While malicious wipers have stolen most of the headlines in the Russia-Ukraine cyberwar, investigators say Russians are now using modified GammaLoad and GammaSteel info stealer malware to spy on compromised government employee accounts and avoid detection. The attack begins with a phishing email.
Virginia Democratic Sen. Mark Warner, who chairs the Senate Select Committee on Intelligence, says he hopes to gather support for new bipartisan legislation this year to incentivize healthcare sector entities to meet certain minimum cybersecurity standards and tackle other top security concerns.
Researchers from cybersecurity firm WithSecure say they spotted a North Korean espionage campaign they dub "No Pineapple" that reveals a slew of tools in the Pyongyang hacking arsenal. They're confident the hackers were North Korean: One hacker connected to an infected server using a DPRK address.
Attackers this week locked up the business of London-based ION Cleared Derivatives, a software firm that supports derivatives trading, forcing major European banks to process trades manually and prompting a major futures exchange to delay the settlement of trades for two hours.
U.S. federal authorities are establishing a new office to tackle supply chain security issues and help industry partners put federal guidance and policies into practice. Former GSA administrator Shon Lyublanovits says she is spearheading the launch of the new organization.
A combination of three security flaws contained in an open-source electronic health record used mainly by smaller medical practices in the U.S. could allow attackers to steal patient data and potentially compromise an organization's entire IT infrastructure, says a new research report.
Security researchers say they found the Russian intelligence-linked Sandworm threat actor deploying a novel disk wiper against an energy sector company located in Ukraine. Data wipers have played a key role in Russia's hacking campaign against Ukraine.
Government authorities and industry groups are warning the healthcare sector of ongoing distributed denial-of-service attacks on hospitals and other medical entities by Russian nuisance hacking group KillNet, whose name comes from a tool used to launch DDoS attacks.
A Montana healthcare entity has agreed to pay $4.3 million to settle a proposed class action lawsuit filed in the wake of a 2021 hacking incident affecting 214,000 individuals. The deal is the entity's second multimillion-dollar lawsuit settlement in the last four years involving a major breach.
Two hacking breaches - one at a non-profit provider of foster care, mental health and substance treatment services, and the other at a provider of behavioral health services - have affected sensitive information of nearly 400,000 individuals.
Valuations are down, some companies have left the market altogether, and some even have announced deep rounds of layoffs. Yet, Alberto Yépez of Forgepoint Capital retains optimism for the cybersecurity marketplace in 2023 and says now is the ideal time to be ramping up investments in innovation.
A Midwest specialty medical care clinic has reported to regulators a health data breach affecting 134,000 patients involving one of its critical partners' previous use of Meta Pixel and Google tracking codes embedded in its websites and patient portals.
An update to acquisition regulations within the Department of Veterans Affairs says that contractors have one hour to report a security and privacy incident. The clock starts ticking after the incident has been discovered. The department says the rule change only codifies an existing requirement.
When the DOJ announced a "major, international cryptocurrency enforcement action," observers expected to see charges against a well-known firm. Instead, the agency charged a lesser-known figure, Anatoly Legkodymov, the Russian founder of Bitzlato, with facilitating $700 million in illegal activity.
CommonSpirit was negligent in failing to protect sensitive health data, resulting in a compromise affecting at least 623,000 patients and perhaps many more, allege plaintiffs in two proposed class action lawsuits filed against the Chicago-based hospital chain after a 2022 ransomware attack.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.