Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Securing Healthcare ...

 Cybersecurity News

In today's digital age, healthcare data has become a prime target for cybercriminals. With a single health record fetching up to $1,000 on the dark web, Chief Information Security Officers (CISOs) in the healthcare sector face unprecedented challenges. Healthcare data's comprehensive nature makes it a   show more ...

high-value commodity on the dark web, attracting cybercriminals seeking to exploit outdated IT systems and ransomware vulnerabilities. With the help of Cyble's skilled threat intelligence researchers, we offer dark web monitoring insights for CISOs, delving into the dark web's lure for healthcare data, the risks presented by healthcare data breaches, and the essential steps CISOs must take to secure sensitive information. Dark Web's Allure for Healthcare Data The dark web, defined as that part of the web that is excluded from search engines and can often only be accessed through specialized browsers like Tor, has become a hub for the illicit activities of cybercriminals. The dark web's anonymity provides a safe haven for illegal activities and an ideal setting for the sale of stolen healthcare data. A single health record can fetch a price as high as $1,000, exceeding the value of credit card or Social Security numbers. In an article on its website, the American Hospital Association Center for Health Innovation cites data from an IBM Security study, stating: In fact, stolen health records may sell up to 10 times or more than stolen credit card numbers on the dark web. Unfortunately, the bad news does not stop there for health care organizations — the cost to remediate a breach in health care is almost three times that of other industries — averaging $408 per stolen health care record versus $148 per stolen non-health record. [caption id="attachment_82826" align="alignnone" width="1721"] Post on BreachForums alleging breach of HealthCare.gov[/caption] According to Cyble Research and Intelligence Labs (CRIL), outdated IT infrastructure and operating systems in many healthcare organizations leave them vulnerable to cyberattacks. The COVID-19 pandemic has further exacerbated these risks by necessitating remote work and creating new security gaps. Cybercriminals have developed a sophisticated multi-tiered business model for stolen healthcare data, making it difficult for law enforcement to trace the source. Illegally obtained data is commoditized and sold, with the price varying based on the potential value to the buyer. This data is often combined with other information to create complete patient profiles, which are then sold for various fraudulent activities. The comprehensive nature of healthcare data records and its richness in personal information makes it a goldmine for identity theft and insurance fraud - and a threat that healthcare CISOs need to stay on top of. Ransomware Disruptions to Healthcare Ransomware attacks have become a profitable venture for cybercriminals, with healthcare organizations prime targets due to the critical nature of their services and the high value of patient data. These disruptions can lead to compromised patient care, increased mortality rates, and severe financial and operational consequences. [caption id="attachment_82820" align="alignnone" width="2076"] Source: Cyble Threat Landscape Report 2024 (Emerging Threats to the U.S. Healthcare Sector in 2024)[/caption] According to data from the Director of National Intelligence, ransomware attacks on healthcare providers have surged, with an increase of up to 128 percent in the U.S. alone, with 258 victims in 2023 compared to 113 victims in 2022. The study found that LockBit and ALPHV/BlackCat were the two most "popular RaaS providers" and were responsible for more than 30 percent of all reported healthcare attacks that had occurred worldwide. [caption id="attachment_82831" align="alignnone" width="2096"] Source: dni.gov[/caption] These attacks not only disrupt services but also lead to increased patient stay lengths, delays in medical procedures, and in some cases, higher mortality rates, substantial financial costs, potential HIPAA violations and even reputational damage to the healthcare institute. And the data stolen in these attacks often winds up for sale on the dark web. The DNI's study stated, "US hospitals have delayed medical procedures, disrupted patient care because of multi-week outages, diverted patients to other facilities, rescheduled medical appointments, and strained acute care provisioning and capacity as a result of ransomware attacks." [caption id="attachment_82821" align="alignnone" width="1906"] Source: Cyble Threat Landscape Report (Emerging Threats to the U.S. Healthcare Sector in 2024)[/caption] Cybercriminals employ various tactics in healthcare ransomware attacks, including: Phishing emails with malicious links Complex attacks designed to maximize damage Encrypting personal health information (PHI) Exploiting vulnerabilities in medical devices Protecting the Healthcare Sector As healthcare data becomes increasingly valuable on the dark web, CISOs must remain vigilant and proactive. By implementing robust security measures, educating staff, and empowering patients, healthcare organizations can better protect sensitive information from cyber threats. Educating healthcare staff on data handling: The persistent targeting of the healthcare industry highlights the vital need for cybersecurity training efforts. Staff must be educated on identifying phishing attempts, using secure authentication practices like MFA, complying with HIPAA and other laws, and adhering to mobile and other device security policies. A visible and accessible healthcare security team, supported by proactive leadership, can foster a culture where security is everyone's responsibility. Patient involvement in protecting healthcare data: Patients also have a role to play in the protection of healthcare data - they should actively review health records, use secure healthcare channels, and report any suspicious activities to healthcare providers. Monitoring the dark web: Tools such as Cyble’s dark web monitoring solution offer early breach detection capability and AI-powered threat tagging, enabling CISOs to identify threats and breaches earlier to address and contain problems faster. Comprehensive logging of healthcare systems: Comprehensive logging of your healthcare systems can help CISOs and security staff track and analyze potential security incidents. Strong access controls: Implementing strong access controls for critical healthcare systems, including role-based access control (RBAC), Multi-factor authentication and the principle of least privilege, can help prevent hacker access to sensitive data. Regularly reviewing and updating access controls can help ensure compliance with changing security requirements. Data encryption: Encrypting sensitive healthcare data in transit and at rest using industry-standard encryption protocols (e.g., SSL/TLS, AES) can help protect that data from unwanted access. Secure mobile devices: Developing and enforcing a mobile device security policy should include best practices for device configuration, password management, and data encryption for mobile devices used within the healthcare environment. Network segmentation: Implementing network segmentation can isolate critical healthcare systems and reduce the attack surface. Keep software, firmware, and applications updated: Establishing a regular update schedule for software, firmware, and applications used in healthcare systems can help keep threat actors out of your systems. Implement automated update mechanisms where possible to minimize downtime and ensure timely patching of vulnerabilities. Monitoring the Dark Web for Healthcare Data Healthcare CISOs can do a lot to protect patient data and keep it off the dark web by isolating and securing critical systems and encrypting data. But in the event that some data does leak out, dark web monitoring solutions are your best bet for an early warning.

