Top Stories
Conti becomes Hive and attacks Costa Rican public health centers
After Conti shut down, there was some hope that their hacking infrastructure would be put out of commission. However, it turns out that Conti was prepared and had started splintering off into related groups as early as last year. Yesterday, Hive's ransomware disabled Costa Rica’s public health agency, causing all systems to go down in several public health centers in Costa Rica until further notice.
European Commission publishes Q&A on new SCCs for data transfers
On Dec. 27, a new set of standard contractual clauses for international data transfers will replace existing SCCs. At Vicis, we have been busy updating many of our clients' DPA's with the new SCCs. Recently, the European Question published a FAQ that offers practical guidance on the use of SCCs and assists stakeholders in compliance efforts.
Security
FBI thwarts cyberthreat against Boston Children’s Hospital by hackers sponsored by Iranian government
In the summer of 2021, the FBI said officials received reports that Iranian hackers were targeting Boston Children’s Hospital.
Hive ransomware enters big league with hundreds breached in four months
The Hive ransomware gang is more active and aggressive than its leak site shows, with affiliates attacking an average of three companies every day since the operation became known in late June.
Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions – Krebs on Security
More Conti ransomware source code leaked on Twitter out of revenge
A Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for the cybercriminals siding with Russia on the invasion of Ukraine.
Hive ransomware ports its Linux VMware ESXi encryptor to Rust
The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to snoop on victim's ransom negotiations.
Privacy
US lawmakers closing in on bipartisan privacy framework
Politico reported members of the U.S. Senate and House are circulating a draft bill that includes bipartisan compromise on the two biggest stumbling blocks between parties, federal preemption and the private right of action.
NHS COVID-19 app: your data and privacy - GOV.UK
Read about the steps the NHS has taken to make sure the NHS COVID-19 app protects users' privacy and identity.
Google sued for using the NHS data of 1.6 million Britons 'without their knowledge or consent' | Science & Tech News | Sky News
The Royal Free NHS Trust in London, which gave Google the patient data, was previously told the move was illegal following an investigation by the Information Commissioner's Office.
Senators wrote letters about reproductive health data.
Apps collecting location or health data, particularly if it could be used for inferences about reproductive health choices, are the subject of much discussion.
CPPA board charts course for CPRA rulemaking
The California Privacy Protection Agency Board outlined a proposed course of action for the upcoming California Privacy Rights Act rulemaking process, addressing what will and will not be anticipated areas of focus. The board did not discuss the quickly approaching July 1 target date for finalizing regulations. The upcoming draft regulations will not include guidance on cybersecurity audits, privacy risk assessments, or automated decision-making technologies.