Federal regulators are reminding healthcare organizations about the critical importance of addressing security risks involving legacy systems and devices - including specialty software and gear - that are often difficult for entities to replace. What steps should entities take?
The Conti cybercrime gang, known for ransomware attacks, has reportedly leaked details of world leaders, actors and business tycoons after a strike at jeweler Graff. The organization is working with law enforcement and has informed the U.K.'s Information Commissioner’s Office about the incident.
How is the ransomware ecosystem set to evolve? Since some operations overreached - notably with DarkSide's hit on Colonial Pipeline - "what we're seeing … is that there is going to be a power balance shift," says McAfee's John Fokker, with more affiliates, not gang leaders, calling the shots.
Roya Gordon of Accenture Security describes how rather than hunting for zero-day vulnerabilities, attackers are exploiting N-Day - or known - vulnerabilities. She also discusses how to better synthesize and act on threat intelligence.
The cyber actors suspected of being behind the deployment of ransomware strains such as LockerGoga, MegaCortex and Dharma, among others, are under arrest, after a joint operation involving law enforcement and judiciary agencies from eight countries. The actors are believed to have affected more than 1,800 victims.
National Cyber Director Chris Inglis on Thursday announced that Federal CISO Chris DeRusha will concurrently serve as his deputy at the newly created office. Inglis, a Senate-confirmed top adviser to the president, also released a "statement of strategic intent" outlining his own official duties.
Massachusetts-based UMass Memorial Health is the latest large healthcare network to report an email phishing incident that potentially compromised hundreds of thousands of individuals' protected health information. The unauthorized email access lasted about seven months.
Six national data protection and privacy authorities – from Australia, Canada, Gibraltar, Hong Kong SAR, China and Switzerland - have joined with the U.K. information Commissioner’s Office to issue guidance to video teleconferencing companies on privacy, calling for end-to-end encryption.
OptinMonster, a WordPress plug-in used in more than 1 million websites for sales campaign creation, was vulnerable to high-severity bugs, according to Wordfence researchers. An updated version of the plug-in has patched the flaws.
Four ISMG editors discuss important cybersecurity issues, including law enforcement authorities' disruption of ransomware gang REvil's operations, how to collaborate as an industry to fight the surge in ransomware attacks hitting businesses, and increasing diversity and inclusion in the workplace.
The latest ISMG Security Report features the fallibility of ransomware gangs and why victims should always seek help from a reputable response firm, law enforcement or other qualified expert. Also featured: Data protection advice and why the remote work model might make securing data easier.
The National Rifle Association has reportedly fallen victim to a ransomware attack at the hands of a Russian cybercriminal gang known as Grief. The group has reportedly posted 13 files to its website after claiming to have hacked the gun rights advocacy group.
A ransomware attack on a medical practice management services firm that included the possible "removal" of files containing patient information is among the latest security incidents involving similar third-party vendors.
North Korean advanced persistent threat group Lazarus - aka Hidden Cobra - is developing supply chain attack capabilities using its multiplatform malware framework, MATA, for cyberespionage goals, according to researchers from Kaspersky.
CISA announced that Washington Secretary of State Kim Wyman will be the agency's senior election security lead. She will become a top security official within the Biden administration, inheriting a role that has garnered public attention following interference in 2016 and fraud claims in 2020.