image for UK Teen Arrested for ...

 Ransomware News

A 17-year-old from Walsall, England, has been apprehended in connection with the infamous Scattered Spider ransomware syndicate. The teen suspect was taken into custody on charges of blackmail and violation of the Computer Misuse Act. The teen, whose identity remains undisclosed due to his age, allegedly played a key   show more ...

role in the Scattered Spider cybercrime group that wreaked havoc on numerous high-profile organizations worldwide, including MGM Resorts. Officers from the West Midlands Regional Organized Crime Unit (ROCUWM), in tandem with the U.K.'s National Crime Agency and the FBI, executed a search warrant at the teen’s residence. Digital devices seized during the operation will undergo forensic analysis. While the suspect has been released on bail, the arrest marks a significant milestone in a global investigation targeting a cybercrime network responsible for extorting millions of dollars from victims worldwide. Scattered Spider Investigation Spanned Continents Detective Inspector Hinesh Mehta, who heads the ROCUWM Cyber Crime Unit, underscored the complexity of the investigation, which spanned continents. He warned potential cybercriminals that law enforcement possesses the capabilities to track them down, regardless of their location. "These cyber groups have targeted well known organisations with ransomware and they have successfully targeted multiple victims around the world taking from them significant amounts of money. We want to send out a clear message that we will find you. It’s simply not worth it.” - DI Hinesh Mehta, Head of WM Cyber Resilience Centre Echoing Mehta’s sentiments, Bryan Vorndran, Assistant Director of the FBI’s Cyber Division, praised the collaborative efforts between law enforcement agencies and private sector entities. “The FBI, in coordination with its partners, will continue to relentlessly pursue malicious actors who target American companies, no matter where they may be located or how sophisticated their techniques are,” Vorndran said. Who is Scattered Spider and What was the MGM Resorts Attack? Scattered Spider, a relatively new player on the ransomware scene, has rapidly ascended in notoriety. This loosely organized criminal collective is known for its audacious attacks on high-profile targets and has inflicted substantial financial losses on businesses worldwide. Their modus operandi often involves a combination of social engineering, phishing, and exploiting vulnerabilities to infiltrate target networks. The group is suspected of collaborating with other cybercrime syndicates, including the notorious ALPHV ransomware gang, to enhance their capabilities. The MGM Resorts attack, a high-profile incident attributed to Scattered Spider, caused significant disruption to the casino gaming giant’s operations. The hackers gained initial access through a social engineering attack, posing as a legitimate employee to bypass security measures. Once inside the network, they deployed ransomware, encrypting critical systems and demanding a hefty ransom. MGM Resorts, demonstrating resilience, opted not to pay the ransom and instead focused on restoring its systems with the assistance of law enforcement. MGM Resorts expressed gratitude for the law enforcement’s efforts after the UK teen's arrest. “We’re proud to have assisted law enforcement in locating and arresting one of the alleged criminals responsible for the cyberattack against MGM Resorts and many others," MGM said. “We know first-hand the damage these criminals can do and the importance of working with law enforcement to fight back. By voluntarily shutting down our systems, refusing to pay a ransom and working with law enforcement on their investigation and response, the message to criminals was clear: it’s not worth it," it added. Microsoft, a technology giant often at the forefront of cybersecurity, applauded the arrest, viewing it as a deterrent to other cybercriminals. The company reiterated its dedication to combatting cyber threats through collaboration with both public and private sector partners. The arrest of the 17-year-old marks a crucial step in dismantling Scattered Spider. However, the group’s decentralized structure and the involvement of potential international collaborators suggest the challenge of completely eradicating this threat is far from over.

