The United Nations will commence a hearing for its first-ever global treaty on cybercrime this week to focus on state response to cybercrime and coordinated intelligence sharing. The proposed treaty seeks to legally categorize various cybercrimes and develop a unified international response.
A financially motivated threat actor called Blind Eagle returned from its hiatus and is conducting an ongoing campaign directed at Spanish-speaking targets in the banking industry in Colombia and Ecuador. The hacking group appears to have updated its tools and infection chain.
Potential regulatory policy moves by the federal government could help healthcare entities dedicate more resources to bolstering their cybersecurity efforts, says Greg Garcia, executive director of cybersecurity at the Health Sector Coordinating Council.
In the latest weekly update, ISMG editors discuss how collaboration platform Zoom has strengthened its security features, the implications of a new law on medical device security for patient safety, and details on how a zero-day exploit enabled the ransomware hit on cloud computing firm Rackspace.
Hosting giant Rackspace says the recent ransomware attack resulted in Microsoft Exchange data for 27 customer organizations being accessed by attackers. But it says a digital forensic investigation has found "no evidence" that attackers "viewed, obtained, misused or disseminated emails or data."
Expect the recently leaked database containing over 200 million Twitter records to be an ongoing resource for hackers, fraudsters and other criminals operating online, experts warn. Though 98% of the email addresses have appeared in prior breaches, bad actors can merge databases and do more damage.
Seattle police have charged an online retailer's "shopping experience" software programmer with engineering a fraud scheme based on the movie "Office Space," in which malicious software was used to transfer a fraction of every transaction into an outside account.
Cybercriminals are becoming bolder in their attacks on healthcare entities and in how they're compromising patient data - and that's a very worrisome trend, says Nicholas Heesters of the Department of Health and Human Services' Office for Civil Rights.
Coinbase agreed to a $100 million settlement with the New York financial regulator on Wednesday over cybersecurity lapses and failure to comply with anti-money laundering guidelines that allowed criminals to use the platform for fraud, money laundering and other illicit activities.
A class action lawsuit against LastPass alleges that a data breach in August resulted in the theft of $53,000 in bitcoin. An unnamed plaintiff alleges that negligence in the password management company's data security practices led to the Thanksgiving weekend theft.
Authorized payment scams are on the rise, and banking regulators are putting pressure on financial institutions to do more to protect customers. The biggest challenge is that the customers are driving the process, says Bradley Haacke, vice president and financial crimes director at Fifth Third Bank.
A member of a criminal data breach forum that tried to sell the email addresses of 400 million Twitter users to CEO Elon Musk last month has now posted the stolen data for anyone to download for free. The 63GB of data includes names, handles, creation dates, follower counts and email addresses.
Hundreds of U.S. counties continue to work with pen and paper after a cyberattack on their digital records management vendor last week disrupted methods to view, add and edit government records. The attack slowed the processing of birth certificates, marriage licenses and real estate transactions.
Rackspace says the ransomware-wielding attackers who disrupted its hosted Microsoft Exchange Server environment last month wielded a zero-day exploit, described by CrowdStrike as being "a previously undisclosed exploit method for Exchange," to gain remote, direct access to servers it hosted.
Software supply chain security (SCS) is rapidly gaining unwelcome notoriety as high-impact breaches hit the headlines. Third-party software suppliers SolarWinds, Apache (Log4j), and Kaseya have had far more than fifteen minutes of fame, alerting businesses and governments to the extent of structural weaknesses in the...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.