British prosecutors have accused two teenagers of several high-profile hacks while being part of the now-inactive, teenager-dominated Lapsus$ hacking group, clearing the way for their legal prosecution. The two suspects face charges related to blackmail, fraud and Computer Misuse Act violations.
TikTok executives were unable to answer Liberal senator and chair of the committee James Paterson when he questioned them on how many times Australian user data had been accessed by TikTok staff in China, but the executives admitted it had happened.
Configuration management - especially vulnerability patching - is a significant challenge for many healthcare entities, including some Veterans Affairs medical facilities. A recent watchdog agency security inspection found configuration to be a top weakness at a VA healthcare system in Arizona.
Diplomats in Ukraine shopping for used cars have been targeted with a listing for a "very good condition, low-fuel consumption" 2011 BMW 5 Series. In reality, the listing was designed to push Russian-built malware onto diplomats' systems, security researchers warned.
Microsoft released the largest set of patches of the year - software updates for 132 vulnerabilities, including six zero-days. Microsoft rated nine of the flaws as having critical severity, 121 as being important and eight as being linked to critical remote code execution vulnerabilities.
Safe Security purchased the creators of the industry's only open standard for cyber risk quantification to improve the visibility, management and communication of risk. Buying RiskLens will help CISOs answer questions about risk from board members or regulators without talking about products.
The growing list of MOVEit cyberattack victims has grown. Sixty-two clients of Big Four accounting firm Ernst & Young now appear on the Clop ransomware group's data leak site. A spokesperson for Ernst & Young confirmed that a "limited" attack on the company's systems had occurred.
Apple is advising users to remove the software patch released on Monday aimed at fixing a zero-day vulnerability being exploited in the wild. The tech giant said the patch might prevent some websites from displaying properly and that it hopes to release a new patch soon.
Johns Hopkins University and its Johns Hopkins Health System are facing at least two proposed federal class action lawsuits filed in recent days following the institution's disclosure that it was among victims of the recent spate of hacks involving MOVEit file transfer software.
Given the sustained onslaught of cyberattacks against the healthcare industry, organizations can help protect all enterprises simply by sharing advance information, said Steve Hunter, vice president of marketing and development at Health-ISAC. Ensuring anonymity helps users share more freely.
Honeywell plans to purchase an OT security vendor founded by Israel Defense Forces veterans to deliver asset discovery, threat detection and compliance management to industrial organizations. The SCADAfence acquisition will allow Honeywell to offer an end-to-end enterprise OT cybersecurity platform.
Attackers are targeting the weakest link in the supply chain. Because every vendor poses a risk, you need to classify them by risk and track all the data they manage, said Matan Or-El, co-founder and CEO of Panorays, who advised taking a holistic view of your third-party risk program.
Operationalizing security comes down to making it part of the business process, and everyone in the organization must be responsible. Goals and the objectives must be clearly spelled out, including lines of accountability and ownership, said Jason Hart, chief technology officer for EMEA at Rapid7.
Information on up to 11 million patients of hospital chain HCA Healthcare is up for sale on a dark web forum. HCA Healthcare on Monday confirmed an incident involving data theft from an external location used to automate the formatting of email messages but said it is still investigating.
The European Commission has officially adopted the EU-U.S. Trans-Atlantic Data Privacy Framework, which will enable the free flow of commercial data between Europe and the United States. The framework will go into effect in December and will be subject to yearly review by the European Commission.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.