An attacker added a backdoor to the source code for PHP, an open-source, server-side scripting language used by more than 75% of the world's websites. Core PHP project members say the backdoor was quickly removed.
Identity crimes are up, but data breaches are down. What does this mean for risk mitigation strategies? Jim Van Dyke and Al Pascual of Sontiq offer an analysis.
What happens when an e-commerce retailer sends customers a data breach notification email with a subject line that reads "strictly private and confidential"? "Clearly trying to make people stay quiet," responded one unamused Fat Face customer. Others report being none the wiser as to what risks they now face.
Insurance provider CNA reported Tuesday it was victimized over the weekend by a "cybersecurity attack" that caused a network disruption and affected certain systems, including corporate email.
A third-party claims administrator of health and social services programs for the elderly apparently paid a ransom to Netwalker attackers about a month before global law enforcement officials disrupted the gang in January.
As a result of a mail merge mishap, some victims of a recent health data breach received breach notifications that mistakenly addressed them as being a minor or even "deceased." Security experts offer tips on avoiding such mistakes.
Attackers are exploiting a critical remote code vulnerability in F5 Networks' BIG-IP server network traffic security management platform, for which the company released patches on March 10. The vulnerability is considered highly critical.
This edition of the ISMG Security Report features an analysis of the Microsoft Exchange on-premises server hacks – from who might have leaked the vulnerability exploits to how ransomware gangs are taking advantage of the flaws. Also featured: Tackling the cybercrime business model; assessing "zero trust."
Hacking incidents - including ransomware attacks, phishing scams and episodes involving vendors - are still the dominant culprits in major health data breaches being reported to federal regulators so far this year. Why?
As the Biden administration makes final preparations to respond to the attacks against SolarWinds, it's been confronted by a second major cyberthreat: the hacking of Microsoft Exchange servers throughout the U.S. The response to this incident, however, will likely be much different.
It has been an open question as to how a half-dozen hacking groups began exploiting Exchange servers in an automated fashion in the days leading up to Microsoft's patches. But there are strong signs that the exploit code leaked, and the question now is: Who leaked it?
A coalition of 41 state attorneys general has reached a settlement with American Medical Collection Agency in the wake of a 2018 data breach that compromised the data of 21 million individuals and pushed the company to file for bankruptcy.
Billions of documents are exiting the enterprise’s perimeter through unsecured databases – exposing confidential and sensitive data. How many of these data leaks belong to your organization?
David Sygula, CybelAngel Senior Cybersecurity Analyst and Author shares 2020 research, which exposes the source and...
Members of Congress are again calling on the Federal Trade Commission to begin using its existing authority to protect personal health data. In particular, they are demanding the FTC take enforcement action against certain fertility-tracking mobile apps that allegedly violate the decade-old FTC Health Breach...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.