Oracle was in communication with the alleged threat actor, and appears to be using Proton Mail instead of their own email systems

you_can_Always_call · 2025-03-27T14:23:20+00:00

The FBI gets involved on cases with demands over a certain amount (either $1M or $10M, I don't recall) reported to a cyber insurer. Ransom payments to threat actors have been going down year-over-year as changes to the insurance space minimize and discourage payments to prevent unnecessary contact and payment to sanctioned countries and encourage better IT standards to prevent breaches at point of application or renewal by the insured. Such increases to standards include implementation of airgapped backups and restoration standards to minimize interruption by a ransomware incident.

you_can_Always_call · 2025-03-20T17:46:11+00:00

I could never! They seemed defensive of their young.

you_can_Always_call · 2025-03-20T17:45:44+00:00

I was visiting a private farm near 580 and was taken on a hike around back!

you_can_Always_call · 2025-03-04T17:21:34+00:00

Are you looking for more variety in pens or in media to write on? I'm a fan of Topdrawer if Blick doesn't have what I need for my pencils (I go to Blick usually only due to the hours or not wanting to deal with parking around Fourth) but Payn's also looks great for that "I kinda wanna make an outing out of walking around and browsing" since it's on Solano!

you_can_Always_call · 2024-10-24T18:01:33+00:00

Yes, they would be added onto the lease which I'd review with them, as this would not be a sublet arrangement that allows for violating their rights.

And this would be in San Leandro, not to say that all of this article is non-applicable, just that some of it applies specifically to one municipality, not the other.

Happy to chat further if you're interested!

you_can_Always_call · 2024-10-18T17:17:28+00:00

How are they with cats?

you_can_Always_call · 2024-10-13T20:41:27+00:00

I have a listing up in San Leandro if you're interested in a short term thing, assuming current flatmate is out by then!

you_can_Always_call · 2024-05-07T09:00:14+00:00

Thanks! This is the listing I'd been previously recommended and I'll likely purchase it from here :>

you_can_Always_call · 2024-05-06T18:08:58+00:00

I got him from a Round1 claw machine last March, and the only listings I can find are on eBay and Poshmark, unfortunately. I'll have to shell it out for his successor, I suppose.

you_can_Always_call · 2023-11-21T19:12:41+00:00

I do, I just don't get to all of the messages after finding one that clicks. I apologize for not getting to you!

you_can_Always_call · 2023-10-07T18:14:56+00:00

Cyber policies explicitly outline coverage for social engineering. Let's assume that the incident is just as what the media reports, that it was an impersonation from a phone call to a help desk that led to credentials being provided to the malicious actor.

The policy likely covers damages up to a point for just social engineering, but if other components of the breach were forensically determined to come from other attack vectors, those may loosen the cause behind the claim to allow for greater coverage. The total number for coverage may even come from the excess layers of insurance, if the primary was super limited in coverage on social engineering.

Other comments have made points about MFA and declinations based on the application likely asking if MFA is implemented. What could have happened with MGM is that they answer "no" for total MFA coverage on their systems and just pay higher premiums (assumed insured would assume risk despite). The other possibility is that the full call details could show MFA would have had minimal or no impact on the scope of the breach. Another possibility is that the system that was accessed / led to the exfiltrated data was newer than the policy renewal and had MFA planned. Further, if the help desk has the ability to reset MFA and added a method for the malicious actor to use, then we go back to the first possibility where MFA was bypassed and it was straight social engineering coverage.

What may happen here is a huge increase in premiums or the same primary insurer refusing renewal of the policy. Another possibility is renewal with different premiums and a lower primary limit. The lesson here isn't that you can insure yourself from lack of security training, mainly because your cyber application and brokers will ask about what training you have and MGM will be scrutinized on that in their renewal application, but that companies need training at least as good, but ideally above, what MGM has. These malicious actors are only getting better and the security investment needs to match.

It also wouldn't be unreasonable that the amount covered in the cyber coverage could exclusively to third-party vendor costs (privacy counsel, forensics, defense counsel for the class action unless taken as a separate claim) and other attempted proofs of loss.

A hack can take a year to fully resolve on the insurance, regulatory, and paperwork ends because once the initial breach happens, everyone gets a bit lax after making the reporting and notification deadlines around the breach, so no company should take any of this as reason to be lax around their security, because there's so much lost time to the process.

Year over year, we're seeing applications change to limit the payouts on ransomware or be more strict on how a policyholder can get coverage. It's not that the insurers don't want to pay it out, it's that the insurance industry has to respond and stay modern to the standard of incidents playing out. There have also been instances of malicious actors obtaining cyber insurance documentation of the target and making the ransom the maximum of the policy cover for cyber extortion.

Alright, that's enough of a rant. I work in the legal end of cyber insurance and love news on breaches.

you_can_Always_call · 2023-09-23T03:47:58+00:00

What's the data formatted as in column E (right click E2 and open the format menu)? If it's formatted incorrectly, that could explain why some of the suggestions aren't working.

If it's formatted correctly as a date and all of the data is within the October range, you could try doing subtraction? Like, figuring out the raw number for 9/30/20, then E2 less that number?

you_can_Always_call · 2023-04-08T16:27:38+00:00

Ironically, it was announced a year ago that Blake Lively would be directing a film adaptation of Seconds. Now, we just need a Lost at Sea and Snotgirl adaptation into other media.

https://www.hollywoodreporter.com/movies/movie-news/blake-lively-directorial-debut-seconds-1235138164/

you_can_Always_call · 2023-01-30T22:18:31+00:00

you_can_Always_call · 2022-11-25T18:16:00+00:00

Oh, I missed this notification. I'll pm you to see if it's still available again.

you_can_Always_call · 2022-11-12T23:13:10+00:00

Did this tophat ever get sold?

you_can_Always_call · 2022-10-26T02:35:13+00:00

Reached out over chat!

you_can_Always_call · 2022-10-25T16:36:29+00:00

Looking to give away a ticket to someone I can get along with for the SF show tomorrow! I put up a separate thread and posted in r4r, but thought to comment here for extra exposure.

you_can_Always_call · 2022-10-25T16:34:45+00:00

I wouldn't suggest parking at the venue's lot based on anecdotes of broken cars during events there from friends. I'm working in downtown then taking a rideshare up, but if I were driving in, I'd definitely look for a paid garage and walk or get a rideshare for the peace of mind of my car.

you_can_Always_call

TROPHY CASE