International Law Enforcement Operation Shuts Down Goznym Malware Gang
May17

International Law Enforcement Operation Shuts Down Goznym Malware Gang

The international criminal gang behind the infamous Goznym malware has been disbanded following a complex law enforcement investigation in Bulgaria, Germany, Georgia, Moldova, Ukraine, and the United States. The investigation has resulted in indictments for ten defendants, five of whom have been apprehended: Two in Germany, one in Bulgaria, one in Moldova, and the alleged leader of the gang in Georgia. Five Russian nationals involved...

Read More
New Intel MDS Vulnerabilities Allow Sensitive Data to Be Accessed from CPUs
May16

New Intel MDS Vulnerabilities Allow Sensitive Data to Be Accessed from CPUs

Four Microarchitectural Data Sampling (MDS) vulnerabilities have been discovered in Intel processers which could be exploited using a variety of different attack methods to gain access to sensitive information. The flaws can be exploited on computers as well as in cloud environments and can allow information to be obtained from the operating system, applications, virtual machines, and trusted execution environments. The information...

Read More
Microsoft Issues Patches for 79 Vulnerabilities Including Critical Wormable Flaw
May15

Microsoft Issues Patches for 79 Vulnerabilities Including Critical Wormable Flaw

May 2019 Patch Tuesday has seen Microsoft release security updates to correct 79 vulnerabilities including one critical flaw that could potentially be exploited in a WannaCry-style malware attack. The wormable vulnerability (CVE-2019-0708) is in Remote Desktop Services and can be exploited by sending specially crafted requests via Remote Desktop Protocol (RDP). The vulnerability is pre-authentication and requires no user interaction....

Read More
Cost of the Equifax Data Breach? $1.5 Billion and Counting
May15

Cost of the Equifax Data Breach? $1.5 Billion and Counting

In 2017, the Atlanta-based credit bureau Equifax suffered a massive data breach that saw the personal information of 150 million people compromised. According to the company’s recent earnings release, the cost of the Equifax data breach has risen to $1.5 billion plus legal fees. The Department of Homeland Security had warned Equifax about a software vulnerability a few months prior to the attack, which was exploited to gain access to...

Read More
DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations
May14

DHS Cybersecurity and Infrastructure Security Agency Issues Guidelines for O365 Migrations

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued a set of guidelines and best practices to help organizations migrate to Microsoft Office 365 and avoid introducing vulnerabilities that could make it easier for cybercriminals to conduct attacks and gain access to Office 365 accounts. There has been a major increase in the number of organizations that have transitioned to...

Read More
City of Baltimore Suffers Second Ransomware Attack in 14 Months
May09

City of Baltimore Suffers Second Ransomware Attack in 14 Months

A ransomware attack on the City of Baltimore has forced the city to take most of its servers offline. This is the second such attack to hit the city in a little over a year. Baltimore suffered a similar attack in March 2018. In that attack, it’s 911 and 311 systems were taken out of action due to ransomware file encryption. The latest incident has not affected the 911 and 311 systems nor its core essential services, although many...

Read More
Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends
May08

Verizon 2019 Data Breach Investigations Report Reveals Latest Cyberattack Trends

Verizon has released its 2019 Data Breach Investigations Report. The annual report provides an in-depth analysis of global data breaches, new cyberattack trends, and an overview of the current threat landscape. This is the 12th consecutive year that Verizon has produced the report and this year’s instalment is most extensive DBIR report released to date.  Verizon now collects data from 73 sources and included 41,686 reported security...

Read More
Businesses Are Not Well Prepared to Deal with Serious Security Breaches
May06

Businesses Are Not Well Prepared to Deal with Serious Security Breaches

A recent survey conducted by Vanson Bourne on 600 IT decision makers has revealed confidence in the ability to respond to a serious data breach is low. 77% of respondents did not believe they were extremely well prepared to deal with a major data breach, which is especially worrying considering 60% of respondents said they had experienced such a breach in the past two years. Just under a third (31%) of respondents said they had...

Read More
PII of 137,000 Individuals Discovered in Unsecured Elasticsearch Database
May03

PII of 137,000 Individuals Discovered in Unsecured Elasticsearch Database

An unsecured Elasticsearch database containing the personally identifiable information of approximately 137,000 people has been exposed over the Internet. The database was discovered by security researcher Jeremiah Fowler, who determined that the data belonged to the medical emergency evacuation service provider SkyMed. Fowler discovered the security settings for the database had not been correctly configured and the database could be...

Read More
FBI’S 2018 Internet Crime Report Shows Massive Increase in BEC Attack Losses
Apr24

FBI’S 2018 Internet Crime Report Shows Massive Increase in BEC Attack Losses

The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) has released its 2018 Internet Crime Report which shows there was a dramatic rise in losses due to cybercrime in 2018. In 2018, IC3 received 351,936 complaints involving more than $2.7 billion in losses. That represents an increase in losses of more than 92% compared to 2017. 2018 accounted for 36% of all losses from the past five years and complaints about...

Read More
297 Flaws Patched by Oracle in its April Security Update
Apr18

297 Flaws Patched by Oracle in its April Security Update

Oracle’s April security update includes patches for 297 vulnerabilities across its product suite. Users of Oracle products have been advised to update the products as soon as possible to prevent the vulnerabilities from being exploited. This is especially important for this security update as it includes 53 critical bugs that have been assigned a CVSS v3 base score of 9.0 or above. 47 of those have a CVSS v3 score of 9.8. The patches...

Read More
Microsoft Confirms Support Agent’s Credentials were Compromised and Customers’ Email Data Potentially Accessed
Apr16

Microsoft Confirms Support Agent’s Credentials were Compromised and Customers’ Email Data Potentially Accessed

Microsoft has experienced a data breach that has lasted at least three months. During that time, hackers were able to access affected users’ email addresses, email subject lines, folder names, and email contacts. The breach affected certain users of its web email services: Hotmail, MSN, and Outlook. A Microsoft support agent’s account details were compromised on January 1, 2019 which allowed the attackers to gain access to information...

