The U.S. Cybersecurity and Infrastructure Security Agency has issued a report describing how a threat actor apparently used a well-known VPN vulnerability and compromised Office 365 credentials to gain administrative privileges to a federal agency's network.
Premera Blue Cross has agreed to pay a $6.85 million fine, the second largest HIPAA settlement ever announced by federal regulators. The case stems from a 2014 breach, which went undetected for nine months and exposed the information of 10.4 million individuals
The latest edition of the ISMG Security Report features an analysis on why criminals continue to use darknet markets, despite the risks. Also featured: Hackers target Virgin Mobile KSA; coping with COVID-19 stress.
Shopify's announcement this week that two employees inappropriately accessed transactional data from 200 of the merchants that use its e-commerce platform demonstrates the importance of taking a "zero trust" approach to security and improving identity and access management capabilities, security experts say.
As the tally of reported heath data breaches related to the May ransomware attack on Blackbaud continues to climb, so do the number of lawsuits filed against the cloud-based fundraising software vendor.
Federal regulators have announced a $1.5 million HIPAA settlement with a Georgia orthopedic clinic stemming from a 2016 breach involving The Dark Overlord hacking group. The case serves as a warning of the potentially hefty cost of failure to implement a comprehensive HIPAA compliance program.
A U.K. resident who was a member of The Dark Overlord hacking group pleaded guilty to federal charges Monday and was sentenced to five years in prison, according to the U.S. Justice Department. The group targeted several healthcare organizations and others.
U.S. government agencies are supposed to have patched the "Zerologon" vulnerability by now, about six weeks after Microsoft issued a patch. But CISA warns that too many agencies' systems remain unpatched.
Several Senate Democrats are demanding answers from the Department of Veterans Affairs about cybersecurity practices after a breach that the VA says exposed data on 46,000 veterans, but which the senators claim also apparently affected 17,000 healthcare providers. The VA disputes that provider figure.
The latest edition of the ISMG Security Report analyzes whether a leaked database compiled by a Chinese company should be a cause for serious concern. Also featured are discussions on vulnerability disclosure challenges and risks posed by using social media apps for payments.
Cloud services are frequently associated with digital transformation and innovation; however, these services also expand cyber-attack surfaces for threat actors to exploit.
Read this whitepaper to learn about:
The economic impact of a data leak;
The surge in ElasticSearch "ransom" demands;
Managing Open Source...
Many financial institutions have deployed fraud fusion centers as a way to help mitigate risks. But as fraudsters revamp their techniques, banks need to revamp these centers to keep up, says Jeff Dant of BMO Financial Group, who will speak at ISMG's Virtual Cybersecurity and Fraud Summit: Toronto.
A ransomware attack that reportedly was directed at a German university but shut down emergency services at an affiliated hospital likely contributed to the death of a patient who needed urgent treatment but instead had to be transported to another hospital, delaying care, according to a news report.
Dunkin' Brands' settlement with the New York state attorney general of a lawsuit tied to a 5-year-old data breach affecting its Perks rewards cardholders could open the door to suits by other states - as well as customers.