image for The Dumbest Thing in ...

 Firewall Daily

In a week that saw a cryptocurrency exchange lose $235 million to hackers and a botched migration that led to the takeover of four crypto company domains, CrowdStrike (CRWD) topped them all with possibly the biggest self-own of all time. CrowdStrike basically bricked the internet overnight with a single faulty channel   show more ...

update file for Windows machines, in the process grounding flights, knocking banks offline and wreaking havoc with healthcare and other critical infrastructure. It will likely turn out to be the biggest cyber event or if you want to say the biggest "technical outage" ever, at least up until now. And as the fix requires each machine to be manually rebooted, it will likely take days to clean up the damage. Pity your local IT admins, because they may be headed for a long weekend of cleanup. One assessment of how bad the cleanup is going to be was viewed on X more than 2 million times: [caption id="attachment_82868" align="aligncenter" width="701"] Source: X[/caption] It will take time to assess the full damage and costs, but as CrowdStrike stock lost about $8 billion in market cap today, Wall Street traders are certainly expecting some lasting fallout. It’s not clear how much of this cyber insurance might cover (and what will happen to premiums as a result), but given the scale of affected machines and organizations, the cost will be astronomical at least in terms of lost productivity and staff time. In the meantime, the CrowdStrike incident has at least been worth a lot of good memes: CrowdStrike’s Reach Is Part of the Problem Interestingly, a similar incident hit McAfee in 2010 – when CrowdStrike CEO George Kurtz was CTO of McAfee. He apparently got the inspiration to launch CrowdStrike from there. CrowdStrike is, in my analysis, a Top 5 Endpoint Detection and Response (EDR) vendor, based on years of following independent testing from MITRE and other organizations. What sets the company apart is its incident response capabilities – and overburdened security teams value rapid cleanup more than they do top security. CrowdStrike has moved into many other cybersecurity markets over the years, and its ability to market itself as a leading-edge security vendor has enabled it to land some very large customers with equally large security needs. Among the company’s 29,000 customers are 298 of the Fortune 500, 8 of the top 10 technology companies, 8 of the 10 largest financial services firms, and 6 of the 10 largest healthcare providers, and 7 of the 10 largest manufacturers. When you look at it that way, it’s easy to see why a single improperly formatted file could bring down the global internet. So What the Heck Happened in the CrowdStrike Outage? According to CrowdStrike’s own explanation of events, a single channel file ("C-00000291*.sys" with timestamp of 0409 UTC) led to all the problems. That file has been submitted to VirusTotal – and no security vendors have flagged it as malicious yet, supporting CrowdStrike’s claim that the invalidly formatted file is not the result of a cyber attack. However, to assuage customers, CrowdStrike will have to explain how the file got past QA checks – and what the company will do to avoid a similar incident in the future. Interestingly, CrowdStrike may share one thing in common with another one of the week’s facepalm events – the Squarespace crypto domain hijacking – as rushed development processes that weren’t given adequate quality and security checks may well be a central factor in both events. What led to the $235 million crypto theft has yet to be adequately explained. Fixing the CrowdStrike BSOD CrowdStrike offers these instructions for Windows machines hit by the “blue screen of death” (BSOD): Reboot the host to give it an opportunity to download the reverted channel file. If the host crashes again, then: Boot Windows into Safe Mode or the Windows Recovery Environment NOTE: Putting the host on a wired network (as opposed to WiFi) and using Safe Mode with Networking can help remediation. Navigate to the %WINDIR%System32driversCrowdStrike directory Locate the file matching “C-00000291*.sys” and delete it. Boot the host normally. Bitlocker-encrypted hosts may require a recovery key. As one observer wryly noted, “As a bonus, today we learn who responsibly manages Bitlocker recovery keys.” Microsoft Azure Hit in Separate Incident Not surprisingly, Microsoft was hit by a number of incidents across Windows machines and Microsoft 365 apps, services and Cloud PCs. At the same time, Microsoft was hit by a separate Azure outage, as the company noted in a service update. “We are aware of an issue that started on July 18, which resulted in customers experiencing unresponsiveness and startup failures on Windows machines using the CrowdStrike Falcon agent, affecting both on-premises and various cloud platforms (Azure, AWS, and Google Cloud),” the Azure update said. “It’s important to clarify that this incident is separate from the resolved Central US Azure outage (Tracking Id: 1K80-N_8). Microsoft is actively providing support to assist customers in their recovery on our platforms, offering additional guidance and technical assistance.” Microsoft explained the cause of the Azure service degradation: “We determined that a backend cluster management workflow deployed a configuration change causing backend access to be blocked between a subset of Azure Storage clusters and compute resources in the Central US region. This resulted in the compute resources automatically restarting when connectivity was lost to virtual disks hosted on impacted storage resources.” What’s Next After the CrowdStrike Outage? The CrowdStrike cleanup will be involved and costly, and once it’s done, customers – and those affected by CrowdStrike customers – will want a thorough accounting of the incident, along with concrete steps to make sure it doesn’t happen again. Until then, expect to see more memes – including the company’s own marketing materials used against it, as in this Mastodon post from Microsoft security researcher Kevin Beaumont:

