Welcome to the January edition of the Cyber Capsule. In this edition, we discuss the FBI's efforts to stop the Karakurt, Play, and Black Cat ransomware groups. We also discuss the HHS's new cybersecurity program, the FBI's guidance on delaying SEC reporting requirements, and somewhat surprising news that data breaches are on the rise.

AS THE WORLD TURNS

Will This Hurt Karakurt? The FBI, CISA, the Department of the Treasury, and the Financial Crimes Enforcement Network released a joint Cybersecurity Advisory identifying a list of vulnerabilities and methods Karakurt uses.

Don't Play. The FBI, CISA, and the Australian Signals Directorate's Australian Cyber Security Centre releaseda joint Cybersecurity Advisory identifying a list of vulnerabilities and methods Play uses.

Black Cat Has Nine Lives. The FBI announced that it seized Black Cat's darknet website, and released a decryption tool. Not to be outdone, Black Cat regained control of its leak site and announced it is not in trouble at all - hospitals and nuclear power plants were no longer off limits.

CONSIDER THIS

To Teach a Breach. Last month, researchers revealed that by providing ChatGPT with certain prompts, the prompted chatbot would then reveal personally identifiable information.

Gmail, Now with RETVec. Google recently launched RETVec, a multilingual text vectorizer intended to improve email security by better detecting spam and malicious emails.

New Year's Resolution? There are nearly 20,000 Microsoft Exchange servers reachable over the internet that are at the end-of-life stage.

Breaches on the Rise. A new study revealed that 2.6 billion personal records have been compromised in the last two years.

HHS Helping Hospitals. Because you gotta give, HHS recently announced a new cybersecurity program and requirements, including: (1) establishing voluntary cybersecurity goals for healthcare; (2) providing financial support and incentives to hospitals to implement these goals; and (3) implement HHS-wide strategy for better enforcement and accountability.

Gimme a SECond. Because not everyone knows how to do everything, the FBI published a document illustrating how companies can delay disclosing cyber incidents to the SEC.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.