Read More
SpamTitan Leading Secure Email Gateway Solution According to G2 Crowd
Apr15

SpamTitan Leading Secure Email Gateway Solution According to G2 Crowd

Selecting the best business security software can be a headache. Even when business leaders know exactly what they want from a software solution, choosing the right product can be difficult. After determining that a software solution ticks all the boxes and has all the required features, many businesses discover that it is a nightmare to use. When it comes to security software it is important to choose a solution that’s user friendly...

Read More
Pharmaceutical Giant Targeted in Long-Term Cyber Espionage Campaign
Apr08

Pharmaceutical Giant Targeted in Long-Term Cyber Espionage Campaign

The German pharmaceutical giant Bayer has announced that it has been targeted by hackers who installed malware on its network. The attack was contained, but the malware was not removed for months. Instead, Bayer has been observing the malware in an attempt to determine the ultimate goal of the attack and the identity of the threat actors behind the campaign. The malware was installed on its network in early 2018. The affected systems...

Read More
Restaurant Chain Data Breach Impacts more than 2 Million Customers
Apr02

Restaurant Chain Data Breach Impacts more than 2 Million Customers

A malware infection has impacted around 2 million customers of the Planet Hollywood, Earl of Sandwich, Chicken Guy!, Tequila Taqueria, Mixology, and Buca di Beppo restaurant chains. The announcement about the attack was recently made by Earl Enterprises, which operates all of the above brands. The breach was detected by Brian Krebs of KrebsonSecurity, who discovered credit cards were being sold on the darknet marketplace, Joker’s...

Read More
Jackson County, Georgia Pays $400,000 Ransom to Recover Encrypted Files
Mar11

Jackson County, Georgia Pays $400,000 Ransom to Recover Encrypted Files

After considering the potential costs and benefits, Jackson County, Georgia determined that paying the ransom demand to unlock files encrypted in ransomware attack was the best option, even though the ransom demand was around $400,000. The attack occurred over the weekend of March 2/3, 2019, and resulted in the widespread encryption of data. The email system of the country’s government was taken out of action, and even systems used by...

Read More
STOP Ransomware Delivered via Software Cracks
Jan22

STOP Ransomware Delivered via Software Cracks

STOP ransomware, a crypto-ransomware variant that uses the .rumba file extension on encrypted files, is being delivered via software cracks. Software cracking programs that generate licenses for popular software programs are commonly used to deliver malware. The executable files often install spyware and adware code during the cracking process and while it is not unknown for other malware to be installed when the programs are run, it...

Read More
Cryptocurrency Mining Malware Tops Most Wanted Malware List
Jan21

Cryptocurrency Mining Malware Tops Most Wanted Malware List

Check Point’s Most Wanted Malware report for December 2018 shows that cryptocurrency mining malware was the leading malware threat in December. The top four malware threats in December 2018 were all cryptocurrency miners. Top spot goes to the Monero miner Coinhive: An online miner that uses the processing power of visitors’ computers whenever they visit a website that has had the miner installed. Coinhive has topped the Most Wanted...

Read More
Free Decryptor for Fileslocker Ransomware Developed After Master Key Leaked
Jan03

Free Decryptor for Fileslocker Ransomware Developed After Master Key Leaked

A free decryptor for Fileslocker ransomware has been developed following the leaking of the master key for the ransomware on Pastebin. The master key is the key used by threat actors to decrypt files that have been encrypted by the ransomware. The post was created on December 29, 2018 and states that the master key, which decrypts the private key, is “applicable to V1, V2 version” and that the poster is “waiting for security personnel...

Read More
More Than 50 Accounts Compromised in San Diego School District Data Breach
Dec27

More Than 50 Accounts Compromised in San Diego School District Data Breach

A major data breach has been reported by the San Diego School District that has potentially resulted in the theft of the personal information of more than half a million current and former staff and students. The data exposed as a result of the breach date back to the 2008/2009 school year. The breach was detected following reports from district staff of a spate of phishing emails. The emails were highly believable and fooled users...

Read More
Webinar: Cost-Effective DNS-Based Web Filtering
Dec04

Webinar: Cost-Effective DNS-Based Web Filtering

In order to protect against web-based threats such as malware, ransomware, viruses, exploit kits, malvertising, and phishing, businesses need to implement a web filtering solution. A web filter allows businesses to carefully control the websites and webpages that employees can access while connected to the wired and wireless networks. All Internet traffic is routed through the filter where controls are applied to block malware...

Read More
Marriott Announces 500 Million-Record Breach of Starwood Hotel Guests’ Data
Nov30

Marriott Announces 500 Million-Record Breach of Starwood Hotel Guests’ Data

The Marriott hotel chain has announced it has suffered a massive data breach that has resulted in the theft of the personal information of up to 500 million guests of the Starwood Hotels and Resorts group. Marriott discovered the data breach on September 8, 2018 after an alert was generated by its internal security system following an attempt by an unauthorized individual to access the Starwood guest reservation database. Third-party...

Read More
75% of Employees Lack Security Awareness
Oct26

75% of Employees Lack Security Awareness

MediaPro has published its 2018 State of Privacy and Security Awareness Report which assesses the level of security awareness of employees across different industry sectors. The report is based on the responses to questionnaires sent to 1,024 employees across the United States that probed their understanding of real-world threats and security best practices. This is the third year that MediaPro has conducted the study, which...

Read More
Microsoft Addresses 49 Flaws Including One Actively Exploited Vulnerability
Oct10

Microsoft Addresses 49 Flaws Including One Actively Exploited Vulnerability

Almost 50 vulnerabilities have been patched by Microsoft on October Patch Tuesday including one zero-day vulnerability that is being actively exploited in the wild by the FruityArmor APT group. The zero-day (CVE-2018-8453) is linked to the Win32k component of Windows and is an elevation-of-privilege vulnerability discovered by Kaspersky Lab. If exploited, a threat actor could run arbitrary code in kernel mode and could create new...

Read More
Increased Remote Desktop Protocol Attacks Prompts IC3 to Issue Warning
Oct03

Increased Remote Desktop Protocol Attacks Prompts IC3 to Issue Warning

The FBI’s Internet Crime Complaint Center (IC3) has issued a warning to businesses about the abuse of remote administration tools such as Remote Desktop Protocol. The warning was prompted by a significant rise in attacks and darknet marketplaces selling RDP access. Remote Desktop Protocol was first introduced into Windows in 1996 and has proven to be a valuable tool. It allows employees to connect to their office computer remotely and...