image for Global outage of Mic ...

 Business

Ever heard the unspoken rule: Never release on Friday? We have, but CrowdStrike hasnt. They released a tiny driver on an ordinary Friday morning, which became the cause of a huge outage all over the world. An incorrect update for CrowdStrikes EDR (Endpoint Detection and Response) solution has affected Windows devices   show more ...

around the world — giving corporate users the Blue Screen of Death (BSOD). The failure has affected, for example, airport information systems in the US, Spain, Germany, the Netherlands and other countries. Who else was affected by CrowdStrikes Friday release and how to roll back bricked computers — all in this post… What happened It all started early Friday morning with corporate users around the world reporting problems with Windows. At first, a glitch in Microsoft Azure was blamed, but later CrowdStrike confirmed that the root cause was in the csagent.sys or C-00000291*.sys driver for its CrowdStrike EDR. And it was this driver that caused an abundance of silly office photos showing off the (dreaded) blue screens. Blue screen of death on all computers = a day off for airport linemen If we wanted to list everyone affected by this outage, such a list sure wouldnt fit into this post – or dozens of them. So instead well briefly cover the main victims of CrowdStrikes negligence. Airline companies, airports, and people who want to either go home or go off on a long-awaited vacation were the most affected: Londons Heathrow Airport, like many others, announced flight delays due to a technology glitch; Scandinavian Airlines posted a notice on its website saying, Some customers may experience difficulties with their bookings due to an IT issue affecting several countries. SAS is fully operational but delays are expected; In New Zealand, banking, communications and transportation systems are experiencing problems. Various medical centers, chain stores, the New York subway, the largest bank in South Africa and many other organizations that make lives more comfortable and convenient on a daily basis were affected. The fullest list of those affected by the outage we can find is here — and its growing by the minute. How to fix it At this stage, its rather problematic estimating how long itll take to fully restore the affected computers around the world. Things are complicated by the fact that users need to manually reboot their computers in Safe Mode. And in large corporations, this is usually impossible to do on your own without the help of a system administrator. Nevertheless, here are the instructions for how to get rid of the blue screen of death caused by the CrowdStrike driver update: Boot your computer in Safe Mode; Go to C:WindowsSystem32driversCrowdStrike; Locate and delete the csagent.sys or C-00000291*.sys file; Restart your computer in normal mode. And while your sysadmins are doing this, you could use a hack thats come out of India today: employees of one of the countrys airports have started filling out boarding passes… manually. India isnt too worried about the global disruption. Source How the failure could have been avoided Avoiding this situation should have been straightforward. First, the update shouldnt have been released on a Friday. This is as per a rule thats been known to all in the industry since the year dot: if an error occurs, theres too little time to fix it before the weekend, so the system administrators at all companies affected need to work over the weekend to fix things. Its important to be as responsible as possible about the quality of updates released. We at Kaspersky launched a program back in 2009 to prevent mass failures such as this one at our customers, and passed an SOC 2 audit, which confirms the security of our internal processes. For 15 years now, every update has been subjected to multi-level performance testing on various configurations and operating system versions. This allows us to identify potential problems in advance and resolve them on the spot. The principle of granular releases should be followed. Updates should be distributed gradually, not all at once to all customers. This approach allows us to react instantly and stop an update if necessary. If our users have a problem, we register it, and its solution becomes a priority at all levels of the company. As with cybersecurity incidents, in addition to fixing the visible damage, you need to find the root cause to prevent these types of problems repeating in the future. Its necessary to check software updates on test infrastructure for operability and errors before rolling them out to the companys combat infrastructure, and to implement changes gradually — continually monitoring for possible failures. Incident handling should be based on an integrated approach to building protection from a trusted supplier with the strictest internal requirements for the security, quality and availability of its services. The basis for this work can be the Kaspersky Next line of solutions. This will help your company not only stay afloat — but also increase the efficiency of your information security system. This can be done either gradually — increasing protection step by step — or all in one go. Protect your infrastructure today with us so that the next global outage doesnt affect your customers. And we, for our part, can help you make this decision: switch to Kaspersky and unlock two years of Kaspersky Next EDR Optimum for the price of one. Experience the pinnacle of robust, reliable cybersecurity protection!

