London's Metropolitan Police Service is investigating a serious data breach that may have exposed names, ranks and photographs for potentially all 47,000 personnel, after someone gained "unauthorized access to the IT system" of one of its suppliers.
APIs are susceptible to various security threats and vulnerabilities, but by adopting robust API runtime protection strategies, organizations can mitigate risks and ensure the ongoing availability, integrity and confidentiality of their APIs. Here are five reasons to provide APU runtime protection.
Ransomware and data exfiltration attacks continue to stick victims with serious bills to cover cleanup, legal and other resulting costs - to the tune of $10.8 million and counting for cloud computing giant Rackspace, for one. Rackspace was hit by the Play ransomware group last year.
Venture-backed cloud security firm Wiz swallowing up publicly traded endpoint security firm SentinelOne would be one of the most unorthodox and surprising acquisitions the cybersecurity industry has ever seen. But despite the major financial hurdles, the potential technology synergies are obvious.
APIs have become increasingly popular as they are used to connect different systems, services and applications. But this makes them an attractive target for cybercriminals who want to exploits flaws and access sensitive data. Here are five critical reasons you need to conduct API security testing.
A backdoor Trojan known as SmokeLoader is deploying a customized Wi-Fi scanning executable to triangulate the location of infected Windows devices. The malware, dubbed "Whiffy Recon," uses nearby Wi-Fi access points as a data point for Google's geolocation API.
Researchers spotted North Korean state hackers deploying a more compact remote access Trojan through a flaw in IT service management software in a campaign affecting European and U.S. critical infrastructure. Cisco Talos said the Lazarus Group in May started to deploy a Trojan it named QuiteRAT.
In the latest weekly update, ISMG editors discuss the shifting dynamics of cyber insurance, why APAC is approaching privacy regulations around emerging technologies, and how U.S. authorities charged the co-founders of cryptocurrency mixer Tornado Cash with money laundering.
Chinese state hackers are targeting Taiwanese organizations, likely for espionage, in a difficult-to-detect campaign that relies on Windows utilities. Microsoft dubbed the threat actor Flax Typhoon in a Thursday blog post and said the hackers seek persistence, lateral movement and credential access.
Four years ago, federal regulators started sending a message to healthcare entities about the need to give patients timely access to their health records. Insurer UnitedHealthcare, the 45th firm penalized for potential "right to access" violations, agreed to an $80,000 fine and corrective action.
A new healthcare-focused research agency is seeking proposals for innovative cybersecurity technologies that can apply a national security approach to protecting this highly targeted civilian industry. Today's off-the-shelf software is falling short, the agency said.
Spain is set to launch Europe's first-ever artificial intelligence regulatory agency as the trading bloc finalizes legislation meant to mitigate risks and ban AI applications considered too risky. Madrid said its goal is to foster AI that is "inclusive, sustainable, and centered on citizens."
Third-party targeting by attackers has intensified due to the interconnectedness of the business world, enabling adversaries to exploit intermediaries for access. With the surge in cloud adoption, visibility in the cloud is paramount, advised Levi Gundert, chief security officer at Recorded Future.
Secure access service edge has evolved significantly over the past four years, transforming from a relatively new idea into a well-defined and widely discussed framework for network and security architecture. NetWitness focuses on integration rather than offering a SASE product.
While a significant number of attacks are not yet AI-driven, there's a noticeable shift in the creation of generative malware and lures for business email compromise, warned Ashan Willy, CEO at Proofpoint. LLMs are being used to create enticing lures in foreign languages to target broader audiences.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.