HHS, AHA Warn of Surge in Russian DDoS Attacks on Hospitals

Marianne Kolbasuk McGee • January 30, 2023

Government authorities and industry groups are warning the healthcare sector of ongoing distributed denial-of-service attacks on hospitals and other medical entities by Russian nuisance hacking group KillNet, whose name comes from a tool used to launch DDoS attacks.

Healthcare

The Persisting Risks Posed by Legacy Medical Devices

Latest

Governance & Risk Management

Tenable's $25M Venture Capital Fund Seeks Early-Stage Firms

Michael Novinson • January 30, 2023

Tenable has debuted a $25 million corporate investment program to support prevention-focused startups focused on technologies such as cloud, OT and identity. The Baltimore-area exposure management vendor says Tenable Ventures plans to scour Israel and the United States for startups.

Governance & Risk Management

Are We Doomed? Not If We Focus on Cyber Resilience

Steve King • January 30, 2023

In this episode of "Cybersecurity Unplugged," Patricia Muoio, a partner at SineWave Ventures, discusses the need for cyber resilience as security leaders face the inevitable stream of cybercrimes, how to achieve it through a zero trust approach, and how CISOs and the government can help.

Fraud Management & Cybercrime

ISMG Editors: Why Are Ransomware Profits Dipping?

Anna Delaney • January 27, 2023

In the latest weekly update, four ISMG editors discuss why it pays off to have well-practiced incident response plans, whether ChatGPT is a blessing or a curse for penetration testers and bug bounty hunters, and how Microsoft has reason to be cheerful as security sales hit $20 billion.

Governance & Risk Management

ISACA Survey: Privacy in Practice 2023 Highlights

Anna Delaney • January 26, 2023

ISACA's recently published Privacy in Practice 2023 survey report shares new research related to the privacy workforce, privacy skills, privacy by design and the future of privacy. Expert Safia Kazi shares ways organizations can align privacy goals with business objectives.

Cybercrime

Reported Data Breaches in US Reach Near-Record Highs

Mathew J. Schwartz • January 25, 2023

Data breaches in 2022 hit near-record levels as U.S. organizations issued 1,802 data breach notifications and more than 400 million individuals were affected. But only 34% of breach notifications included actionable information for consumers whose information was exposed.

Cloud Security

Microsoft 365 Cloud Service Outage Disrupts Users Worldwide

Mathew J. Schwartz • January 25, 2023

Microsoft blamed an internal network configuration change for outages that disrupted access to Microsoft 365 services, including Microsoft Teams and Outlook, for users around the world. The change has been rolled back and additional infrastructure added to speed restoration, it says.

Government

VA: Contractors Have 1 Hour to Report a Security Incident

Marianne Kolbasuk McGee • January 24, 2023

An update to acquisition regulations within the Department of Veterans Affairs says that contractors have one hour to report a security and privacy incident. The clock starts ticking after the incident has been discovered. The department says the rule change only codifies an existing requirement.

Endpoint Security

Forescout Gets 4th CEO Since 2020, Hires Barry Mainz

Michael Novinson • January 24, 2023

Forescout will have its fourth CEO since September 2020. It tapped former Malwarebytes COO and MobileIron CEO Barry Mainz to take over as its top leader. The company brought in Mainz to replace Wael Mohamed, who started as Forescout's CEO in March 2021 and announced his departure in October 2022.

Fraud Management & Cybercrime

Ransomware Profits Dip as Fewer Victims Pay Extortion

Mathew J. Schwartz • January 23, 2023

Bad news for ransomware groups: Experts find it's getting tougher to earn a crypto-locking payday at the expense of others. The bad guys can blame a move by law enforcement to better support victims, and more organizations having robust defenses in place, which makes them tougher to take down.

Identity & Access Management

Lessons to Learn From CircleCI's Breach Investigation

Mathew J. Schwartz • January 19, 2023

Essential reading for network defenders: CircleCI's report into its recent breach, which began when malware infected an engineer's laptop. After stealing "a valid, 2FA-backed" single sign-on session cookie, attackers stole customers' secrets and gained unauthorized access to third-party systems.

Fraud Management & Cybercrime

Ransomware Picture: Volume of Known Attacks Remains Constant

Mathew J. Schwartz • January 18, 2023

Ransomware syndicates continue to earn massive profits for criminals while disrupting victims' operations worldwide. Security researchers tracking known victims say their numbers remain unchanged from 2021 to 2022, as attackers tap abundant cybercrime services to help amass fresh victims.

Fraud Management & Cybercrime

Australian Law Firms Cooperate in Medibank Litigation

Jayant Chakravarti • January 17, 2023

Three Australian law firms teamed up in a bid to have private health insurer Medibank pay victims of a data breach caused by Russian ransomware hackers up to $20,000 per person. Hackers late last year staged data leaks of stolen medical treatment data to maximize humiliation.