Recently, security solutions company Pradeo made a shocking discovery regarding two file management applications on the Google Play Store. These apps, with over 1.5 million installations, have been found to be malicious and pose a serious threat to the data security of those who have downloaded them.

Hackers recently exploited a zero-day vulnerability, or a previously unknown security flaw, to steal sensitive data from systems that utilize MOVEit Transfer, a popular file transfer software. In early June, the software’s creators, Burlington, Massachusetts-based Progress Software Corp, disclosed the vulnerability to the public, acknowledging the potential risks involved.

WalletHub, a financial website, recently unveiled its latest report, "2023's Best & Worst State Economies," and Massachusetts has reason to celebrate. The Bay State secured an impressive third place in the rankings, with only Washington and Utah surpassing it.

In April, Direct iT President and CEO David Javaheri flew out to a cybersecurity conference to present on the same stage as business luminaries Daymond John, Robert Herjavec, and Kevin O’Leary.

 

Javaheri believes that small businesses are being targeted by threat actors more frequently than ever before.

The United States DOJ announced last month that they have seized 13 domains associated with DDoS-for-hire services per court order.

A DDoS-for-hire is a service or platform that allows individuals to launch Distributed Denial of Service (DDoS) attacks on target websites or online services in exchange for a fee.

A breach of the US Department of Transportation's TRANServe program, which offers transportation-related benefits and services to help federal employees commute to and from work, has impacted 114,000 current and 123,000 former federal employees.

According to Reuters, the USDOT found that the breach was isolated to "certain systems at the department used for administrative functions" such as benefits processing.

The parent of Harvard Pilgrim Health Care and Tufts Health Plan, Point32Health, suffered a major cybersecurity breach and ransomware event in April, according to new information released by the corporation.

According to a statement released by Point32Health, "The investigation identified signs that data was copied and taken from Harvard Pilgrim systems between March 28, 2023, and April 17, 2023. Harvard Pilgrim is taking this incident extremely seriously and deeply regrets any inconvenience this incident may cause.

This piece was first published in Direct iT President and CEO David Javaheri's newsletter, the Good, The Bad, and the Ugly.

On May 1st, I spoke to over 100 attorneys at the 2023 Real Estate Bar Association Spring Conference in a joint presentation with FBI Special Agent Vivian Barrios.

According to NCC Group, an international cyber and software resilience business, March 2023 broke the record for the number of ransomware attacks, with 459 attacks measured. This is a 62% jump from numbers reported in March 2022. Even more concerning is that this is a 91% increase from February 2023.

The Common Vulnerability Exploit CVV-2023-0669 was the main culprit for the skyrocketing number of attacks.

The American Bar Association suffered a data breach affecting 1.5 million lawyers who use their website, according to Reuters. On Thursday, April 20, the ABA posted on their website and in an e-mail to members that the breach exposed usernames and passwords that had been used to log in to the site they had used prior to 2018, as well as their current Career Center site.