Read More
Cofense Takes a Closer Look at Healthcare Phishing Attacks
Sep24

Cofense Takes a Closer Look at Healthcare Phishing Attacks

Cofense, the leading provider of human-based phishing threat management solutions, has published new research that shows the healthcare industry lags behind other industry sectors for phishing defenses and is routinely attacked by cybercriminals who often succeed in gaining access to sensitive patient health data. The Department of Health and Human Services’ Office for Civil Rights publishes a summary of data breaches reported by...

Read More
Study Reveals SMB Employees Are Taking Major Data Security Risks
Sep14

Study Reveals SMB Employees Are Taking Major Data Security Risks

Cyberattacks on large enterprises often make the headlines as they tend to involve the theft of large quantities of data, but small to medium sized businesses also face a high risk of cyberattacks and data breaches. According to a new report from the Chicago-based SMB consultancy firm Switchfast, there are now 4,000 cyberattacks on SMBs every day. SMBs are often viewed as easy targets. The rewards for a successful attack may not be so...

Read More
Faxploit Attack Uses Fax Machine to Gain Network Access and Steal Data
Aug14

Faxploit Attack Uses Fax Machine to Gain Network Access and Steal Data

Since the 1960s, businesses have been using fax machines to send and receive orders and communicate data quickly. To a large extent, email has replaced the fax, although faxes are still extensively used, especially in healthcare. It has been estimated that there are still around 300 million fax machines in use around the world. While fax technology is old – it was first developed in the late 1800s – faxes are not typically...

Read More
SamSam Ransomware Developer Has Earned $6 Million in Ransom Payments
Aug08

SamSam Ransomware Developer Has Earned $6 Million in Ransom Payments

SamSam ransomware has been used in many attacks on healthcare providers and educational institutions over the past two and a half years. In contrast to many other ransomware variants, the ransom payments are considerably higher, typically of the order of tens of thousands of dollars. What also makes SamSam ransomware different is its method of deployment. While many ransomware variants are installed as a result of employees opening...

Read More
Businesses Turn Employee Safety Solution into Phishing Alert System
Aug03

Businesses Turn Employee Safety Solution into Phishing Alert System

Fast action is required when cybersecurity threats are detected to limit the harm caused. When phishing emails are received, or ransomware or malware threats are detected in the email system, fast action can prevent a costly data breach. Many businesses are now turning to their employee safety solutions as an additional protection against phishing and to instantly notify staff of a cyberattack in progress. Mass Notification Systems...

Read More
Reddit Data Breach Shows 2-Factor Authentication is Not Always Effective
Aug02

Reddit Data Breach Shows 2-Factor Authentication is Not Always Effective

A sizeable Reddit data breach has been discovered. An unauthorized individual gained access to several Reddit systems and succeeded in downloading a significant number of users’ credentials, including usernames, email addresses, and salted hashed passwords as well as public messages, and in some cases, private messages. The database that was copied was an old backup and included data from 2015, when the website was launched, through...

Read More
Hacking Group Steals $1 Million from Russian Bank via Compromised Router
Jul25

Hacking Group Steals $1 Million from Russian Bank via Compromised Router

The hacking group known as MoneyMaker has pulled off a $1 million cyberheist after gaining access to a Russian bank through an outdated router used in one of its regional branches. Vulnerabilities in the PIR Bank router were exploited to first give the hackers access to the router, and then to the Automated Work Station Client of the Russian Central Bank via network tunnels configured in the router. Once access to the Automated Work...

Read More
U.S. Military Data Stolen as a Result of the Failure to Change Default FTP Passwords
Jul11

U.S. Military Data Stolen as a Result of the Failure to Change Default FTP Passwords

U.S. military computers have been accessed by a hacker and sensitive military documents have been stolen and listed for sale on online hacking forums. The U.S. defense breach was made possible due to a simple error – the failure to change the default FTP password on a Netgear router. Cybersecurity firm Recorded Future found out about the documents being sold online, which include maintenance course e-books explaining how MQ-9 reaper...

Read More
Microsoft Issues Patches for 54 Vulnerabilities; 17 Critical
Jul10

Microsoft Issues Patches for 54 Vulnerabilities; 17 Critical

This Patch Tuesday has seen Microsoft issue patches for 54 vulnerabilities, 27 of which could allow remote code exploitation. 17 of the flaws have been rated critical and 33 are rated important. Three of the vulnerabilities were disclosed before Microsoft released patches. The patches address bugs in 15 products. The majority of the critical flaws are scripting errors in Internet Explorer, including four memory corruption...

Read More
Why You Should Use a Web Filter to Prevent Employees Accessing Pornography
Oct12

Why You Should Use a Web Filter to Prevent Employees Accessing Pornography

Many companies have realized that acceptable Internet usage policies are insufficient and do not prevent employees accessing pornography at work. While employees can be told that the viewing of pornography at work is unacceptable, and viewing pornography is likely to result in instant dismissal, it does not stop porn from being accessed at work by some individuals. The accessing of pornography in offices and other places of work is...

Read More
SMB IT Security Survey Reveals Confidence in Cybersecurity Defenses is Low
Oct09

SMB IT Security Survey Reveals Confidence in Cybersecurity Defenses is Low

A recent SMB IT security survey has revealed that while security spending has increased by 17% year over year, IT professionals are less confident in their ability to prevent data breaches. That is not surprising given that 68% have reported having experienced at least one data breach in the past 12 months, 29% of organizations experienced a phishing attack, and 18% have had to deal with a ransomware infection. The SMB IT security...

Read More
Worldwide Cybersecurity Spending in 2017 to Exceed $86.4 Billion
Aug17

Worldwide Cybersecurity Spending in 2017 to Exceed $86.4 Billion

Gartner has released a new report predicting worldwide cybersecurity spending in 2017 will reach $86.4 billion. The information security market is now the fastest growing sector and will increase by 7% by the end of 2017. Gartner predicts growth in the sector will be similar in 2018, with spending rising to $93 billion next year. Within the infrastructure protection segment, Gartner says the biggest growth will be in security testing....

