Following news reports of ransomware attackers targeting QNAP Systems' network-attached storage appliances, encrypting users' data and then demanding a ransom, the company is urging users to immediately install a malware remover and run a malware scan.
Attackers targeting the healthcare sector are frequently exploiting unprotected internet-facing databases and unsecured network devices, including "shadow IT," says David Sygula, a senior analyst at the security firm CybelAngel.
Cisco recently released the 2021 Security Outcomes Study - Small and Midsize Business (SMB) Edition, which revealed a number of somewhat surprising findings about SMBs and how they compare to their larger counterparts.
The Justice Department is creating a task force to tackle the growing threat of ransomware and related extortion schemes. The new group will target the "ransomware criminal ecosystem as a whole," which means prosecuting those behind the attacks as well as those who launder money that's extorted.
More use cases are emerging for self-sovereign identity, which gives individuals more control over their digital identities, according to Heather Dahl and Ken Ebert of Indicio.tech.
The economics of vulnerability discoveries and exploits is always evolving, and knowing those dynamics can provide insights into what attackers are doing, says Casey Ellis of Bugcrowd.
Law enforcement agencies use forensics tools from Israeli company Cellebrite to gain access to locked mobile devices and extract data. But the creator of encrypted messaging app Signal says he's found vulnerabilities in Cellebrite's tools, raising questions about whether the extracted data can be trusted.
The U.S. Cybersecurity and Infrastructure Security Agency has issued an emergency directive requiring executive branch agencies to mitigate by Friday the risks posed by a zero-day vulnerability and three other recently patched flaws in Pulse Connect Secure VPN products.
A second former medical researcher has been sentenced to serve time in federal prison for his part in a conspiracy to steal trade secrets from an Ohio children’s hospital and sell them to China. Meanwhile, the hospital has filed suit, alleging violations of employment provisions involving data security.
SonicWall has patched three zero-day vulnerabilities in the hosted and on-premises versions of its Email Security product after attackers began exploiting them last month. Attackers can exploit the flaws to access email and pivot deeper into organizations' systems, FireEye Mandiant reports.
Ransomware attacks now routinely feature multifaceted extortion efforts, and defenses need to evolve, says Stuart McKenzie of FireEye, who offers an analysis of the findings of the FireEye M-Trends 2021 report.
The U.S. Cybersecurity and Infrastructure Security Agency, Ivanti and FireEye report that federal agencies and other entities have been compromised by two attack groups, with one possibly acting on behalf of the Chinese government. The groups are exploiting vulnerabilities in Ivanti's Pulse Connect Secure.
Given the surge in the use of telehealth during the COVID-19 pandemic - and expectations for continued growth - the Healthcare and Public Health Sector Coordinating Council has unveiled guidance on safeguarding patient data during remote care encounters.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.