image for Global Microsoft Mel ...

 A Little Sunshine

A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online. Crowdstrike said a fix has been deployed, but experts say the recovery from this   show more ...

outage could take some time, as Crowdstrike’s solution needs to be applied manually on a per-machine basis. A photo taken at San Jose International Airport today shows the dreaded Microsoft “Blue Screen of Death” across the board. Credit: Twitter.com/adamdubya1990 Earlier today, an errant update shipped by Crowdstrike began causing Windows machines running the software to display the dreaded “Blue Screen of Death,” rendering those systems temporarily unusable. Like most security software, Crowdstrike requires deep hooks into the Windows operating system to fend off digital intruders, and in that environment a tiny coding error can quickly lead to catastrophic outcomes. In a post on Twitter/X, Crowdstrike CEO George Kurtz said an update to correct the coding mistake has been shipped, and that Mac and Linux systems are not affected. “This is not a security incident or cyberattack,” Kurtz said on Twitter, echoing a written statement by Crowdstrike. “The issue has been identified, isolated and a fix has been deployed.” Posting to Twitter/X, the director of Crowdstrike’s threat hunting operations said the fix involves booting Windows into Safe Mode or the Windows Recovery Environment (Windows RE), deleting the file “C-00000291*.sys” and then restarting the machine. The software snafu may have been compounded by a recent series of outages involving Microsoft’s Azure cloud services, The New York Times reports, although it remains unclear whether those Azure problems are at all related to the bad Crowdstrike update. A reader shared this photo taken earlier today at Denver International Airport. Credit: Twitter.com/jterryy07 Reactions to today’s outage were swift and brutal on social media, which was flooded with images of people at airports surrounded by computer screens displaying the Microsoft blue screen error. Many Twitter/X users chided the Crowdstrike CEO for failing to apologize for the massively disruptive event, while others noted that doing so could expose the company to lawsuits. Meanwhile, the international Windows outage quickly became the most talked-about subject on Twitter/X, whose artificial intelligence bots collated a series of parody posts from cybersecurity professionals pretending to be on their first week of work at Crowdstrike. Incredibly,Twitter/X’s AI summarized these sarcastic posts into a sunny, can-do story about Crowdstrike that was promoted as the top discussion on Twitter this morning. “Several individuals have recently started working at the cybersecurity firm Crowdstrike and have expressed their excitement and pride in their new roles,” the AI summary read. “They have shared their experiences of pushing code to production on their first day and are looking forward to positive outcomes in their work.” The top story today on Twitter/X, as brilliantly summarized by X’s AI bots. Matt Burgess at Wired writes that within health care and emergency services, various medical providers around the world have reported issues with their Windows-linked systems, sharing news on social media or their own websites. “The US Emergency Alert System, which issues hurricane warnings, said that there had been various 911 outages in a number of states,” Burgess wrote. “Germany’s University Hospital Schleswig-Holstein said it was canceling some nonurgent surgeries at two locations. In Israel, more than a dozen hospitals have been impacted, as well as pharmacies, with reports saying ambulances have been rerouted to nonimpacted medical organizations.” In the United Kingdom, NHS England has confirmed that appointment and patient record systems have been impacted by the outages. “One hospital has declared a ‘critical’ incident after a third-party IT system it used was impacted,” Wired reports. “Also in the country, train operators have said there are delays across the network, with multiple companies being impacted.” This is an evolving story. Stay tuned for updates.