Read More
HITRUST and Trend Micro Partnership to Improve Cyber Threat Xchange Capabilities
Aug15

HITRUST and Trend Micro Partnership to Improve Cyber Threat Xchange Capabilities

The Health Information Trust Alliance (HITRUST) has partnered with Trend Micro to form the HITRUST Cyber Threat Management and Response Center which will enhance the capabilities of the HITRUST Cyber Threat Xchange. The HITRUST Cyber Threat Xchange is the most widely adopted threat information sharing organization serving the healthcare industry. The HITRUST Cyber Threat Xchange provides detailed information on the latest cyber...

Read More
UK Hospital Cybersecurity Funding to Increase by £21 Million
Jul16

UK Hospital Cybersecurity Funding to Increase by £21 Million

Hospital cybersecurity funding has been increased in the UK in the wake of the recent WannaCry ransomware attacks that crippled parts of the NHS. Health Secretary Jeremy Hunt has pledged a further £21 million ($27 million) will be made available to 27 major trauma centers in the UK to improve their cybersecurity protections. The additional hospital cybersecurity funding is intended to make it harder for hospitals to be attacked with...

Read More
NIST Small Business Cybersecurity Act of 2017 Approved by House Committee
May08

NIST Small Business Cybersecurity Act of 2017 Approved by House Committee

The NIST Small Business Cybersecurity Act of 2017 has been approved by the U.S. House Committee on Science, Space, and Technology. The new act requires the National Institute for Standards and Technology to issue new cybersecurity guidance for small businesses to help them manage cybersecurity risk. Cyberattacks on small businesses are now commonplace with cybercriminals often targeting small businesses. Smaller businesses may not...

Read More
74% of Organizations Vulnerable to Insider Threats
Apr04

74% of Organizations Vulnerable to Insider Threats

Spending on cybersecurity defenses has increased to reduce the risk of attacks by cybercriminals, yet organizations still feel vulnerable to insider threats. Furthermore, insider threats have increased in the past 12 months, according to a recent survey conducted on U.S. IT security professionals. 508 IT security professionals were surveyed by LinkedIn’s Information Security Community and Crowd Research Partners in a study conducted...

Read More
February Patch Tuesday Delayed as Microsoft Fixes Last Minute Issues
Feb15

February Patch Tuesday Delayed as Microsoft Fixes Last Minute Issues

The Valentine’s Day update from Microsoft did not arrive yesterday as planned. February Patch Tuesday will be coming, just a little later than usual. The decision to bundle together updates means that if urgent flaws are not fixed in time, they would have to wait until the following month to be fixed. In this case, Microsoft has chosen to delay its monthly round of patches to make sure some serious issues are addressed and included in...

Read More
HITRUST Threat Catalogue Helps Healthcare Industry Prioritize Cybersecurity Threats
Feb10

HITRUST Threat Catalogue Helps Healthcare Industry Prioritize Cybersecurity Threats

The HITRUST Alliance has announced that the organization will be releasing the HITRUST Threat Catalogue in March: A new resource to help healthcare organizations improve security by aligning the wide range of current cybersecurity threats and risk factors with its Common Security Framework. The Health Insurance Portability and Accountability Act (HIPAA) requires all covered entities to conduct a risk assessment to identify the...

Read More
Reputation Loss of More Concern than a Data Breach
Feb06

Reputation Loss of More Concern than a Data Breach

Data breaches are a constant worry for most organizations, although a new study from the Ponemon Institute has shown that while the theft of data is a concern, it is the fallout from poor risk management that is the biggest worry. The biggest fear is not loss of data but loss of reputation. The study, which was sponsored by RiskVision, was conducted on 641 professionals involved in risk management at their respective organizations....

Read More
Global Cybercrime Costs Will Top $6 Trillion in 5 Years
Jan04

Global Cybercrime Costs Will Top $6 Trillion in 5 Years

A recent report published by Cybersecurity Ventures suggests global cybercrime costs will double over the next five years. Global cybercrime costs in 2015 are estimated to have reached $3 trillion. The damage inflicted by cybercriminals has been predicted to top $6 trillion by 2021. The managed security services provider (MSSP) and advisory firm calculated the damages from theft of intellectual property and data, financial fraud,...

Read More
Final Cybersecurity Guidance on Medical Devices Issued by FDA
Dec27

Final Cybersecurity Guidance on Medical Devices Issued by FDA

Final cybersecurity guidance on medical devices has been issued by the U.S. Food and Drug Administration (FDA). The 30-page document augments previous guidance published by the FDA in 2014 and is intended to help manufacturers of medical devices implement policies, procedures, and controls to secure postmarket devices. Previous guidance has covered security controls and policies that should be implemented to ensure medical devices are...

Read More
Microsoft Admits Its Windows 10 Update Policy Was Too Aggressive
Dec26

Microsoft Admits Its Windows 10 Update Policy Was Too Aggressive

The aggressive tactics used by Microsoft to get push its Windows 10 upgrade annoyed many users. Many Windows users felt they were being bombarded with communications telling them to upgrade for security recommendations. The frequency that dialog boxes popped up on screens and the inability to remove or prevent notifications from appearing angered many Windows 7 and Windows 8 users. During a weekly podcast, Chris Capossela, Microsoft’s...

Read More
63% Increase in Healthcare Data Breaches in 2016
Dec22

63% Increase in Healthcare Data Breaches in 2016

There has been a 63% increase in major healthcare data breaches in 2016, according to the 2016 Healthcare Cyber Breach Report from cybersecurity firm TrapX. The report, which covers healthcare data breaches in 2016 from January 1 to December 12, shows that while the total number of healthcare records exposed in 2016 was considerably lower than last year, the number of incidents increased substantially. In 2015, 111,812,172 records...

Read More
Samsa Ransomware Nets Criminals at Least $450,000 in a Year
Dec16

Samsa Ransomware Nets Criminals at Least $450,000 in a Year

The cybercriminals who have been infecting consumers and businesses with the ransomware variant SamSa have reportedly extorted $450,000 from businesses and consumers over the past 12 months, according to a recent report from Palo Alto Networks Unit 42 team. Researchers were able to calculate the cybercriminals’ minimum earnings by monitoring the Bitcoin Wallet addresses used by the attackers. Palo Alto Networks was able to see...

