Interfaith Medical Center is one of three One Brooklyn Health System hospitals affected by a recent cyber incident. (Image: One Brooklyn Health System website)

Brooklyn Hospitals Decried for Silence on Cyber Incident

Marianne Kolbasuk McGee • November 30, 2022

As three Brooklyn safety net hospitals grapple with the aftershocks of a Nov. 19 cyber incident, sources say other area hospitals are complaining about a lack of transparency. One Brooklyn Health System has been tight-lipped about the cause of the outage, which is suspected to involve ransomware.

General Data Protection Regulation (GDPR)

AxLocker Ransomware Adds a Twist: Stealing Discord Tokens

Latest

Endpoint Security

Acer Fixes Bugs that Enable Attackers to Bypass Secure Boot

Prajeet Nair • November 30, 2022

Acer fixed high-severity bugs that hackers could use to disable the secure boot in several laptops built by the Taiwanese manufacturer. The vulnerability could give threat actors control over operating system boot process and allow them to disable some protection mechanisms.

Artificial Intelligence & Machine Learning

Open Systems Buys Tiberium to Automate Security on Microsoft

Michael Novinson • November 30, 2022

Open Systems has purchased an early-stage Microsoft-centric MSSP to help automate investigating, triaging and responding to basic security alerts. The Silicon Valley-based MDR provider says its acquisition of U.K.-based Tiberium will free up security analysts to focus on preventative defenses.

Cryptocurrency Fraud

How to Carry Out a Crypto Heist - Part 1

Rashmi Ramesh • November 30, 2022

Threat actors are targeting Web3 and making off with billions in stolen cryptocurrency. How do they find vulnerabilities and plan and execute attacks? How can you defend against such attacks? Martin Derka of Web3 security firm Quantstamp shares insights by walking a mile in a hacker’s shoes.

Blockchain & Cryptocurrency

UK Court Orders Crypto Firms to Share Data to Track Thieves

Rashmi Ramesh • November 30, 2022

A British judge ordered cryptocurrency trading platforms to divulge the identities of account holders accused of holding funds stolen from an English digital assets exchange. A change in civil procedure makes it easier for English judges to subpoena foreign entities in cases of financial fraud.

Endpoint Protection Platforms (EPP)

CrowdStrike Sales Growth Slows as SMB Clients Delay Spending

Michael Novinson • November 29, 2022

A longer sales cycle for small businesses and delayed subscription start dates for large enterprises have forced CrowdStrike to lower its sales forecast going forward. The Austin-based endpoint security company says deals with SMB clients took 11% longer to close in the fiscal quarter ended Oct. 31.

Fraud Management & Cybercrime

Server Remains Down; India's Premier Healthcare Uses Paper

Prajeet Nair • November 29, 2022

India's flagship combined public medical university and hospital continues to grapple with the fallout of a cyber incident it underwent last Wednesday. Patient care services remain affected as of Tuesday as physicians and staff use manual processes in place of disabled electronic systems.

Application Security

Veracode CEO Sam King on Joining AppSec, Container Security

Michael Novinson • November 29, 2022

The push to migrate applications to cloud-native architectures has driven increased use of containers and created the need for more security, says Veracode CEO Sam King. Veracode's expertise in application security helps the company identify open-source code and known vulnerabilities in containers.

Industry Specific

Why Are HIPAA Fines Down 93% - With Data Breaches Soaring?

Marianne Kolbasuk McGee • November 29, 2022

Healthcare providers and their vendors often fear federal regulatory action, but do fines and corrective action many any difference at all? As breach cases have nearly doubled since 2018, federal fines dropped 93% in 2022, and some say the agency is understaffed and crippled by legal challenges.

Industry Specific

Cybersecurity Stigma: More Victims Avoid Saying 'Ransomware'

Mathew J. Schwartz • November 29, 2022

Is the ransomware problem getting better or worse? Unfortunately, gauging attack trends continues to be complicated by the fact that many incidents never come to light publicly and many victims are hesitant to say "ransomware" when describing what hit them, says Comparitech's Rebecca Moody.

Governance & Risk Management

RegScale Buys GovReady to Simplify Compliance for the Masses

Michael Novinson • November 29, 2022

RegScale has purchased a startup founded by the FCC's former chief data officer that makes documenting compliance easier for nontechnical personnel by using a questionnaire. The GovReady deal means customers will be able to demonstrate their adherence to standards by answering questions.

Fraud Management & Cybercrime

Meta Fined by Irish Privacy Regulator for GDPR Violations

Akshaya Asokan • November 28, 2022

Facebook will pay a 265 million euro fine to the Irish data protection authority to resolve a 2021 incident when the scraped data of 533 million users appeared online. The data contained names, phone numbers and birthdates. Facebook says it takes active measures against data scraping.

Governance & Risk Management

Indiana Health Entity Reports Breach Involving Tracking Code

Marianne Kolbasuk McGee • November 28, 2022

An Indiana healthcare network, Community Health Network, is the latest medical entity to classify its use of online tracking code as a data breach reportable to federal regulators. It said the unauthorized access/disclosure breach affected 1.5 million individuals.