Four ISMG editors discuss important cybersecurity issues, including misconceptions around Zero Trust implementation, lessons learned from the crippling NotPetya malware attack of 2017 that nearly sank logistics giant Maersk and how a Russian cyberwar in Ukraine could move beyond its borders.
The latest edition of the ISMG Security Report features an analysis of how Russia's escalation in Ukraine is raising cyber defense alarms. It also describes how a Dark Overlord collaborator received a three-year prison sentence and shares tips for Zero Trust implementation.
A popular British supplier of crisps revealed in a letter to grocery wholesaler Nisa on Wednesday that it had been the victim of a cyberattack. KP Snacks has stopped its orders, causing stores to worry that its products will be in short supply. Ransomware group Conti is allegedly behind the attack.
U.S. DHS Secretary Alejandro Mayorkas confirmed on Thursday that the department is establishing a Cyber Safety Review Board, as directed by President Joe Biden's sweeping cybersecurity executive order signed in May 2021. The board aims to mirror the work of the National Transportation Safety Board.
The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
The Log4j vulnerability exists in unpatched versions of Ubiquiti's UniFi Network applications, and is being actively targeted by attackers via a customized exploit, researchers at security firm Morphisec warn. While updates are available, systems remain at risk until patched.
The House Oversight and Reform Committee today advanced its version of the Federal Information Security Modernization Act of 2022, which entails cybersecurity updates for federal civilian agencies. The bipartisan measure was sent to the full House on a voice vote.
Russia's threat to Ukraine is reshaping notions of what it means to employ cyber operations as part of a conflict. If Russian military forces do invade, experts warn that cyberattacks meant to support military operations and disrupt critical infrastructure may not be restricted to Ukrainian targets.
With tensions mounting in Ukraine, U.S. cybersecurity officials have grown increasingly concerned over the threat of direct cyberwarfare. As such, the U.S. has dispatched its top cyber official, Deputy National Security Adviser Anne Neuberger, to Europe to discuss the Russian threat.
As ransomware and other disruptive security incidents continue to surge, cyberattacks rank as the top health technology hazard in hospital environments this year, say security experts Chad Waters and Juuso Leinonen of patient safety organization ECRI.
In just a month, the BlackCat cybercrime group has carried out high-impact ransomware attacks on international organizations and risen to seventh place in Unit 42's ranking of global ransomware groups. A key factor, researchers say: the use of the Rust language for coding its malware.
In a report published Monday, Symantec's Threat Hunter Team outlines a specific Russian cyberespionage campaign conducted on a Ukrainian network in 2021 - which comes as Russia has amassed 100,000 or more troops at Ukraine's eastern border while it reportedly mulls invasion
U.S. authorities have mixed news for the healthcare and public health sector. The good news: The threat level posed by ransomware-as-a-service gang BlackMatter is reduced. The bad news: Other cybercriminals will undoubtedly fill the gap - if they haven't already.
Attack scans and attempts related to the Log4j flaw may have declined, but some security experts believe the attack vectors will continue to pose a problem up to two years. Also, the Ukraine Computer Emergency Response Team reports Log4j could be a possible attack vector in recent cyberattacks.
Four ISMG editors discuss: how too many organizations fail to implement basic cybersecurity defenses - such as MFA; a proposed lawsuit against health insurer Excellus that calls for an improvement to its data security program; and strategies for securing open-source and other software components.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.