Read More
70% of Businesses Infected With Ransomware Pay Up
Dec16

70% of Businesses Infected With Ransomware Pay Up

A recent study conducted on behalf of IBM Security has clearly demonstrated why ransomware has proved so popular with cybercriminals. Out of 600 businesses that were surveyed, almost half reported having experienced a ransomware attack. Out of those that had, 70% paid the attackers to supply keys to unlock the encryption. Ransom demands are typically around $700 per infected device, although the amounts charged can vary considerably....

Read More
Windows 8 and 10 Update Knocks Users Offline?
Dec13

Windows 8 and 10 Update Knocks Users Offline?

Internet Service Providers in the UK and Belgium have been flooded with calls from disgruntled customers who have been prevented from accessing the Internet over the weekend. The problem has been attributed to a flawed update that was automatically installed by Microsoft. The problems started last week with customers of ISPs BT, Plusnet, and TalkTalk experiencing intermittent Internet access, while Sky and Virgin Media customers also...

Read More
323,000 New Malware Samples Being Discovered Every Day
Dec09

323,000 New Malware Samples Being Discovered Every Day

According to the latest figures from Kaspersky Lab, there are now more than 323,000 new malware samples being released every day: An increase of 13,000 per day compared to last year and 253,000 more malicious files per day than in 2011. Kaspersky Lab’s cloud database now contains the signatures for more than 1 billion forms of malware. The massive rise in new forms of malware is due to more sophisticated means of creating new malware....

Read More
Insider Breach Threat Main Concern of Half of IT Professionals
Dec02

Insider Breach Threat Main Concern of Half of IT Professionals

Almost half of IT professionals believe the insider breach threat is more of a concern than the threat posed by hackers. Hackers may pose a major risk to data security, but it is the insider breach threat that is most difficult to deal with. IT security solutions can be purchased to secure the network perimeter, but protecting data from internal attacks and accidental breaches is a major challenge. 49% of IT professionals that...

Read More
What are the Highest Risk IoT Devices for Enterprises?
Nov18

What are the Highest Risk IoT Devices for Enterprises?

Internet-connected devices can introduce considerable security risks, but what are the highest risk IoT devices for enterprises? According to a new report from cloud-based information security company Zscaler, the highest risk IoT devices for enterprises are surveillance cameras – devices that are purchased and installed to decrease risk. Unfortunately, while surveillance cameras can be used to reduce the risk of theft of equipment,...

Read More
Research Suggests Increased Enterprise Security Risk from IT Decentralization
Nov18

Research Suggests Increased Enterprise Security Risk from IT Decentralization

A recent VMWare sponsored study conducted by Vanson Bourne suggests enterprises face an increased security risk from IT decentralization and IT professionals are not ready to deal with the security challenges that come from moving their IT infrastructure to the cloud. Vanson Bourne conducted the study on 3,300 individuals in 20 industries from 20 countries. Respondents were asked about IT decentralization and use of the cloud...

Read More
70% of IT Pros are Concerned about Cloud Security Risks
Nov17

70% of IT Pros are Concerned about Cloud Security Risks

More organizations are now taking advantage of the benefits of the cloud, yet 70% of IT professionals are concerned about cloud security risks, according to the second global Cloud Security Survey from Netwrix Corp. The biggest concern is the potential for sensitive data to be accessed by employees of cloud service providers and third parties. 69% of respondents said unauthorized access was their biggest concern. Malware was also...

Read More
Can Antivirus Software Prevent Ransomware Attacks?
Nov09

Can Antivirus Software Prevent Ransomware Attacks?

Can antivirus software prevent ransomware attacks? It’s possible, but extremely unlikely according to a recent survey conducted by Barkly. The survey showed that out of the companies polled, 100% of organizations that had experienced a ransomware attack in the past 12 months said they had AV software but it did not prevent ransomware from locking up files. Companies were also asked about some of the other protections they had in place...

Read More
IT Security Spending to Increase by 9% by 2018
Nov08

IT Security Spending to Increase by 9% by 2018

The cybersecurity market is expected to continue to experienced strong growth as organizations increase their IT security spending to tackle the growing number of cybersecurity threats. As cyberattacks become increasingly sophisticated and more varied, organizations need to purchase new security products and commit more resources to keeping their networks and data secure. According to a new report from BCC Research, IT security...

Read More
SSL-Based DDoS Attacks ‘Trend of Q3’, says Kaspersky Lab
Nov01

SSL-Based DDoS Attacks ‘Trend of Q3’, says Kaspersky Lab

According to the latest threat intelligence report from Kaspersky Lab, cybercrime-as-a-service has proliferated in recent months and the cybercrime trend of the quarter is SSL-based DDoS attacks. Ransomware may still be a major issue, but the biggest threat facing businesses is SSL-based DDoS attacks. This is backed up by the 2016 Internet Organized Crime Threat Assessment (IOCTA) from Europol. The Europol report contains a stark...

Read More
Beazley Data Breach Insights Report Highlights Extent of Ransomware Problem
Oct27

Beazley Data Breach Insights Report Highlights Extent of Ransomware Problem

The Beazley Data Breach Insights Report is an annual publication summarizing the data breaches experienced by the company’s clients in the first nine months of the year. This year’s report shows there has been a 65% increase in data breaches in 2016, rising from 931 data breaches in 2015 to 1,437 breaches in 2016. Ransomware attacks have also increased significantly. There were 43 known attacks in 2015, whereas in 2016 the total has...

Read More
Hacktivist Indicted for Hospital DDoS Attacks
Oct27

Hacktivist Indicted for Hospital DDoS Attacks

DDoS attacks rarely result in prosecution; however, this week the hacktivist allegedly behind a series of major hospital DDoS attacks in 2014 has been indicted on charges of conspiracy and intent to cause damage to a protected computer. If convicted of he hospital DDoS attacks, the hacktivist faces up to 15 years in jail. Martin Gottesfeld from Somerville, Mass., is alleged to have been involved in a series of DDoS attacks on Boston...

Read More
St. Jude Medical Faces New Allegations of Medical Device Vulnerabilities
Oct25

St. Jude Medical Faces New Allegations of Medical Device Vulnerabilities

In August, Muddy Waters published a report that alleged certain St. Jude Medical devices were susceptible to cytberattacks that placed the safety of patients at risk. Muddy Watters placed a short-selling bet on St. Jude Medical stock after being supplied with details of security vulnerabilities from research firm MedSec. St. Jude Medical has denied that the vulnerabilities exist, while a team of researchers from the University of...

