The Five Eyes intelligence alliance has released a set of the 15 most routinely exploited vulnerabilities in the past year. Nine of the 15 vulnerabilities allow remote code execution, and the rest include privilege escalation, security bypass and path traversal, among other flaws.
The American Dental Association allegedly was hit with an attack by new ransomware group "Black Basta." ADA is the latest medical professional organization to have a cyber incident disrupt services and potentially affect members' information. Tenet Health also experienced a cyberattack last week.
Ransomware group Stormous, in a Telegram post on Monday, said that it has breached and exfiltrated 161GB worth of critical data from beverage manufacturing giant Coca-Cola. The soft drink company has told Information Security Media Group that it is investigating the claim.
The median number of days an attacker dwells in a system before detection fell from 24 days in 2020 to 21 days in 2021, according to a Mandiant report. The biggest year-on-year decline in median dwell time occurred in the APAC region, where it dropped from 76 days in 2020 to 21 days in 2021.
Michael Lines is working with ISMG to promote awareness of the need for cyber risk management, and the CyberEdBoard is posting draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself." This chapter is titled "Recognize Their Attacks."
Tenable has agreed to purchase startup Bit Discovery for $44.5 million to help companies discover, attribute and monitor assets on the internet. The deal will allow Tenable to identify vulnerable internet-facing assets that could be attacked.
How does one decide the right approach to zero trust, and what are some important considerations to keep in mind? A panel of experts - Brett Winterford, Chirag Joshi and Jay Hira - share their in-depth views and discuss issues including how to take an identity-centric zero trust approach.
While major hacking incidents regularly grab headlines, insider threats - including malicious individuals, careless workers and third-party contractors - continue to pose significant and sometimes underestimated risk to healthcare sector entities, federal authorities warn.
Australian software firm Atlassian has issued fixes for a critically rated vulnerability in its Jira software that could allow an unauthenticated attacker to remotely bypass authentication protections in place. Both Jira and Jira Service Management are vulnerable to this bug.
Has your organization been bitten by BlackCat ransomware, aka Alphv? If so, the FBI wants to hear details about how attackers broke in, cryptocurrency wallet addresses used to receive ransoms and other information that could help law enforcement authorities better track and block future attacks.
Two things you know when you sit down to speak to virtual CISO Chris Roberts: You're going to get the truth, and it's unlikely to be polished. He opens up on his passion to do good, and why he believes "mission before money" is the biggest challenge the industry now faces.
The Food and Drug Administration's decision to incorporate "quality systems regulations" into its new draft guidance for premarket medical device cybersecurity is an important development in the scope of the agency's expectations for manufacturers, says Dr. Suzanne Schwartz of the FDA.
In this episode of "Cybersecurity Unplugged," Roger Sels, vice president, solution, EMEA at BlackBerry, discusses the global threat landscape one year after SolarWinds, including cyberthreats from Russia and China; the cyber impact of the Russia-Ukraine war; and the cyber call to action.
The 2021 Dragos ICS/OT Cybersecurity Year in Review report says the number of industrial organizations with external connections to their industrial control systems has doubled, yet 86% of organizations report limited to no visibility of ICS environments. Tom Winston outlines the top challenges.
The U.S. telecom carrier T-Mobile has confirmed that the Lapsus$ ransomware group has breached its internal network by compromising employee accounts. The company says hackers did not steal any sensitive customer or government information during the incident.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.