North American cybersecurity agencies are warning about a new variant of the Truebot Trojan that collects and exfiltrates information from victims. The new variant attacks a known critical-severity vulnerability - a remote code execution vulnerability in the Netwrix Auditor.
For the third time since the discovery of the MOVEit Transfer application zero-day vulnerability, Progress Software has revealed a new critical SQL injection vulnerability that allows remote attackers to bypass authentication and execute arbitrary code.
Granting third parties access to sensitive data introduces inherent risks that organizations must address effectively. So how does an organization best manage that third-party risk while balancing an organization's inherent need for usability?.
This week, Charming Kitten targeted nuclear experts; over 130,000 solar energy monitoring systems are exposed; organizations confirmed a breach due to the MOVEit zero-day; Russian hackers took over a Ukrainian government agency's Facebook page; and a WordPress plug-in gave admin privileges to users.
Cyber insurance companies gather a lot of information on the cost of breaches, but security organizations need to know the bigger picture. Jack Jones, chairman of the FAIR Institute, discussed identifying risk and evaluating overall costs with the FAIR model.
Financial services organizations face unique cloud security challenges, due to special regulatory, data security and privacy considerations that don't necessarily apply to other industries. Security and payments experts with overlapping skill sets unpack the challenges and how to deal with them.
Federal regulators are once again reminding healthcare entities and their vendors of the importance of using strong multifactor authentication to help fend off hacks and other compromises, but they also warn about avoiding common mistakes with MFA.
The world's top chip manufacturer has dismissed the LockBit 3.0 ransomware gang's hack claim and $70 million ransom. TSMC said the data leak took place at a third-party supplier and contains only certain initial configuration files. It said customer information and operations were not affected.
The U.S. Department of Health and Human Services has notified Congress that the information of at least 100,000 individuals has been compromised in hacking incidents at HHS contractors involving exploitation of a flaw in managed file transfer software MOVEit from Progress Software.
Researchers discovered an undisclosed malware family named EarlyRat being used by a branch of the North Korea-backed Lazarus Group. Kaspersky researchers said they stumbled upon the never-before-seen malware family, which is deployed in Log4j and phishing attacks.
More victims of the Clop ransomware group's supply chain attack against popular file transfer software MOVEit continue to come to light. Security experts say about 150 organizations now appear to have been affected by the attacks, which compromised the personal data of over 16 million individuals.
A firm that provides coding and billing services to healthcare entities has agreed to pay federal regulators a $75,000 fine and implement a corrective action plan in the wake of an exfiltration incident that compromised patient data contained in an unsecured network server.
Security researchers at Censys found hundreds of federally owned devices at 50 different agencies exposed to the internet, accessible through IPv4 addresses and loaded with potentially vulnerable MOVEit and Barracuda Networks' ESG software. The vulnerabilities violate new CISA policy, the firm said.
The tally of organizations affected by the Clop ransomware group's supply chain attack against users of Progress Software's popular MOVEit file transfer software continues to grow. UCLA and New York City schools - including students and staff - are the most recently named victims.
The Securities and Exchange Commission accused SolarWinds CFO Bart Kalsu and CISO Tim Brown of violating securities laws in their response to the 2020 cyberattack. Kalsu and Brown are among "certain current and former executive officers and employees" targeted by the SEC for alleged violations.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.