A Tennessee-based cardiac care clinic is notifying more than 170,000 patients and others that hackers may have stolen their sensitive personal and medical information in a cyberattack detected in April. The Karakurt cybercrime group claimed credit for the hack a month later.
Human Factor Security expert Robin Lennon Bylenga advised that in building an internal threat management program, it is imperative to not send mixed messages to the broader workforce. It's wise to conduct an assessment of human risk - not just IT risk, she said.
Synthetic ID fraud has moved beyond business-to-consumers to business-to-business fraud as more bad actors are opening fraudulent commercial accounts at financial institutions, said Dori Buckethal, vice president of risk and fraud solutions at Thomson Reuters.
Fears that cyber insurance coverage drives companies into paying ransomware demands more easily than not appear unfounded, concludes a British think tank study that also suggests insurers should do more to enact corporate discipline. Cyber insurance has been dogged by accusations of moral hazard.
A malware downloader is spoofing Italian organizations, including the tax agency, to deliver a banking Trojan to target Italian companies, said researchers. Proofpoint callsthe downloader WikiLoader; it ultimately leads to the Ursnif banking Trojan.
Ukraine blocked an illicit money laundering network operating across the country that made use of sanctioned Russian payment systems and cryptocurrency exchanges to convert Russian rubles into Ukrainian hryvnia. The "black money exchanges" network processed more than $4 million monthly.
We have moved from cybersecurity strategy to cyber resilience strategy, said Fene Osakwe, a board member of the Forbes Technology Council. As a result, he said, we still start with identifying assets, but we keep going until we achieve recovery.
The number of data security incidents affecting Singapore's government sector remained stable in the 12-month period ending March 2023, and the number of medium-severity incidents marginally declined. Government officials said investments in security technology and culture are starting to pay off.
A Russian intelligence hacking campaign actively targeted European diplomats and think tanks as part of an espionage operation that lasted nearly six months. One characteristic of APT29 is how it blends in malicious traffic with legitimate traffic in order to evade detection.
ISMG's Healthcare Security Summit 2023, held in New York City on July 18, brought together leaders from the cybersecurity and healthcare industries to engage in a dynamic exchange of ideas and address pressing challenges faced by the healthcare community.
Why are so many fresh zero-day vulnerabilities being exploited in the wild? Google reported that attackers often discover variants of previously exploited flaws, which suggests that vendors aren't doing enough to fix the root cause of flaws - or to avoid introducing fresh ones with their fixes.
Threat actors who recently attacked a dozen Norwegian ministries by exploiting a zero-day vulnerability in Ivanti's endpoint management software appeared to have another zero-day flaw that tied to the overall attack exploit chain, Ivanti confirmed on Friday.
Government-backed North Korean hackers are posting convincing U.S. military job recruitment documents to lure Korean-speaking victims into downloading malware staged from legitimate but compromised South Korean websites, according to security researchers.
The highly active, North Korea-linked Lazarus Group is targeting unpatched Microsoft Internet Information Services servers to escalate privileges and distribute malware. Researchers spotted the group using watering hole techniques to fool victims in South Korea.
In the latest weekly update, ISMG editors discuss the surging number of MOVEit breach victims and the state of ransomware innovation, why the federal government warned healthcare firms about the use of web trackers, and how the DOJ is expanding its "whole of government" approach to fight ransomware.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.