, announced the completion of its SOC 2 Type 2 accreditation.

Computers Unlimited, a software development company, announced the completion of its SOC 2 Type 2 accreditation.

Bridgeline Digital, Inc., a global leader in AI-powered marketing technology, announced the completion of its SOC 2 Type 2 accreditation.

3. Company Fines

Nothing to report.

Wednesday, April 10, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

DocNetwork, an electronic records oganization for camps, schools and childcares, announced the completion of its SOC 2 Type 2 accreditation.

Kredit, a centralized debt resolution platform and network, announced the completion of its SOC 2 Type 1 accreditation.

Uniken, a provider of security, authentication, and identity verification, announced the completion of its SOC 2 Type 2 accreditation.

Interpres Security, a company dedicated to optimizing defenses against prioritized threats targeting organizations to reduce threat exposure, announced the completion of its SOC 2 Type 2 accreditation.

Blue Mountain, a leader in GMP-compliant EAM (Enterprise Asset Management) software for life sciences, announced the completion of its SOC 2 Type 2 accreditation.

Enlyft, a predictive selling platform for go-to-market teams, obtained ISO 27001 and ISO 27701 certifications and renewed its SOC 2 Type 2 accreditation.

Quickparts, a global provider of on-demand manufacturing services, has achieved ISO 27001:2022 certification.

3. Company Fines

Nothing to report.

Tuesday, April 9, 2024

1. Ransomware Attacks

GBI Genios, a database company used by numerous media organizations in Germany, announced on Tuesday its servers were unavailable “due to a massive hacker attack.” In a post on LinkedIn, Genios said the incident was a ransomware attack and cautioned, “unfortunately we have to assume an outage for several days.”

The Group Health Cooperative of South Central Wisconsin (GHC-SCW) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that it was the target of a ransomware attack. In this notice, GHC-SCW explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, addresses, telephone numbers, email addresses, dates of birth, Social Security numbers, member numbers, and Medicare / Medicaid numbers.

2. Certifications

Interpres Security, a company optimizing defenses against prioritized threats targeting organizations to reduce threat exposure, announced the completion of its SOC 2 Type 2 accreditation.

TradeCentric, a provider of B2B connected commerce solutions powering integration and automation between eCommerce and eProcurement systems, announced the completion of its SOC 2 Type 2 accreditation.

Certiverse, an exam development and delivery platform that leverages advanced technology to transform the way exams are created and administered, announced the completion of its SOC 2 Type 2 accreditation.

Smith, a leading global distributor of electronic components and semiconductors, recently completed the ISO/IEC 27001 certification.

3. Company Fines

Nothing to report.

Monday, April 8 2024

1. Ransomware Attacks

Change HealthcareChange Healthcare, a major US medical firm, has suffered a disruptive ransomware attack by AlphV (BlackCat), impacting pharmacies nationwide.

Current Status:

  • 4/8/24 – RansomHub is demanding the health insurance provider pay another ransom or else it’ll sell the company’s stolen data to the highest bidder. It now claims to have stolen 4TB of data from Change Healthcare, including the personal details and medical records of “millions” of patients.
  • 3/28/24 – The U.S. State Department offered up to $10 million for information on the Blackcat ransomware gang.
  • 3/14/24 – UnitedHealth Group said it identified the source of the intrusion into Change Healthcare’s system, which remains partially non-operational following the cyberattack.
  • 03/06/24 – After 10 days, the company reportedly paid $22M in ransom via bitcoin to get its systems back online.
  • 03/02/24 – Still offline.
  • 02/28/24 – Services currently unavailable.

2. Certifications

OMS, is an end-to-end platform which covers product areas such as residential, buy-to-let, second charge, equity release, bridging, commercial plus general insurance, and protection., recently completed the ISO 27001 certification.

AddSecure, a European provider of secure IoT connectivity and end-to-end solutions and a fast-growing business, recently completed the ISO 27001 certification.

3. Company Fines

Nothing to report.

Friday, April 5, 2024

1. Ransomware Attacks

Panera Bread recently experienced a week-long outage due to a ransomware attack, according to reports. The attack encrypted many of the company’s virtual machines, causing data and application access issues. Panera Bread has restored some systems from backups to address the situation. Read more here.