Read More
Lack of Skilled CyberSecurity Experts Hampering Breach Response
Oct21

Lack of Skilled CyberSecurity Experts Hampering Breach Response

The nation faces a serious shortage of skilled cybersecurity professionals and the lack of skilled staff is making it hard for organizations to prevent cyber-attacks and is seriously hampering many organizations’ breach response efforts. There is considerable demand for skilled cybersecurity professionals; however, a shortage of suitable applicants leaves many positions unfilled. A recent survey conducted by Dimensional Research on...

Read More
Fall in Price of Health Data Likely to Mean Healthcare Cyberattacks
Oct20

Fall in Price of Health Data Likely to Mean Healthcare Cyberattacks

Supply of healthcare data is outstripping demand which has led to a drop in the price of health data on the darknet, according to studies conducted by the World Privacy Forum and the Institute for Critical Infrastructure Technology. The research suggests the average price of a full set of health records was between $75 to $100 per set last year. The price has now fallen to between $20 to $50 per set of records, which means a sizable...

Read More
St. Jude Medical Forms Advisory Board to Improve Device Security
Oct18

St. Jude Medical Forms Advisory Board to Improve Device Security

St. Jude Medical, a medical device manufacturer that was recently accused of allowing security vulnerabilities to persist that placed device users at risk from cyberattacks, has announced that further steps are being taken to ensure that cyber security risks are addressed. The company has taken the decision to form a new Cyber Security Medical Advisory Board (CSMAB) which will work with industry experts and government agencies to...

Read More
59% of Organizations Use Multi-Factor Authentication to Secure Assets
Oct16

59% of Organizations Use Multi-Factor Authentication to Secure Assets

A recent survey conducted by the access management company SecureAuth has shown the use of multi-factor authentication to secure data is increasing in popularity, although passwords still appear to be favored by the majority of organizations. Passwords are not secure. They can be guessed or cracked using brute force attacks. End users also find it difficult to remember passwords and many still use simplistic passwords to secure their...

Read More
Confidence in Data Breach Preparedness Found to be Lacking
Oct13

Confidence in Data Breach Preparedness Found to be Lacking

According to a recent study conducted by the Ponemon Institute, the vast majority of companies now have a data breach response plan in place, yet most of the IT professionals surveyed lacked confidence in their company’s data breach preparedness plans. Only 42% of respondents to the Experian-sponsored survey said their breach response plans were effective or very effective. 31% lacked confidence in their company’s ability to deal with...

Read More
Chinese Firm Blamed for Massive DDoS Attacks
Oct10

Chinese Firm Blamed for Massive DDoS Attacks

Last month, the first recorded 1-Terabyte Distributed Denial of Service (DDoS) attack was recorded. The attack involved a massive botnet called Mirai, which consisted of hundreds of thousands of IoT devices, mostly security cameras and DVRs. The rapid growth of the Mirai botnet has occurred due to a lack of security controls in a range of IoT devices. Many Internet enabled devices contain default usernames and passwords which can be...

Read More
New Survey Shows Insider Data Breaches Increasing
Oct03

New Survey Shows Insider Data Breaches Increasing

According to a new report from cloud security software vendor Bitglass, insider data breaches have increased over the course of the past year. While malicious attacks are on the rise, the majority of insider data breaches are due to carelessness by employees. For the report, Bitglass surveyed 500 IT professionals and asked questions on insider threats to data security. 56% reported that insider leaks had increased in the past year and...

Read More
Less Than Half of IT Professionals Securely Wipe Hard Drives and Delete Data
Oct01

Less Than Half of IT Professionals Securely Wipe Hard Drives and Delete Data

A recent survey conducted by Blancco Technology Group has revealed that fewer than half of IT professionals securely wipe hard drives and delete data. The failure to ensure sensitive data is permanently erased could result in corporate secrets or sensitive information being obtained by criminals and competitors. For the study, Blancco surveyed more than 400 IT security professionals. Questions were asked about the methods used to...

Read More
IoT Security Breaches Are Easily Avoidable, Says Online Trust Alliance
Sep15

IoT Security Breaches Are Easily Avoidable, Says Online Trust Alliance

Many IT security professionals are concerned about IoT security breaches and with good reason. Wearable devices in particular pose a big security risk. Many industry professionals believe IoT security breaches are difficult to prevent. However, according to the Online Trust Alliance, while security issues exist with IoT devices, the problem is not insurmountable. In fact, the majority of IoT breaches could have been prevented. The...

Read More
St. Jude Medical Sues Muddy Waters for Disseminating False Information
Sep08

St. Jude Medical Sues Muddy Waters for Disseminating False Information

The “revelation” that St. Jude Medical devices contain serious security flaws that could potentially be exploited by hackers to cause harm to patients has certainly ruffled a few feathers. Late last month, MedSec Holdings Inc. provided detailed information to short-selling firm Muddy Waters about alleged security flaws in certain St. Jude defibrillators, pacemakers, and monitoring devices. The controversial move by MedSec has been...

Read More
FTC Fall Technology Series Explores the Ransomware Threat
Sep08

FTC Fall Technology Series Explores the Ransomware Threat

A panel discussion at the Federal Trade Commission Fall Technology Series in Washington DC extensively covered the ransomware problem: One of the biggest cybersecurity threats ever faced by organizations and consumers. Over the last year, ransomware has grown to become a major threat to businesses. An increasing number of individuals are using crypto-ransomware to extort money out of companies. According to figures from the Justice...

Read More
Health and Fitness App Privacy Policies Often Absent, says Think Tank
Aug19

Health and Fitness App Privacy Policies Often Absent, says Think Tank

One would assume that health and fitness app privacy policies would be more important than many other types of app, given the types of data they collect. However, according to a recent study performed by Washington DC think tank, The Future of Privacy, health and fitness app privacy policies are often nowhere to be seen. Only 60% of the apps assessed for the study actually had privacy policies compared to 76% of general apps. The...

Read More
Information Security Spending in 2016 to Exceed $80 Billion
Aug12

Information Security Spending in 2016 to Exceed $80 Billion

Information security spending in 2016 will smash previous records. A new report from Gartner Inc., indicates global information security spending in 2016 will reach $81.6 billion. That represents an increase of 7.9% from 2015. At present, organizations are committing the most funds to consulting and IT outsourcing according to the report. Over the next four years the biggest growth areas are expected to be security testing and data...

