Federal regulators are sounding an alarm to warn healthcare sector entities of cyberattacks involving a tried-and-true hacking method - credential harvesting, which can be used to compromise patient data, disrupt healthcare operations and enable other crimes.
In the latest weekly update, legal expert Jonathan Armstrong joined three ISMG editors to discuss the Department of Justice's antitrust lawsuit against Apple, ransomware payment dilemmas and AI copyright infringement fears - highlighting the intricate legal issues shaping big tech and cybersecurity.
This week, Russian organizations are losing Microsoft Cloud, hackers targeted an Apple flaw, Germany warned of critical flaws in Microsoft Exchange, an info stealer targeted Indian government agencies and the energy sector, and Finland confirmed APT31's role in a 2020 breach of Parliament.
UnitedHealth Group has admitted data was "taken" in the cyberattack on Change Healthcare and has just started analyzing the types of personal, financial and health information potentially compromised. The U.S. is offering a $10 million bounty for BlackCat, which claims to have launched the attack.
Cybercrooks are exploring ways to develop custom, malicious large language models after existing tools such as WormGPT failed to cater to their demands for advanced intrusion capabilities, security researchers say. Undergrounds forums teem with hackers' discussions about how to exploit guardrails.
A phishing-as-a-service platform that allows cybercriminals to impersonate more than 1,100 domains has over the past half year become one of the most widespread adversary-in-the-middle platforms. Attackers are meeting the rise of multifactor authentication by using tools such as Tycoon 2FA.
Proposed federal sticks and carrots to incentivize the health sector to implement stronger cybersecurity standards are already meeting opposition from some industry groups that say financial help is welcome but payment penalties for perceived laggards likely will do more harm than good.
Industrious attackers are using cutting-edge deepfake and AI technologies to blend impersonation and social engineering attacks. Robust processes that include checks and balances and improved proving awareness of staff and customers are the keys to preventing them.
This week, Flipper Devices petitioned Canada, UnitedHealth Group dealt with its attack, Nemesis Market was seized, phishers fooled ML, AceCryptor returned to Europe, Brazil and Ukraine made arrests, another Ivanti flaw, London rebuked for possible data exposure, and Fujitsu reported malware attack.
Federal authorities are warning healthcare and public health sector entities of email bomb attacks, a type of denial-of-service attack that can overwhelm email systems and networks and distract victims from other nefarious activities. The incidents can also disrupt clinical and business workflow.
Major technology vendors keep being hacked by the nation-state hacking group Midnight Blizzard. Essential defenses to combat such attacks begin with implementing log monitoring across multiple platforms to find red flags, said John Fokker, head of threat intelligence at Trellix.
As quantum computing looms, experts emphasize the urgency of embracing quantum-safe strategies. They highlight the need for proactive measures to protect digital assets from future breaches, deliver long-term data security and ensure the integrity of encryption.
A co-administrator of an illicit online marketplace received a 42-month prison sentence in U.S. federal court after pleading guilty to two criminal counts that could have put him in prison for 15 years. Sandu Boris Diaconu, 31, helped develop and administer the E-Root marketplace.
Threat actors are using image files or Scalable Vector Graphics files to deliver ransomware, download banking Trojans or distribute malware. The campaign uses an open-source tool, AutoSmuggle, to facilitate the delivery of malicious files through SVG or HTML files.
Criminals in China increasingly keep a low profile on public-facing forums and rely on Telegram and other encrypted foreign messaging apps to discreetly coordinate their activities or sell wares, according to a new report charting how the Chinese cybercrime ecosystem continues to evolve.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.