In an after-action report on how the Lapsus$ crime group hacked "dozens of well-defended companies with low-complexity attacks," the U.S. Cyber Safety Review Board urges organizations to implement more robust two-factor authentication systems, plus regulations to combat SIM swapping.
Security researchers uncovered a vulnerability in AMD chips that could allow hackers to trick a computer system into leaking data from its kernel. They named the flaw after the 2010 movie "Inception," since both the hacking technique and the film's plot involve planting false ideas into memory.
Legacy infusion pumps commonly available for purchase on the secondary market often contain wireless authentication and other sensitive data that the original medical organization owners failed to purge, warned researcher Deral Heiland, citing a recent study conducted by security firm Rapid7.
Ukrainian cyber defenders said they had thwarted an attempt by Russian military intelligence to deploy widespread malware programmed to spy on battlefield management apps. Russian hackers' preparation for the malware campaign was "long-term and thorough," Ukraine's SBU said.
Rubrik purchased a data security posture management startup backed by Salesforce and SentinelOne to provide visibility into where a company's data lives and who has access. The Laminar buy will help organizations expand beyond network and endpoint security and into cloud and data security.
The Biden administration says it wants to get ahead of ransomware attacks against schools before K-12 education resumes in the fall. "We must take cyberattacks on our schools just as seriously as we take physical attacks on critical infrastructure," said Cindy Marten, education deputy secretary.
Authorities are sounding the alarm about double-extortion attacks against healthcare and public health sector organizations by a relatively new ransomware-as-a-service group, Rhysida, which until recently had mainly focused on entities in other industries.
A ransomware attack has forced a California-based hospital chain to divert ambulances from its emergency rooms and cancel appointments for services. The group of 17 hospitals, 166 outpatient clinics and various doctor practices is still recovering after an IT systems shutdown.
A five-year-old flaw in Fortinet SSL VPNs remains one of the world's most widely exploited vulnerabilities. So warn cybersecurity officials across the U.S. and its Five Eyes partners in a joint security advisory highlighting the 12 most exploited flaws that require immediate patching.
How much of a risk do hacktivists pose? Hacktivism's heyday was arguably a decade ago. While activists do keep using chaotic online attacks to loudly promote their cause, they're tough to distinguish from fake operations run by governments, including Russia and Iran.
Real-time protection against API attacks is nonnegotiable for the protection of any web application or digital service that relies on application programming interfaces. Here are some of the most common types of API attacks and strategies for protecting against them in real time.
A hacking campaign that exploited Ivanti mobile device manager to target the Norwegian government began in April or possibly earlier, say cybersecurity agencies from the U.S. and Norway. Mobile device management systems are "attractive targets for threat actors," the alert warns.
ISMG's Healthcare Security Summit 2023, held in New York City on July 18, brought together leaders from the cybersecurity and healthcare industries to engage in a dynamic exchange of ideas and address pressing challenges faced by the healthcare community.
Why are so many fresh zero-day vulnerabilities being exploited in the wild? Google reported that attackers often discover variants of previously exploited flaws, which suggests that vendors aren't doing enough to fix the root cause of flaws - or to avoid introducing fresh ones with their fixes.
The latest generation of ransomware and phishing attacks is being designed to evade existing network security controls such as gateways and firewalls, said Menlo Security CEO Amir Ben-Efraim. Threat actors have taken the time to codify, register and customize URLs to impersonate a bank's help desk.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.