Read More
Why the Visual Hacking Threat Should Not Be Ignored
Aug11

Why the Visual Hacking Threat Should Not Be Ignored

The visual hacking threat should not be ignored. Visual hacking is easy to pull off and in the majority of cases attempts to steal data are successful, according to a new study released by the Ponemon Institute. Furthermore, low-tech threats such as visual hacking are under-addressed in many organizations. What is Visual Hacking? Visual hacking is the term used for capturing and stealing sensitive data by visual means. The attacks are...

Read More
Organizations Unprepared for Next Generation of Ransomware, Says Cisco
Jul27

Organizations Unprepared for Next Generation of Ransomware, Says Cisco

Cisco has recently published its 2016 Midyear Cybersecurity Report which suggests many organizations are simply not equipped to deal with the next generation of ransomware. The use of ransomware by cybercriminals has increased significantly in recent months, with many new and sophisticated variants already been released. Locky and CryptXXX currently pose the biggest threat to organizations. Locky is delivered via malicious email...

Read More
ONC: Healthcare Information Sharing and Analysis Organization to Receive $250K
Jul25

ONC: Healthcare Information Sharing and Analysis Organization to Receive $250K

Karen B. DeSalvo, National Coordinator for Health Information Technology of the Office of the National Coordinator for Health Information Technology, has announced that two new funding opportunities now exist for a healthcare Information Sharing and Analysis Organization (ISAO) for the Healthcare and Public Health sector. Cyberattacks on the healthcare industry have increased significantly in recent months as criminals attempt to gain...

Read More
Shade Ransomware Botnet Taken Down
Jul25

Shade Ransomware Botnet Taken Down

The Shade Ransomware botnet has been taken down and new ransomware decryption tools have now been released to help victims recover their files. The takedown was a joint effort by Intel Security, Kaspersky Lab, Europol, and the National High Tech Crime Unit (NHTCU) of the Dutch police. Shade ransomware first appeared in 2014 and has been primarily used to infect individuals in Eastern and Central Europe. Shade ransomware was delivered...

Read More
New Ransomware Prevention Initiative Launched by Europol
Jul25

New Ransomware Prevention Initiative Launched by Europol

Intel Security is leading a new ransomware prevention initiative which has the dual purpose of educating individuals on the danger of ransomware in an effort to prevent infections, and also helping victims who have had their files locked by ransomware. The ransomware prevention initiative involves a collaboration between Intel Security, Kaspersky Lab, Europol, and the Dutch Police (Politie). The risk from ransomware is growing at an...

Read More
Firefox will be Blocking Invisible Flash Content from August 2016
Jul21

Firefox will be Blocking Invisible Flash Content from August 2016

Firefox has announced that it will be blocking invisible Flash content from August 2016.  The move has been prompted by the risk that Flash content poses to Firefox users. The update will also help to reduce Firefox browser crashes and should improve battery life on laptop computers. Blocking Invisible Flash Content Will Improve the User Experience Flash has been depreciating for some time, as web developers switch to alternative...

Read More
Cerber Ransomware C&C Shut Down
Jul20

Cerber Ransomware C&C Shut Down

A command and control server used for a recent ransomware campaign has been shut down. The Cerber ransomware C&C was used as part of a campaign involving malicious Word macros, similar to many ransomware campaigns discovered this year. FireEye discovered the campaign and moved quickly to limit the damage caused. Within hours of discovering the Cerber ransomware C&C it was shut down by the Computer Emergency Response Teams in...

Read More
U.S. Government Looking to Recruit 3,500 More Cybersecurity Professionals in 2016
Jul15

U.S. Government Looking to Recruit 3,500 More Cybersecurity Professionals in 2016

The U.S. government is currently trying to deal with increasingly sophisticated and persistent cybersecurity threats. Attacks are coming from all angles: Individuals, criminal gangs, hacktivists, and nation-state sponsored hackers are all targeting government agencies. In order to deal with the growing number of threats the U.S. government needs to bring in new talent. A recent memo sent to the heads of executive departments and...

Read More
Hackers Use Conficker to Conduct Hospital IOT Attacks
Jul01

Hackers Use Conficker to Conduct Hospital IOT Attacks

Hospital IOT attacks are not just theoretical. Hackers are actively targeting medical devices such as MRI machines, CT scanners, and other Internet-connected medical devices. The attackers are attempting to gain access to the devices in order to steal the protected health information of patients, as well as to establish a foothold in healthcare networks. Medical devices seldom have the same level of protection as PCs and servers....

Read More
Ponemon Institute Reports Increase in the Use of Enterprise File Encryption Software
Jun29

Ponemon Institute Reports Increase in the Use of Enterprise File Encryption Software

The use of enterprise file encryption software has increased significantly in the past 12 months according to a new study conducted by the Ponemon Institute. The study was conducted on 5,009 respondents from companies in the world’s top 11 economies. A range of industries were represented in the study. According to the Thales e-Security-sponsored study, 41% of companies are now using enterprise file encryption software, compared to...

Read More
Improved Threat Intelligence Sharing Required to Tackle Ransomware Threat
Jun22

Improved Threat Intelligence Sharing Required to Tackle Ransomware Threat

A recent Health Information Trust Alliance (HITRUST) pilot project indicates the sharing of threat intelligence by healthcare organizations is an important way of reducing cybersecurity risk. The pilot shows that by sharing “timely, consumable, [and] actionable” threat information to a wide audience, a valuable resource can be created that can be used to defend the entire healthcare ecosystem from cyberattacks. In a recent press...

Read More
2016 Ponemon Cost of Data Breach Study Published
Jun15

2016 Ponemon Cost of Data Breach Study Published

The 2016 Ponemon Cost of Data Breach Study shows that healthcare data breaches cost the most to resolve, and breaches in the United States cost significantly more than those in other countries. This is the 11th consecutive year that the IBM-sponsored study has been published. The cost of a data breach continues to rise, with the average breach resolution costs now having reached $4 million. Last year, the average cost of a data breach...

