Healthcare sector entities' reliance on specialty and legacy equipment, including imaging systems and other gear, continues to present attractive targets for threat actors and a growing risk for medical providers, said Frank Catucci, CTO and head of research at security firm Invicti Security.
RTM Locker ransomware-as-a-service operators have now turned their attention to Linux, network-attached storage devices and ESXi hosts. The highly structured group appears to be using a new ransomware strain that shows traces of Babuk ransomware's leaked source code.
Prosecutors are urging a U.S. federal judge to sentence former Uber CSO Joe Sullivan to 15 months in prison for his role in impeding an investigation into the ride-hailing company's security practices. Sullivan exploited "his position to cover up a deeply embarrassing event," prosecutors wrote.
Supply chain attacks once were the exclusive provenance of nation-state hackers, says Eric Foster, strategic advisor to Stairwell. But not anymore. "More and more of those are moving downmarket," he said. "These days every threat would qualify as an advanced and persistent threat."
Identity is now the first line of attack, so how can enterprises minimize their attack surface? Identity threat detection and response is a newly recognized cybersecurity solutions category. Sean Deuby of Semperis discusses ITDR and how enterprises can best take advantage of it.
One Brooklyn Health is facing a proposed class action lawsuit in the wake of a data breach affecting more than 235,000 individuals, which the organization reported to regulators following a cyberattack late last year that disrupted its IT systems and patient services for several weeks.
Offense is what paces innovation in cybersecurity since threat actors constantly look for new ways to compromise systems, said AllegisCyber Capital's Bob Ackerman. Many offensive cyber capabilities developed by the national intelligence community make their way into the wild and become exploitable.
Many infrastructures have both OT and IT systems, making data and device transfer between the two systems difficult. Also, some OT devices are outdated while IT systems use modern cloud devices. And the shortage of training is another important hurdle, said OPSWAT CEO Benny Czarny.
As the Information Security Media Group editors wrapped up their coverage of RSA Conference 2023, everyone agreed that it was good to have the cybersecurity community back together in one place, working to solve the serious issues it faces, including AI, adversaries and "regulatory tension."
The intelligence community long refrained from adopting open-source technology, but its value has become evident with the rise of cloud computing and machine learning. Practitioners also are shifting toward open-source intelligence to augment the information obtained through human intelligence.
A federal judge sided with Google in a bid to block online infrastructure behind an info stealer masquerading as legitimate versions of the Chrome browser and Google Earth Pro. Google estimates the CryptBot malware infected 670,000 computers last year.
As threats continue to increase in frequency and sophistication, managed detection and response or MDR is becoming an increasingly important component of any organization's cybersecurity strategy and can help organizations overcome a major challenge facing security teams - the skills shortage.
It's getting harder to distinguish between normal and unusual threat activity, with more sophisticated attacks exacerbated by hybrid work and, soon, AI attacks. Defenders need correlated rather than isolated telemetry to get more signal and less noise, say Jeetu Patel and Tom Gillis of Cisco.
The threat posed by cybercriminals and fraudsters creates shared risks across the financial services industry including fintech companies. But fintech firms can balance rapid innovation with security and work with each other and governments to repel attackers, said Razorpay CISO Hilal Lone.
The way we secure workloads today is vastly different due to remote work and the move to the cloud following the pandemic. More modern SASE solutions such as zero trust have been adopted, and organizations are moving from legacy such as MPLS to software-defined networking and cloud-based solutions.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.