In the latest weekly update, ISMG editors discussed the potential role of AI in cloud security, how the recent cyberattack on Microsoft by Russian state hackers highlighted the vulnerabilities associated with legacy systems, and how to secure APIs in the age of zero trust.
Welcome to "Cyber Fail," where our experts uncover fails so we can all strengthen our defenses. Today, we examine what happens when ransomware groups get careless, application developers' laissez-faire attitude toward vulnerabilities, and the security woes of a beleaguered crypto exchange.
Delivering more proof that the Log4Shell vulnerability is endemic, Akamai researchers detected botnet malware updated to use the flaw as an infection vector. Log4Shell burst into public awareness in late 2021 when security researchers identified a flaw in the ubiquitous Apache Log4J 2 Java library.
Proposed legislation called the "snoopers' charter," which would allow British intelligence agencies to collect data on a large scale, cleared further parliamentary scrutiny this week despite mounting criticism from privacy advocates, watchdog groups and technology companies.
Two Chicago hospitals are navigating the effects of recent cyberattacks. One, a children's hospital, has taken its IT network offline to respond to an incident, and the other, a nonprofit safety-net hospital, is being shaken down by cybercriminals asking for a hefty ransom in return for stolen data.
The United States sanctioned senior leaders of the Iranian government cyber unit responsible for carrying out malicious cyber campaigns against American critical infrastructure sectors. The sanctions are a direct response to hacks against water system operators that use Israeli systems and software.
U.S. federal agencies have until midnight Friday to disconnect Ivanti VPN devices and perform a factory reset before reconnecting them to the network. Fifteen agencies use the gateways, which were hit by likely Chinese hackers in an espionage campaign and are riddled with zero-day vulnerabilities.
The number of victims who opt to pay a ransom appears to have declined to a record low. During the last three months of 2023, an average of 29% of organizations hit by ransomware paid a ransom - a notable shift from what ransomware watchers saw in recent years.
Uber must pay a fine of 10 million euros to the Dutch data protection authority after the agency found the ride-hailing app maker had not been transparent about how long it kept driver data and which employees outside of Europe had access to the data.
A federal jury said Wednesday that Palo Alto Networks directly violated another cybersecurity firm's patent rights for a "threat intelligence gateway" network security technology and awarded Centripetal Networks more than $150 million in the verdict.
A top U.S. banking lobbyist told a Senate panel Thursday there are limits to what financial institutions can do to stop scammers from draining individual banking accounts and called on regulators such as the Federal Communications Commission to do more to combat caller ID spoofing.
The Federal Trade Commission is the latest regulatory agency taking action against fundraising and customer relationship management software provider Blackbaud in the aftermath of a 2020 ransomware incident that compromised the data of tens of thousands of clients and millions of consumers.
This week, former CIA programmer gets 40-year sentence, zero trust prevents widespread damage, possible ransomware attack in Georgia, alleged hacker detained in Ukraine, USB-spread malware in Italy, LockBit attack on non-bank home mortgage lender, and Ukrainian critical infrastructure disrupted.
Okta announced layoffs amounting to 7% of its workforce in a restructuring that will cost 400 employees their jobs. Thursday's disclosure is the second round of layoffs the company has undergone in the past 12 months. CEO Todd McKinnon said the cuts are needed to run Okta with "greater efficiency."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.