 Malware and Vulnerabilities

With over 150 organizations in 25 countries affected, Qilin's sophisticated tactics include exploiting vulnerabilities, using tools like Mimikatz for privilege escalation, and evading defenses by deleting logs and using PowerShell commands.

 Malware and Vulnerabilities

The malware's driver was signed by Microsoft but attributed to a suspicious Chinese company, Hubei Dunwang Network Technology Co., Ltd. The company exploited Microsoft's driver code-signing requirements to obtain an Extended Verification certificate.

 Govt., Critical Infrastructure

The Cybersecurity and Infrastructure Security Agency (CISA) has appointed new leaders to its cybersecurity division and stakeholder engagement role to enhance national cyber defenses and foster collaboration between the public and private sectors.

 Trends, Reports, Analysis

The number of US data breach victims in Q2 2024 increased annually by over 1000%, despite a 12% decrease in the actual number of incidents in those three months, according to the Identity Theft Resource Center (ITRC).

 Malware and Vulnerabilities

A critical vulnerability (CVE-2024-36991) in Splunk Enterprise on Windows is considered more severe than initially thought, allowing attackers to grab passwords. Various proof-of-concept exploits have been published.

 Feed

Ubuntu Security Notice 6896-4 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless   show more ...

driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6898-3 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software   show more ...

RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6895-3 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the HugeTLB file system   show more ...

component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service.

 Feed

Ubuntu Security Notice 6902-1 - It was discovered that the Apache HTTP Server incorrectly handled certain handlers configured via AddType. A remote attacker could possibly use this issue to obtain source code.

 Feed

Red Hat Security Advisory 2024-4644-03 - An update for qt5-qtbase is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

 Feed

Red Hat Security Advisory 2024-4643-03 - An update for libndp is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.

 Feed

Red Hat Security Advisory 2024-4634-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

 Feed

Red Hat Security Advisory 2024-4633-03 - An update for 389-ds-base is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include denial of service and heap overflow vulnerabilities.

 Feed

Red Hat Security Advisory 2024-4626-03 - An update is now available for Red Hat OpenShift GitOps v1.11.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a traversal vulnerability.

 Feed

Red Hat Security Advisory 2024-4621-03 - An update for qt5-qtbase is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

 Feed

Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets. "A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million," the company said in a statement. "This wallet was operated utilizing the services of Liminal's digital asset custody and

 Feed

Event Overview The "AI Leaders Spill Their Secrets" webinar, hosted by Sigma Computing, featured prominent AI experts sharing their experiences and strategies for success in the AI industry. The panel included Michael Ward from Sardine, Damon Bryan from Hyperfinity, and Stephen Hillian from Astronomer, moderated by Zalak Trivedi, Sigma Computing's Product Manager. Key Speakers and Their

 Feed

Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. have become the target of a "sustained campaign" by the prolific China-based APT41 hacking group. "APT41 successfully infiltrated and maintained prolonged, unauthorized access to numerous victims' networks since

 Feed

SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to access sensitive information or execute arbitrary code. Of the 11 vulnerabilities, seven are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0. The remaining four weaknesses have been rated High in severity, with each of them having a CVSS

 Feed

Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty update pushed out by cybersecurity company CrowdStrike. "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts," the company's CEO George Kurtz said in a statement. "Mac and Linux hosts are not impacted. This is

 Feed

Two Russian nationals have pleaded guilty in a U.S. court for their participation as affiliates in the LockBit ransomware scheme and helping facilitate ransomware attacks across the world. The defendants include Ruslan Magomedovich Astamirov, 21, of Chechen Republic, and Mikhail Vasiliev, 34, a dual Canadian and Russian national of Bradford, Ontario. Astamirov was arrested in Arizona by U.S. law

 Feed

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  In the current cyber threat landscape, the protection of personal and corporate identities has become vital.

