Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. This week, we look at incidents at Hope Finance, decentralized finance firm new malware demanding crypto and a phishing campaign aimed at Coinbase.
The Los Angeles Unified School District confirmed that records containing mental health data and other sensitive information of about 2,000 students, including 60 current pupils, were among data leaked in a ransomware attack last fall by Russian hacking group Vice Society.
Five proposed class action lawsuits have been filed so far in the wake of a California medical group's Feb. 1 report of a ransomware attack last December affecting more than 3.3 million individuals. The incident is the largest health data breach reported to federal regulators so far this year.
The newly relaunched HardBit 2.0 ransomware group is now demanding victims disclose details of their cyber insurance coverage before negotiating a ransom demand. The group, which has been active since 2022, has demanded that one victim pay $10 million in ransom, according to researchers at Varonis.
Business email compromise (BEC), also known as email fraud, is one of cybersecurity’s costliest and least understood threats. As BEC schemes have evolved, industry nomenclature has outlived its usefulness. Without a framework to describe and break down BEC attacks—let alone conceptualize them—researching and...
Lehigh Valley Health Network, which operates 13 hospitals and numerous physician practices and clinics in eastern Pennsylvania, says it has been hit with an attack by Russian-based ransomware-as-a-service group BlackCat. The network says it didn't pay a ransom and operations were not disrupted.
Ireland's child and family agency, Tusla, says it is beginning a months-long process to notify 20,000 individuals that their personal information was exposed in the May 2021 ransomware attack against the Health Service Executive, which formerly managed Tusla's IT systems.
In the latest weekly update, ISMG editors discuss the ESXiArgs ransomware campaign that has snared 2,800 victims, the data breach reported in an SEC filing by a multistate hospital chain, and Check Point's building of SD-WAN capabilities that are integrated with the company's network security stack.
Threats from API and application vulnerabilities increased in 2022, but ransomware, human error and hygiene continue to pose the greatest threats to organizations, according to findings from CyberTheory's 2022 Performance Study. CyberTheory's Steve King shares how education can make a difference.
Attackers are continuing to target unpatched VMware hosts to infect them with ESXiArgs and RansomExx2 crypto-locking malware and hold them to ransom. VMware urges immediate updating, saying that the attacks don't appear to be targeting zero-day vulnerabilities but rather long-patched flaws.
A ransomware incident last fall that disrupted some of hospital chain CommonSpirit's operations for at least a month has cost the organization $150 million in lost revenue, remediation and other expenses so far. CommonSpirit also likely faces additional legal expenses.
According to a Menlo Security survey, web-borne malware and ransomware now top the list of security threats organizations are most concerned about. Yet despite the growing risks, less than a third (27%) have advanced threat protection in place on all the endpoint devices connected to corporate applications and...
A survey conducted by Forrester Research (on behalf of Google) found that staff spends 75% of their working time within a browser and email. Ransomware gangs are changing their tactics due to the shift to remote work and the web browser. They are using what is known as a HEAT attack which employs various techniques to...
HEAT attacks target web browsers as the attack vector and employ techniques to evade detection from the traditional tools used in current security stacks such as firewalls, Secure Web Gateways, sandbox analysis, URL reputation, and phishing detection solutions. Menlo Security conducted research to understand...
Cybersecurity practices have not kept pace with evolving threats, resulting in highly evasive adaptive threats (HEAT) that evade existing security defenses. To combat HEAT attacks, organizations must shift to a prevention-focused approach that stops threats before they reach the endpoint.
Download this report to...