A recently identified Chinese hacking group dubbed Aoqin Dragon has been targeting government, education and telecommunication organizations in Southeast Asia and Australia since 2013 as part of an ongoing cyberespionage campaign, according to research from SentinelLabs.
Microsoft has not yet released patches for two zero-days, Follina and DogWalk, that both exploit vulnerabilities in the Microsoft Windows Support Diagnostic Tool. But the company has released a workaround for Follina, and micropatching service 0Patch has offered a temporary fix for DogWalk.
New malware called Symbiote is affecting Linux operating systems by infecting other running processes to inflict damage on machines, say Intezer security researcher Joakim Kennedy and the BlackBerry Threat Research and Intelligence Team, who jointly conducted the research.
A phishing campaign used stolen credentials to log into Facebook user accounts and send links leading to phishing pages to the victims' friends to harvest their credentials. Researchers detail the evasion techniques the threat actor allegedly used to likely make millions from the scam.
While ransomware, third-party risk, phishing scams and insiders continue as the top threats facing healthcare and public health entities, the sector overall is becoming better prepared to deal with these issues than it was just a few years ago, says Denise Anderson, president and CEO of H-ISAC.
Cyber insurance is getting much tougher to obtain, and coverage for security incidents is not guaranteed even when policies are issued, says attorney Steven Teppler, chair of the privacy and cybersecurity practice of law firm Sterlington PLLC.
Customers, channel partners and technology partners are dealing with a broad range of security concerns spanning the gamut from the sophistication of the threat landscape to the skills shortage. John Maddison, Fortinet's CMO and EVP, products breaks down the most urgent priorities.
Cyber adversaries are embracing defense evasion, triple extortion, wiper malware and the accelerated exploit chain, and that is significantly reshaping the threat landscape that CISOs have to deal with, according to Derek Manky, head of Fortinet's FortiGuard Labs.
The Cuba ransomware group, which has previously targeted U.S. critical infrastructure firms, has updated its malware to "optimize" execution and "minimize" unintended system behavior, says Trend Micro. Researchers at Elastic Security Labs also share malware analysis, TTPs and detection techniques.
One of the most important recent developments by CISA has been the creation of the Joint Cyber Defense Collaborative, which is focused on operational private-public collaboration, says Kiersten Todt, CISA chief of staff.
With rising threats facing critical infrastructure sectors, such as healthcare and financial services, "society as a whole, and the safety of society, is completely dependent on cyber risk" - and being security resilient, says Jeetu Patel of Cisco.
In an organization, people are the ones who develop and sustain organizational strategy. Talented people are discovering that it's possible to leave a toxic environment so they can breathe and thrive. Marco Túlio Moraes explores how to retain both talent and strategy.
CISA says Chinese state-sponsored threat actors are exploiting known vulnerabilities to target public and private companies in the United States, and a related joint advisory from CISA, the FBI and the NSA describes how major telcos and network service providers have been exploited since 2020.
SSNDOB, a darknet marketplace selling stolen Social Security numbers and birthdates, has been shut down, says the U.S. Department of Justice. The takedown was the result of a multiagency effort involving the IRS-CI, the FBI, the DOJ, and law enforcement agencies of Cyprus and Latvia.
The world is a much different place since the previous in-person RSA Conference - and so is the cybersecurity marketplace. Alberto Yépez of Forgepoint Capital shares his view of the state of the industry and the market forces that may cause further change in 2022.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.