 Feed

A suspected pro-Houthi threat group targeted at least three humanitarian organizations in Yemen with Android spyware designed to harvest sensitive information. These attacks, attributed to an activity cluster codenamed OilAlpha, entail a new set of malicious mobile apps that come with their own supporting infrastructure, Recorded Future's Insikt Group said. Targets of the ongoing campaign

 Airlines

Source: www.databreachtoday.com – Author: 1 Incident & Breach Response , Security Operations CrowdStrike Confirms Faulty Software Update for Falcon Sensor, Is Deploying Fix Prajeet Nair (@prajeetspeaks) , Mathew J. Schwartz (euroinfosec) • July 19, 2024     Image: CrowdStrike Banks, airlines, major   show more ...

media firms and others are experiencing business disruptions due to a mass, global […] La entrada Banks and Airlines Disrupted as Mass Outage Hits Windows PCs – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Governance & Risk Management , Healthcare , Industry Specific Securing Healthcare: Minimizing Risk in an Ever-Changing Threat Landscape Information Security Media Group • July 19, 2024     Healthcare organizations secure more data overall, far more sensitive   show more ...

data, and see data growth rates outpacing the overall global average. Join this […] La entrada Securing Healthcare: Minimizing Risk in an Ever-Changing Threat Landscape – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 business

Source: www.databreachtoday.com – Author: 1 Cyber Insurance , Fraud Management & Cybercrime , Governance & Risk Management Information Security Media Group • July 19, 2024     When it rains, it pours. Few organizations are prepared for the data deluge caused by ransomware, but the organizations   show more ...

able to understand and limit data theft and have […] La entrada The Cost of Underpreparedness to Your Business – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Data Loss Prevention (DLP) , Endpoint Security , Fraud Management & Cybercrime Information Security Media Group • July 19, 2024     Humans don’t deal with uncertainty well. When faced with the possibility of something happening, we like to think either:   show more ...

“Yes, this most definitely will happen,” or “No, this […] La entrada Measuring Your Data’s Risk – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 The interconnectedness of medical devices, which generate data that can be distributed to multiple systems that are often managed by different policies, presents privacy concerns that device manufacturers must address, said Adam Hesse, CEO of Full Spectrum. While   show more ...

medical device makers are starting to do a better job of addressing […] La entrada Top ‘Privacy by Design’ Considerations for Medical Devices – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 3rd Party Risk Management , Fraud Management & Cybercrime , Governance & Risk Management Privacy Attorney Iliana Peters Discusses Online Trackers and HIPAA Concerns Marianne Kolbasuk McGee (HealthInfoSec) • July 17, 2024     18 Minutes    Iliana   show more ...

Peters, privacy attorney, Polsinelli law firm Healthcare groups should consider several key […] La entrada Court’s Web Tracker Ruling: What HIPAA Entities Should Know – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Critical Infrastructure Security , Fraud Management & Cybercrime , Ransomware Median Ransomware Attack Recovery Cost for Critical Infrastructure Is 4X Higher Chester Wisniewski • July 19, 2024     Ransomware remains a major threat to energy, oil/gas and   show more ...

utilities organizations of all sizes around the globe. Our latest report, The […] La entrada Ransomware Remains a Major Threat to Energy – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Behavior

Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Governance & Risk Management , Next-Generation Technologies & Secure Development How CISOs Can Leverage Zero Trust and AI to Protect Against the Human Element Chris Novak, Senior Director, Verizon Cyber   show more ...

Security Consulting • July 18, 2024     As a naturally trusting species, humans […] La entrada Why AI and Human Behavior Drive New Urgency for Zero Trust – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.databreachtoday.com – Author: 1 Professional Certifications & Continuous Training , Training & Security Leadership Help Organizations Build Robust Defenses Against Human-Centric Threats Brandy Harris • July 17, 2024     Image: Getty Images As the digital landscape evolves, so do the   show more ...

tactics used by cybercriminals. Social engineering, which involves manipulating individuals into divulging confidential […] La entrada Social Engineering Defense – An Emerging Career – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-07
Aggregator history
Friday, July 19
MON
TUE
WED
THU
FRI
SAT
SUN
JulyAugustSeptember