An anesthesiology practice and an accounting firm are among the latest organizations reporting ransomware-related health data breaches. Meanwhile, other entities and vendors that serve the healthcare sector are dealing with their own challenges and fallout involving recent ransomware incidents.
The year is ending with a cybersecurity bang - not whimper - due to the widespread prevalence of the Apache Log4j vulnerability. Researchers warn that at least 40% of corporate networks have been targeted by attackers seeking to exploit the flaw. More than 250 vendors have already issued security advisories.
Multiple security researchers have spotted threat actors already exploiting the Apache Log4j vulnerability by deploying Muhstik and Mirai botnets to target Linux devices. Their advice: Ensure to remove any existing compromise before patching, and expect this flaw to be exploited for the long term.
The Biden administration has announced that the U.S. and several allies have aligned to create the Export Controls and Human Rights Initiative, which puts stricter criteria around the export of certain offensive cyber tools, particularly those that end up in the hands of authoritarian regimes.
Researchers have developed and released an urgent "vaccine" for a zero-day vulnerability detected in the Java logging library Apache Log4j on Friday. It is reported that the vulnerability is being exploited by advanced persistent threat-level actors.
How serious is the Apache Log4j zero-day vulnerability that was announced to the world on Friday? "It's big," says Sam Curry, chief security officer at Cybereason, which has developed a "vaccine" to help. "I hate hyperbole generally," Curry says. "But it is a 10 on the criticality scale."
A report analyzing the Conti ransomware attack on Ireland's Health Services Executive in May provides insights into factors that played into the attack's impact and offers a list of recommendations on how HSE, as well as other organizations, can be better prepared for such incidents.
A Nov. 16 ransomware attack on Frontier Software leaked "significant personal information" of thousands of South Australian government employees on the dark web, according to a Friday statement by Rob Lucas, treasurer of South Australia.
cloud migration, and the work from anywhere
model are opening up a world of possibilities
for organizations, pushing them to reinvent
core business models and unlock new revenue
On the other hand, from SolarWinds
to the recent Colonial Pipeline attack, it has
The latest edition of the ISMG Security Report features an analysis of how the U.S. military has been "imposing costs" on ransomware groups. Also featured: a twist in the case of the Missouri governor vs. an alleged "hacker," and CyberTheory's Steve King on "why Zero Trust?"
Ifigeneia Lella, cybersecurity officer at ENISA describes findings from the agency's Threat Landscape 2021 report, which assesses the motives, capabilities, targeting and evolution of four different types of threat actors: state-sponsored, cybercrime actors, hacker-for-hire actors and hacktivists.
Since Emotet malware returned last month, it's been dropping the Cobalt Strike penetration-testing tool directly onto infected endpoints shortly after infection, researchers say. The move could be a bid to more rapidly identify high-value systems for targeting with ransomware, some experts warn.
With the support of the recent executive order on improving the nation's cybersecurity, Zero Trust strategy is gaining greater recognition. But there is still a degree of resistance to Zero Trust adoption. Dr, Chase Cunningham, CSO of Ericom, discusses this and other issues around Zero Trust.
Cybersecurity experts worry about attacks and ransomware directed at the 70,000 water and wastewater facilities in the U.S. In November 2020, the Hampton Roads Sanitation District was infected with Ryuk ransomware. Fortunately, its operational technology systems were unaffected, and it recovered.
Critical thinking, systems thinking and design thinking are important elements missing in cybersecurity education today. In this interview, Dan Faughnan, ex- Canadian Security Intelligence Service, discusses how thinking about cyber as part of a broader threat spectrum relates to national security.