Why do so many HIPAA -covered entities and their vendors do such a poor job managing security risk and safeguarding patient's protected health information? Many critical factors come into play, say Roger Severino, ex- director of HHS OCR, and Bob Chaput, founder of security consultancy Clearwater.
Findings from CyberTheory's 2021 Third Quarter Review indicate that criminals are exploiting the open-source supply chain, and those exploits are proving much more difficult to identify, defend and stop in terms of complexity and depth than we've seen before, says CyberTheory's director, Steve King.
Threat group FIN7 has set up a website posing as a security company to recruit talent, according to fraud intelligence company Gemini Advisory. The aim of the scam was to lure security researchers who could help the group with penetration testing-related activities to enable ransomware attacks.
In the latest weekly update, four ISMG editors discuss: a federal judge imposing the maximum sentences on a hacker who pleaded guilty to conspiracy and aggravated identity theft, regulators getting tougher on cryptocurrency lending platforms and the return to in-person roundtables.
The outages of the notorious REvil - aka Sodinokibi - ransomware operation have been due to a coordinated law enforcement effort involving the U.S. and foreign partners, aimed at disrupting the group's attack capabilities, Reuters reports.
The latest edition of the ISMG Security Report features an analysis of whether businesses are stepping up their ransomware defenses in response to several warnings released by the U.S. and U.K. governments highlighting the threat posed to infrastructure. Also featured are the Thingiverse data breach and airline fraud...
In a busy congressional day for cybersecurity legislation, the U.S. House of Representatives passed several bills on Wednesday, targeting both software supply chain and telecommunication system security. One observer describes them as "a win-win for the government and U.S. citizens."
When a business, government agency or other organization hit by ransomware opted to pay a ransom to its attacker in Q3, the average payment was $140,000, reports ransomware incident response firm Coveware. It says the attack landscape has seen some notable shifts since the Colonial Pipeline attack.
Ransomware and nation-state threats are daunting. But the threat that concerns Mustapha Kebbeh the most is supply chain risk. The Brinks CISO discusses how he has tackled this, as well as the challenges of tool complexity and peer collaboration.
A spate of ransomware incidents affecting the education sector has led to the loss of student coursework, financial records and data relating to COVID-19 testing. Matthew Trump, senior IT security officer for the University of London, U.K., outlines incident response strategies.
How many ways do U.S. businesses need to be told to lock down their systems to safeguard themselves from ransomware? That's the focus of a new, joint cybersecurity advisory from the U.S. government pertaining to BlackMatter, following an advisory issued last month about Conti.
Accenture says an online attack against it that it first disclosed in August resulted in "the extraction of proprietary information by a third party, some of which was made available to the public by the third party." The LockBit 2.0 ransomware operation has taken credit for the attack and dumping data.
A future without passwords is not far off. This is bad news for cybercriminals who aim to steal credentials and good news for your IT team – which spends way too much time handling password resets, account unlocks, and other password-related requests. Find out what alternative authentication methods are available...
In this update, four editors discuss key cybersecurity issues, including addressing the complexity of security, the rising number of victims targeted by double extortion ransomware and the Information Commissioner's Office's recent consultation on creating an international data transfer agreement.
A free decryptor for BlackByte ransomware has been released by security researchers at Trustwave who cracked the crypto-locking malware's encryption. But they say that unfortunately, the underlying encryption problem is likely in the process of already being fixed by the malware's developer.