Dive Brief: The vast majority of U.S. companies, 96%, were targeted with at least one payment fraud attempt in the past 12 months, according to automated fraud prevention services provider Trustpair, which surveyed more than 260 senior finance and treasury leaders. The fraud attempts mark a 71% increase from the prior year as criminals stepped […]
Healthcare , HIPAA/HITECH , Industry Specific ‘Essential’ and ‘Enhanced’ Best Practices Will Influence Upcoming Rule-Making Marianne Kolbasuk McGee (HealthInfoSec) • January 24, 2024 HHS’ cybersecurity performance goals guidance details “essential” and “enhanced” best practices and controls for strengthening healthcare sector security. (Image: HHS) The Department of Health and Human Services has released guidance […]
Healthcare , Incident & Breach Response , Industry Specific Researcher Reported Configuration Issue to Cloud Vendor After Lab Failed to Respond Marianne Kolbasuk McGee (HealthInfoSec) • January 23, 2024 Image: Getty An unsecured database appearing to belong to a Netherlands-based medical laboratory exposed 1.3 million records on the internet, including COVID test results […]
ReversingLabs identified close to 11,200 unique malicious packages across three major open-source software platforms in 2023: npm, PyPI, and RubyGems. These findings mark an astounding 1,300% increase in malicious packages from 2020 and an increase of 28% over 2022 when a little more than 8,700 malicious packages were detected. “Over the years, we’ve closely monitored […]
Jan 25, 2024NewsroomRemote Access Trojan Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC. “SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP,” Kroll said in an analysis […]
Jan 25, 2024NewsroomVulnerability / Software Security The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read […]
A federal judge has denied a motion from spyware maker NSO Group to dismiss an Apple lawsuit alleging the company’s powerful Pegasus tool has violated computer fraud laws and unfairly profited off of Apple and its customers, according to a court ruling filed Tuesday. NSO Group, a highly controversial purveyor of spyware which has been […]
Jan 25, 2024NewsroomCyber Attack / Data Breach Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise’s (HPE) cloud email environment to exfiltrate mailbox data. “The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our […]
Email security risks remain high with 94% of organizations experiencing incidents in the past 12 months, according to Egress. Inbound email incidents primarily took the form of malicious URLs, attacks sent from a compromised account, and malware or ransomware attachments. Looking towards outbound email incidents, 91% of organizations experienced data loss and exfiltration due to […]