Universal Health Services Network Outage: Lessons to Learn

Marianne Kolbasuk McGee • October 1, 2020

As Universal Health Services continues to recover from an apparent ransomware incident last weekend that affected system access for hundreds of its facilities, security experts say others can learn important lessons from the company's experience.

Business Continuity Management / Disaster Recovery

HHS Issues Yet Another Big HIPAA Breach-Related Fine

Latest

Cybercrime

Russian Gets 7-Year Sentence for Hacking LinkedIn, Dropbox

Scott Ferguson • September 30, 2020

Yevgeniy Nikulin, a Russian national who was found guilty of hacking LinkedIn and Dropbox and stealing millions of user credentials, has been sentenced to more than seven years in federal prison.

Application Security

Microsoft Issues Updated Patching Directions for 'Zerologon'

Doug Olenick • September 30, 2020

Microsoft has issued additional instructions on how to better implement a patch to fix an elevation of privilege vulnerability called Zerologon in Windows Server that affects the Netlogon Remote Protocol. The update comes as Cisco Talos researchers report a spike in attempts to exploit the flaw.

Endpoint Security

Federal IoT Guidelines Move Closer to Becoming Law

Jeremy Kirk • September 30, 2020

Legislation that establishes minimum security standards for IoT devices procured by the federal government is moving closer to becoming law. A bill has passed the House, and chances are likely better than ever for Senate support following a rewrite of parts of the bill.

COVID-19

Microsoft: Hacking Groups Shift to New Targets

Prajeet Nair • September 30, 2020

Over the last year, nation-state hackers, including those with links to the Russian government, have shifted from targeting critical infrastructure to focusing on think tanks, human rights groups and nongovernment organizations in an attempt to influence public policy, according to Microsoft.

Cloud Security

Cybersecurity Firm McAfee Files for IPO

Mathew J. Schwartz • September 29, 2020

McAfee is set to become a public company once again, with the cybersecurity firm filing for an IPO with the U.S. Securities and Exchange Commission to trade under "MCFE" on the Nasdaq Stock Market. Separately, Ivanti announced that it would buy security firms MobileIron and Pulse Secure.

Next-Generation Technologies & Secure Development

Building Trust in Quantum Computing

Anna Delaney • September 29, 2020

William Dixon of the World Economic Forum is calling for the formation of a "quantum computing security coalition" to help build trust in the technology, which could play a key role in enhancing security.

Cybercrime

Fresh Joker Malware Variant Targeting Android Users

Chinmay Rautmare • September 29, 2020

A fresh round of Joker malware that targets Android users has been found in Google Play as well as third-party app stores, according to reports from Zscaler and Zimperium. The Joker apps can steal SMS messages, contact lists and device information from infected smartphones.

Cyberwarfare / Nation-State Attacks

Federal Judge Temporarily Blocks Trump's TikTok Ban

Prajeet Nair • September 28, 2020

A federal judge Sunday granted TikTok's request for a temporary injunction to block the Trump administration's order that would have banned the Chinese social media app from the U.S. The order came hours before the ban was scheduled to go into effect.

Cloud Security

Microsoft Shutters Azure Apps Used by China-Linked Hackers

Akshaya Asokan • September 26, 2020

Microsoft removed 18 apps from its Azure cloud platform that were being used by hackers as part of their command-and-control infrastructure. The threat group, called Gadolinium, was abusing the infrastructure to launch phishing email attacks, Microsoft researchers say.

Forensics

Warning: Attackers Exploiting Windows Server Vulnerability

Akshaya Asokan • September 25, 2020

Microsoft and the Cybersecurity and Infrastructure Security Agency have issued warnings that a critical vulnerability in Windows Server dubbed "Zerologon" is being actively exploited in the wild. They urge users to immediately apply an available partial patch.

Cyberwarfare / Nation-State Attacks

Facebook Removes More Accounts Linked to Russia

Chinmay Rautmare • September 25, 2020

Facebook is again cracking down on fake accounts and pages linked to a Russian IRA troll farm or the country's military intelligence units that were being used for disinformation campaigns. Meanwhile, the FBI issued a fresh warning that threat actors are attempting to target U.S. voting infrastructure.

Critical Infrastructure Security

Calls Grow to Restore White House Cybersecurity Leader Role

Prajeet Nair • September 25, 2020

The U.S. Government Accountability Office is urging Congress to pass legislation to reestablish a White House cybersecurity coordinator role. The position would coordinate the government's response to online attacks and other cybersecurity challenges facing the nation.