Threat actors are switching tactics to compromise their victims with ransomware, with more attacks now exploiting vulnerabilities rather than using phishing emails, according to Corvus Insurance. The insurer analyzed claims data from this year to better understand threat actor activity. It claimed that vulnerability exploitation rose as an initial access method from nearly 0% of ransomware […]
The number of cyber breaches targeting organizations’ supply chains continues to rise, with an average 4.16 breaches reported to be negatively impacting operations this year — a 26% increase from the mean number of 3.29 breaches in 2022, according to BlueVoyant. “Attacks targeting external vendors and partners are a constant threat,” said Joel Molinoff, BlueVoyant’s […]
U.S. authorities are struggling to contain a critical vulnerability in Citrix Netscaler Application Delivery Controller and Netscaler Gateway, widely used networking appliances that help companies enable secure remote access. Thousands of organizations worldwide use the technology, and researchers have seen attacks targeting a wide range of industries, including financial services companies, defense contractors, law firms, […]
Powerful attack knocked out internet access and mobile communications, damaging IT infrastructure
Louisiana-based medical association Lafourche Medical Group and the Department of Health and Human Services have reached a $480,000 settlement for a cyberattack in 2021 that resulted in the compromise of protected health information from 34,862 individuals, according to The Record, a news site by cybersecurity firm Recorded Future.
The Federal Communications Commission updated its data breach rules for the first time in 16 years Wednesday, expanding how a breach is defined and who to alert when there is one. The FCC order, decided in a 3-2 party-line vote, will broaden the commission’s breach notification rules to include certain personally identifiable information belonging to […]
SUMMARY The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are releasing this joint Cybersecurity Advisory (CSA) to provide information on the Karakurt data extortion group, also known as the Karakurt Team and Karakurt Lair. Karakurt actors have […]
Estimated read time: 4-5 minutes WASHINGTON — Digital sabotage had knocked a Somalian news website and email accounts offline in August. “I can still feel the frustration,” reporter Abdalle Ahmed Mumin told Reuters. “Our link to the outside world, to the international media, is our website.” It was only after getting help from Qurium, a […]
The cyber threat to critical infrastructure is increasing, prompting cyber government agencies to issue more warnings and advisories for industrial businesses. Against this backdrop, MITRE has launched EMB3D, a new threat model framework for defenders tasked with protecting operational technology (OT) and industrial control systems (ICS). EMB3D provides a knowledge base of cyber threats to […]