Ransomware continues to steal data. BleepingComputer reports that Magellan Health, a large US managed care and insurance provider, discovered on April 11th that it had been the victim of a ransomware attack. The incident compromised personal data including names, addresses, employee ID numbers, and various details from US W-2 or 1099 tax forms. A letter to affected stakeholders said that no fraud had so far been detected.
Australia's Toll Group confirmed that it too lost data to ransomware.
Yesterday was Patch Tuesday: Adobe took care of thirty-six bugs, and Microsoft addressed one-hundred-eleven issues. There's a view in circulation that you should take a wait-and-see approach to applying patches, and that in particular you ought to turn off automatic Windows updates. While this might make sense under some circumstances for an enterprise that must test patches to ensure the fixes won't affect their systems' availability, and even granted that some patches come with problems, it's hard to see why individual users should do the same. One security expert tweeted that the advice amounted to "digital anti-vax click bait." Go ahead and patch.
But if you must be selective in your patching, take a look at CISA's list of the ten most exploited vulnerabilities and start with those.
People counted yesterday, May 12th, as marking the third anniversary of WannaCry's peak, and INTERPOL declared it "Anti-Ransomware Day." Infosecurity Magazine quotes the head of INTERPOL's Cybercrime Directorate as saying the agency wants to remind everyone "to keep good cyber hygiene and to #WashYourCyberHands.”