Jackson County, Missouri, declared a state of emergency and indefinitely closed key offices due to a ransomware attack, causing significant disruptions in its IT systems.

Current Status:

  • 4/5/24 – An overnight corrections officer fell for a phishing email, which gave hackers a way in.
  • 3/28/24 – Officials reported operational inconsistencies and confirmed inoperable systems, including tax and online property payments, marriage license issuance, and inmate searches. As a result, Assessment, Collection, and Recorder of Deeds offices at all county locations are closed until further notice.

2. Certifications

KopenTech LLC, an electronic trading and analytics platform for structured products, announced the completion of its SOC 2 Type 2 accreditation.

Cymbio, the leading marketplace and dropship automation platform for brands, has achieved the ISO27001:2022 certification.

3. Company Fines

Nothing to report.

Thursday, April 4, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

Wrike, a work management platform, announced the completion of its SOC 2 Type 2 accreditation and all ISO 27k series certifications.

Routespring, a provider of corporate travel solutions, announced the completion of its SOC 2 Type 2 accreditation.

Barcoding, Inc., a company in supply chain efficiency, accuracy and connectivity, announced the completion of its SOC 2 Type 1 accreditation.

Ireckonu, a Hospitality Middleware and Customer Data Platform for hotel chains, has achieved the ISO27001:2022 certification.

WiTTRA, an innovator in the Internet of Things (IoT) solutions, proudly announces its achievement of the ISO 27001 certification.

3. Company Fines

Nothing to report.

Wednesday, April 3, 2024

1. Ransomware Attacks

Jackson County, Missouri, declared a state of emergency and indefinitely closed key offices due to a ransomware attack, causing significant disruptions in its IT systems. Officials reported operational inconsistencies and confirmed inoperable systems, including tax and online property payments, marriage license issuance, and inmate searches. As a result, Assessment, Collection, and Recorder of Deeds offices at all county locations are closed until further notice.

2. Certifications

Strategic Technology Solutions (STS), a firm specializing in delivering Managed IT, Cloud and Cybersecurity services to the legal sector, announced the completion of its SOC 2 Type 2 accreditation.

VIQ Solutions Inc., a global provider of secure, AI-driven, digital voice, and video capture technology and transcription services, announced the completion of its SOC 2 Type 1 accreditation.

Zero&One, a cloud-focused consultancy firm, has achieved the ISO27001:2022 certification.

3. Company Fines

Nothing to report.

Tuesday, April 2, 2024

1. Ransomware Attacks

Nothing to report.

2. Certifications

BridgeFT, a cloud-native, API-first wealth infrastructure software company, announced the completion of its SOC 2 Type 2 accreditation.

XiltriX North America, a provider of real-time environmental monitoring systems for the life science industry, announced the completion of its SOC 2 Type 2 accreditation.

TicketRev, a demand-driven technology platform for live event tickets, announced the completion of its SOC 2 Type 1 accreditation.

RallyWare , the Performance Enablement Platform for large sales forces, announced the completion of its SOC 2 Type 1 accreditation.

ChurnZero, the platform and partner for customer success, has earned ISO 27001 certification.

3. Company Fines

Nothing to report.

Monday, April 1, 2024

1. Ransomware Attacks

Florida Memorial University (FMU), South Florida’s sole historically Black college or university, has reportedly been targeted in a cybersecurity breach by the ransomware group INC Ransom. The extent of compromised data remains uncertain and FMU has not released an official statement regarding the breach. INC Ransom has demonstrated their malicious intent by uploading a ‘proof pack’ on their website, featuring scans of passports, Social Security numbers, and contractual documents allegedly obtained from FMU’s databases.

2. Certifications

Tether, a cryptocurrency company, announced the completion of its SOC 2 Type 1 accreditation.

3. Company Fines

Nothing to report.

Our large and diverse network of experts is here to help...

Charles M.

Principal

Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.

Ellen K.

GRC Expert

Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.

Zachary C.

Founder and CRO

Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.