Phishing Attacks Detected Using Malformed URL Prefix
A new phishing campaign has been detected that uses malformed URL prefixes to bypass email security solutions and fool individuals into disclosing their login credentials. The novel tactic was identified by researchers at GreatHorn. Rather than use the standard URL protocols HTTP:// or HTTPS:// the domain linked in the phishing email used HTTP:/\ (forward slash/backslash). The researchers first identified this tactic being used in...
US. Department of Justice Indicts 3 Alleged Members of North Korean Lazarus Hacking Group
This week, the U.S. Department of Justice announced that three North Korean intelligence officials have been indicted for their role in a slew of destructive cyberattacks on U.S. and global organizations spanning many years. The cyberattacks allowed the hackers to steal and extort more than $1.3 billion in money and cryptocurrencies from companies and financial institutions around the world. The three individuals are alleged members...
What are the HIPAA Password Requirements?
Considering how important passwords are for preventing unauthorized access, you may be surprised to hear that passwords are only an addressable requirement of the administrative safeguards of the HIPAA Security Rule, rather than a required element. That does not mean the HIPAA password requirements are optional. Passwords must be considered as an administrative safeguard for securing accounts and preventing unauthorized access to...
US Healthcare Data Breach Report Shows Breaches Increased by 55% In 2020
An analysis of 2020 healthcare data breaches has been conducted by Bitglass that shows the extent to which the healthcare industry was targeted by hackers. There was a sharp increase in hacking and IT incidents in 2019 and that trend continued in 2020 when 67% of all reported healthcare data breaches were the result of hacking/IT incidents. The healthcare records of 24.1 million individuals were exposed in those breaches – 91% of all...
Malvertising Gang Exploited WebKit Zero Day to Redirect Web Visitors to Scam Sites
An unpatched zero-day vulnerability in WebKit-based browsers has been exploited by a threat group to redirect website visitors to scam sites for at least 8 months, according to a new report released by cybersecurity firm Confiant. The threat group behind the attack – ScamClub – has been in operation since at least 2018 and primarily uses malicious adverts (malvertising) to direct Internet users to scam sites, often sites running...