Microsoft has issued fixes for 114 vulnerabilities, including patching a zero-day flaw being actively exploited by a ransomware group and updating guidance to block a vulnerability from 2013 that was recently exploited for the software supply chain attack on 3CX users, attributed to North Korea.
Federal regulators have issued proposed changes to the HIPAA privacy rule aimed at protecting reproductive healthcare information from disclosures or uses involving law enforcement and related purposes in the wake of the Supreme Court last year overturning Roe v. Wade.
Australian non-bank lender Latitude Financial said it will not pay a ransom demand from extortionists behind the theft of 14 million customers' data. Australian Minister for Home Affairs Clare O'Neil called Latitude's decision "consistent with Australian government advice."
The Biden administration plans to develop a road map for certifying and assessing that artificial intelligence systems work as intended without causing harm. The Commerce Department has asked for public input on top policies to support the development of AI audits, assessments and certifications.
Federal regulators have issued new rules aimed at securing certified healthcare software, helping patients decide which records to keep private, and protecting data used by AI and predictive tools. The 556-page proposed rule seeks to promote innovation and data sharing while tightening security.
A low-profile Israeli advanced spyware firm used a suspected zero-day to surveil the lives of journalists, political opposition figures and a nongovernmental organization worker across multiple continents, say researchers from the Citizen Lab and Microsoft.
The onslaught of distributed denial-of-service, ransomware, data exfiltration and other attacks on the healthcare sector highlight the importance of optimizing the many sources of threat intelligence available today, says Taylor Lehmann, director of the office of the CISO at Google Cloud.
The Biden administration is probing how highly classified military and intelligence documents detailing national security secrets came to be leaked via Discord servers and social media. Experts say the leaked documents appear to be genuine, although some have been crudely doctored.
Watch this 45-minute webinar and listen to the conversation where we delve into current threat trends and provide real-world examples of these attacks, enabling you to better prepare for and safeguard your most valuable assets: your data and your people.
Apple issued security updates to address two zero-day vulnerabilities being actively exploited in the wild and targeting iPads, Macs and iPhones. Both vulnerabilities can lead to arbitrary code execution, but Apple said it found no exploits related to cybercrime or nation-state groups.
Cisco Talos on Wednesday identified four arbitrary code execution flaws in the Ichitaro word processor. The maker of the word processor, JustSystems, said it has not confirmed any attacks exploiting the vulnerabilities and also said it has issued fixes for the flaws.
Netography has added more detection features and data science capabilities to help large enterprises better understand what's on their networks, according to CEO Martin Roesch. The Annapolis, Maryland-based company over the past 12 months has quintupled the amount of data ingested into its system.
Cobalt maker Fortra, Microsoft and the Health Information Sharing and Analysis Center obtained a U.S. federal court order redirecting into sinkhole servers the internet traffic from Cobalt Strike-infected computers sent to command-and-control centers controlled by bad actors.
Regulators are scrutinizing the use of website tracking codes and analytics such as Meta Pixel and Google Analytics. Health entities must carefully assess how those tools are being used on their health-related websites, say privacy attorneys Cory Brennan of Taft and Mark Swearingen of Hall Render.
In the latest weekly update, Venable's Jeremy Grant joins ISMG editors to discuss how to defend against the increasing use of MFA fatigue attacks, takeaways from a recent U.S. probe into compliance issues related to Login.gov services and the latest updates on the Improving Digital Identity Act.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.