Ukrainian network defenders continue to contend with a barrage of malware attacks. Apparent Russia hackers broadcast disinformation about Ukrainian President Volodymyr Zelenskyy's health and targeted a software developer with government customers.
Federal authorities are advising healthcare entities to fortify their defenses against cyberattacks involving web applications, including patient portals, telehealth services and webmail. Such apps offer hackers many potential entry points into an organization, they warn.
The U.S. Department of Justice unsealed its first insider trading case involving cryptocurrency markets, marking an escalation of traditional oversight. The case comes as a federal jury convicted a New York man for defrauding investors who bought into his supposed cryptocurrency.
Three ISMG editors discuss important cybersecurity issues, including the sharp rise in Maui ransomware attacks, how the FBI seized cryptocurrency ransom payments worth $500,000 from North Korean attackers and advice for CISOs navigating the great zero trust debate.
Halborn raised $90 million to expand its audit and penetration testing services and more effectively safeguard the crypto industry. The proceeds will bolster its protection for cryptocurrency lending protocols and better defend the money flowing into and out of the cryptocurrency ecosystem.
Two recent data breach lawsuit settlements by healthcare organizations underscore mounting liability risk stemming from a growing number of lawsuits. Missouri-based BJC Healthcare has agreed to pay up to $2.7 million to settle while Indiana-based Methodist Hospitals is on the hook for $425,000.
Premint NFT platform users became victims last weejend of one of the biggest NFT attacks ever. The company says an open-source vulnerability led to the compromise of its website, resulting in its users losing about $500,000 worth of blockchain assets.
U.S. Cyber Command and Security Service of Ukraine revealed malware indicators recently detected in Ukraine, which is resisting invasion by Russia. Cybersecurity firm Mandiant, which has ties to the U.S. military, published a detailed analysis of phishing campaigns with links to Belarus and Russia.
Huntress has made the largest acquisition in its eight-year history, buying Curricula to boost user education. Huntress evaluated seven companies with security training tools and chose Curricula for its ease of use, manageability for smaller customers and enjoyable online learning experience.
Atlassian released a patch for a critical vulnerability in its workspace collaboration tool Confluence stemming from hard-coded credentials. The Australian company found no evidence of exploitation of the flaw that allows remote, unauthenticated attackers access to vulnerable servers.
The basic foundation of designing a reliable and dynamic cyber resilience program is to have an elaborate incident response plan that can take into account different cyberthreat scenarios and outcomes, says Singapore-based Christophe Barel, who is managing director for Asia-Pacific at FS-ISAC.
The latest edition of the ISMG Security Report asks: Whatever happened to Russia's cyberwar against Ukraine? It also looks at the curious case of a cardiologist who's been accused of moonlighting as a developer of such notorious strains of ransomware as Thanos and Jigsaw.
Ohio's top elections official plugged bug bounties as one way of ensuring the integrity of American elections. Secretary of State Frank LaRose, a Republican, told a congressional panel that Ohio was the first U.S. state to implement a vulnerability disclosure policy for its election systems.
A slew of HIPAA enforcement actions is a sign that regulators are impatient with the short shrift that many medical providers give to providing patients access to their health information. No fewer than 11 of the last dozen HIPAA fines focus on a right of access dispute.
The evidence is in the news: Threat actors are taking constant advantage of weakly secured applications. Dan Shugrue of Digital.ai discusses how to secure applications from the start by creating a new blueprint for developing secure software.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.