Security News

Boards of directors, or other senior committees, are charged with overseeing cybersecurity risk management, and must retain an appropriate level of expertise to understand cyber issues, the rules say. Directors must sign off on cybersecurity programs, and ensure that any security program has "Sufficient resources" to function.

The details are scant-the article is based on a "Heavily redacted" contract-but the New York subway authority is using an "AI system" to detect people who don't pay the subway fare. Joana Flores, an MTA spokesperson, said the AI system doesn't flag fare evaders to New York police, but she declined to comment on whether that policy could change.

The New York City Department of Education says hackers stole documents containing the sensitive personal information of up to 45,000 students from its MOVEit Transfer server.The Clop ransomware gang has claimed responsibility for the CVE-2023-34362 MOVEit Transfer attacks on June 5 in a statement shared with BleepingComputer, with the cybercrime gang saying it breached the MOVEit servers of "Hundreds of companies."

Hyundai and Kia cars were stolen 977 times in New York City in the first four months of 2023, and authorities have had enough. "This represents a roughly 660 percent increase in thefts of Kia and Hyundai vehicles as compared to those same months in 2022, when there were only 148 such thefts," blasts the complaint [PDF] filed with the United States District Court, Southern District of New York.

Security in brief The fallout from an eight-month-old cyber attack on a county in Long Island, New York has devolved into mud-slinging as leaders try to figure out just what is going on. Suffolk County was hit with a ransomware attack in early September 2022, which led county executive Steve Bellone to issue nine separate emergency declarations, Long Island publication Newsday said - the most recent of which was enacted earlier this month.

A New York law firm has agreed to pay $200,000 in penalties to the state because it failed to protect the private and electronic health information of approximately 114,000 patients. Heidell, Pittoni, Murphy and Bach represents New York City area hospitals in litigation and maintains sensitive private information from patients, including dates of birth, social security numbers, health insurance information, medical history, and/or health treatment information.

U.S. law enforcement authorities have arrested a New York man in connection with running the infamous BreachForums hacking forum under the online alias "Pompompurin." "At one point, investigators were seen removing several bags of evidence from the house," the New York-based local news service added.

A New York resident has pleaded guilty to charges of conspiracy to commit bank fraud using stolen credit cards purchased on dark web cybercrime marketplaces. According to the indictment shared in the U.S. Department of Justice announcement, Osagie purchased thousands of credit and debit card data from dark web markets.

Two men have been charged for allegedly conspiring with Russian hackers to manipulate the taxi dispatch system at New York's John F. Kennedy International Airport. Daniel Abayev, 48, and Peter Leyman, 48, are accused of altering the JFK taxi dispatch system to advance selected taxis to the front of the taxi queue in exchange for a $10 payment, according to a federal indictment [PDF] made public on Tuesday.

Private security firms in New York City have co-opted public resources - specifically trees - to track their guards as they make their rounds. According to Gothamist, a New York-focused news site, security contractors have been drilling into trees on public city streets to install signaling hardware to ensure that guards are following their patrol routes.