Read More
Majority of Organizations Unsure of Ability to Protect Data After a Breach
Jun14

Majority of Organizations Unsure of Ability to Protect Data After a Breach

A recent study conducted by security firm Gemalto has revealed that a majority of companies are not confident of their ability to prevent data from being stolen, altered, or deleted if their security perimeter is breached. While most organizations – 61% – were confident of the defenses they had applied to keep their perimeter secure, in the event that hackers broke through those defenses, 69% of companies thought data would...

Read More
NIST Cybersecurity Framework Update
Jun14

NIST Cybersecurity Framework Update

The National Institutes of Standards and Technology (NIST) has announced that there will be a minor NIST Cybersecurity Framework update in early 2017. NIST sought suggestions from industry stakeholders over a period of two years since the NIST Cybersecurity framework was published. NIST issued a request for information (RFI) in December 2015 and received over 100 responses on best practices, Framework use, and suggestions for long...

Read More
Ransomware Attacks on US Businesses Soar
Jun06

Ransomware Attacks on US Businesses Soar

This year has seen an unprecedented number of ransomware attacks on US businesses. Healthcare providers have also been targeted, with medical services heavily disrupted as a result of ransomware infections. A recent report issued by Infoblox has confirmed the extent of the current ransomware epidemic and how much of a risk the malicious file-encrypting software poses for businesses. In the first quarter of the year alone, the number...

Read More
New CHIME Cybersecurity Center Tasked with Improving Healthcare Cybersecurity
May31

New CHIME Cybersecurity Center Tasked with Improving Healthcare Cybersecurity

The College of Healthcare Information Executives (CHIME) has announced it has created a new Cybersecurity Center and Program Office to assist healthcare organizations in the fight against cybercrime. The new office will be tasked with developing and sharing cybersecurity best practices, encouraging the sharing of threat information, and will be encouraging healthcare organizations to improve collaboration with each other and federal...

Read More
Final Precision Medicine Initiative Security Framework Released
May28

Final Precision Medicine Initiative Security Framework Released

The White House has released the final Precision Medicine Initiative security framework, which should be used by participating institutions to achieve the principles laid down in the Obama Administration’s Precision Medicine Initiative. The precision medicine initiative security framework contains a set of risk management guidelines which can be used to protect sensitive data and preserve data integrity. The 10-page framework may not...

Read More
Stronger Ransomware Protection for Hospitals Needed, says CHIME, AEHIS
May24

Stronger Ransomware Protection for Hospitals Needed, says CHIME, AEHIS

The College of Healthcare Information Management Executives (CHIME) and the Association for Executives in Healthcare Information Security (AEHIS) have issued a joint statement calling for stronger protections to be implemented by hospitals in light of the growing ransomware threat. At a hearing titled “Ransomware: Understanding the Threat and Exploring Solutions,” both organizations agreed that stronger hospital legislation is needed...

Read More
Ponemon Publishes Report on Privacy and Security of Health Data
May19

Ponemon Publishes Report on Privacy and Security of Health Data

The Ponemon Institute has released its annual report on the state of privacy and security of health data and found that for the second year running, cybercriminals are the main cause of healthcare data breaches. This is the sixth year that the Ponemon Institute has compiled its privacy and security of health data report and the data show that cybercriminal attacks are increasing steadily. When the first report was published six years...

Read More
IBM Announces Plans for Watson for Cyber Security Platform
May13

IBM Announces Plans for Watson for Cyber Security Platform

A cloud-based version of Watson’s cognitive computing technology will soon be used to process threat intelligence and provide insights on the latest cybersecurity threats. IBM has announced that the Watson for Cyber Security platform will be launched in the fall. The Watson for Cyber Security platform will be a year-long cybersecurity project, which will process around 15,000 security documents every month and will be programmed...

Read More
New Bill Introduced to Improve HHS Cybersecurity
Apr27

New Bill Introduced to Improve HHS Cybersecurity

A new healthcare cybersecurity bill has been introduced by members of Congress which aims to improve cybersecurity at the Department of Health and Human Services (HHS). The bill was introduced by two House Energy and Commerce Committee members: Rep. Billy Long (R-MO) and Rep. Doris Matsui (D-CA). The Committee had previously conducted an investigation to determine how cybersecurity could be improved at the HHS. The new legislation...

Read More
OIG Discovers 129 Medicare Healthcare Data Security Gaps
Apr26

OIG Discovers 129 Medicare Healthcare Data Security Gaps

The Department of Health and Human Services’ Office of Inspector General has recently published its annual review of the health IT security programs of Medicare Administrative contractors (MACs). A MAC is a private health care insurer that has been contracted by the Centers for Medicare and Medicaid Services (CMS) to process Medicare Fee-For-Service beneficiary Medicare Part A/Part B (A/B) claims and/or Durable Medical Equipment (DME)...

Read More
Majority of Health IT Security Execs Have Increased Spending on Data Protection
Apr19

Majority of Health IT Security Execs Have Increased Spending on Data Protection

A recent study conducted by data security firm Vormetric indicates 60% of healthcare IT security executives have increased their data protection budgets. New data security tools will be implemented by 46% of respondents to ensure their organizations are able to catch up with healthcare industry best practices. For the study, Vormetric polled 1,100 senior healthcare IT security executives. Virtually all respondents – 96% – said...

Read More
The Hidden Cost of Pagers in Healthcare
Mar31

The Hidden Cost of Pagers in Healthcare

Numerous studies have been conducted on the cost of HIPAA-compliant alternatives to the pager, yet little research has actually been conducted on the actual cost of pagers in healthcare. Pager use is in steep decline. Pager services are being dropped by telecoms companies due to the lack of demand. Most industries have retired pagers long ago and have switched to smartphones. However, the healthcare industry lags behind. Pagers are...

Read More
NIST Cybersecurity Framework and HIPAA Security Rule Crosswalk Issued
Mar03

NIST Cybersecurity Framework and HIPAA Security Rule Crosswalk Issued

The Department of Health and Human Services’ Office for Civil Rights has issued a crosswalk between the NIST Cybersecurity Framework and HIPAA Security Rule to help covered entities assess whether there are any gaps in their compliance programs. NIST Cybersecurity Framework and HIPAA Security Rule Crosswalk Issued By OCR The crosswalk between the NIST Cybersecurity Framework and HIPAA Security Rule was developed in conjunction with...

Read More