Dailymotion Cyberattack Impacts 85 Million Users
According to LeakedSource, a recent Dailymotion cyberattack has resulted in email addresses, usernames, and passwords being obtained by hackers. Dailymotion is one of the leading web video platforms and is rated by Alexa as the 113th most popular website. In April 2015, the site attracted 148 million visitors. The Dailymotion cyberattack is understood to have occurred on or around October 20, 2016, which means account credentials may...
Ironscales Named Finalist at 2017 SC Awards
The Israeli cybersecurity firm Ironscales has been named a finalist in the 2017 SC Awards in the Best Email Security Solution category and will be competing to win top spot in the category at the upcoming annual awards event in February 2017. This is now the 20th year that SC Media has been honoring the top cybersecurity vendors, with the awards highly coveted. The awards program is highly respected within the industry, with only the...
Wombat Security Technologies Named as Finalist for a 2017 SC Media Award
Wombat Security Technologies has been named as a finalist for a prestigious 2017 SC Media Award, in recognition for the quality of the company’s product and its ability to help businesses safeguard their networks and data. This is the 20th year that SC Magazine has run its awards program, which recognize the best of the best in the field of information security. The awards are highly coveted and winning an award is a major...
Antivirus Software No Longer Sufficient to Protect Against Internet Threats
According to Darren Bilby, a senior security researcher at Google, antivirus software is no longer good enough to protect against Internet threats. Antivirus software still has its place, but the software will not protect organizations against all malware, ransomware, and other Internet threats. The use of anti-virus products also introduces a false sense of security. People think they are protected because they use antivirus software...
Study Shows Fall in Organizational Resilience Against Cyberattacks
This week, the Ponemon Institute published the results of its 2016 Cyber Resilient Organization study which showed that organizational resilience against cyberattacks is has fallen over the last 12 months. The Ponemon Institute describes organizational resilience against cyberattacks as the ability of an organization to “maintain its core purpose and integrity in the face of cyberattacks.” The IBM’s Resilient-sponsored study...
Deloitte Ranks Wombat Security Technologies 144 in 2016 Technology Fast 500 List
Wombat Security Technologies has been included in the 2016 Deloitte Technology Fast 500 list, securing position 144. Each year, Deloitte produces its Fast 500 lists which recognize the fastest growing technology, telecoms, media, life sciences and energy companies in North America. To be included in the list, firms must have enjoyed exceptional growth. Not all companies qualify for inclusion. Companies must have developed proprietary...
Facebook’s Darknet Password Buying Practice Revealed
The data obtained from cyberattacks is often listed for sale on Darknet marketplaces for cybercriminals to purchase, yet who actually buys these data? Passwords are bought by cybercriminals to gain access to users’ online accounts for a wide variety of nefarious activities, but it is not only criminals that are interested in these data. It has recently emerged that Facebook also buys stolen passwords. Facebook CSO Alex Stamos revealed...
Locky Ransomware Campaign Targets OPM Data Breach Victims
The actors behind Locky ransomware have started using data from the OPM data breaches of 2014 and 2015 as part of a new campaign to spread cryptoransomware. It is unclear how much of the data has been obtained, although in total, 22 million user records were stolen in the OPM data breach. The mass spam emails contain a malicious JavaScript file which downloads Locky onto computers. Once installed the ransomware can encrypt files on...
New LinkedIn Social Engineering Scam Uncovered
Researchers at Heimdal Security have uncovered a new LinkedIn social engineering scam that attempts to get the LinkedIn account holders to reveal their personal information. The attackers are trying to gain access to users’ financial data as well as identity documents such as passport and driver’s license numbers that can be used to commit identity theft. The attackers are using a common social engineering technique designed to scare...
Google Takes Action Against Websites that Repeatedly Serve Malware
Google is to take action against websites that are repeatedly used to serve malware, unwanted software, or are used to phish for information. Once a website has been identified as a repeat offender, visitors to the website that use the Chrome browser will be served a warning alerting them that the site is being used to distribute malware. Site owners will be given the opportunity to clean their sites and have the warning removed, but...
BEC Attack on El Paso Resulted in Theft of $3.2 Million
The threat from business email compromise attacks has been clearly highlighted by the recently discovered BEC attack on El Paso, TX. According to the Mayor of El Paso, Oscar Leeser, city officials notified law enforcement in October that employees had fallen for phishing scams. Those scams resulted in the attackers stealing $3.2 million in funds from the city. The BEC attack on El Paso was similar to numerous attacks that have taken...
Windows Flaw Already Being Exploited by Hackers
Russian hackers have been actively exploiting two zero-day vulnerabilities prior to Google’s announcement of the flaws. Google’s Threat Analysis Group announced the flaws, including how they could be exploited, earlier this week. Microsoft had been informed of a new zero-day vulnerability on October 21, although Google only waited 10 days before making the announcement and crucially, did before Microsoft had issued a patch. While...
NetSkope Performs Analysis of CloudFanta Malware
A new report published by NetSkope Threat Research Labs casts some light on CloudFanta malware, which is currently being spread via spearphishing campaigns. CloudFanta malware was first identified in July 2016 and is known to have been used in upwards of 26,000 credential-stealing attacks. The purpose of the malware is to steal email credentials and monitor online banking activities. Once email credentials have been obtained, messages...
Phishing Scam Fools Baystate Health Employees and Exposes PHI
Phishing is a technique commonly used by cybercriminals as an easy way of gaining access to healthcare data. The aim of the scam is to convince individuals into revealing login credentials or infecting their computers with malware. Even when robust cybersecurity defenses are employed to prevent networks and databases from attack, those protections can easily be undone by employees. If employees can be convinced to click malicious...
Ransomware Threat Not Understood by 60% Office Employees in the U.S.
According to Symantec, ransomware attacks are now being conducted at a rate of 4,000 a day, yet a recent survey has shown that six out of ten office workers in the United States are unaware of the ransomware threat. The survey was conducted on more than 1,000 office workers in the United States by security firm Avecto. Questions were asked to determine the effectiveness of security awareness training programs, with a particular focus...
Warning Issued About Hurricane Matthew Phishing Scams
US-CERT has issued warning about a spate of Hurricane Matthew phishing scams as cybercriminals attempt to defraud users and infect computers by taking advantage of interest in the hurricane. Following any natural disaster or major new event, scammers launch new campaigns to obtain sensitive information that can be used for identity theft and fraud. Cybercriminals also seize the opportunity to spread malware and ransomware. This...
2016 Ransomware Trends Analyzed by BitSight
A new report on 2016 ransomware trends has recently been released by security firm BitSight. For the report, BitSight researchers analyzed 2016 ransomware trends across almost 20,000 companies in the United States from a wide range of industry sectors. The report shows that while healthcare organizations have made the news following high profile attacks this year, it is actually the education sector that has been hit the hardest. The...
Europol Report Shows 2016 Cybercrime Trends
The new Internet Organized Crime Threat Assessment released by European Law Enforcement Agency Europol has highlighted the biggest 2016 cybercrime trends. The report also confirms that online threats and cyberattacks have increased during the past 12 months. The increase in cybercrime has been attributed in part to the rise in hackers offering malware, ransomware, DDoS attacks and other malicious activities as a service. Now, more...
Healthcare Data Breach Costs Rise 282% in 12 Months
A recent study from CheckPoint shows that healthcare data breach costs have risen by an astonishing 282% in the past 12 months, while there has been a 60% rise in healthcare security incidents. Even though the industry is being targeted by cybercriminals and the frequency of attacks has increased, only 54% of healthcare organizations have tested their data breach response plan, and only 21% of healthcare organizations use disaster...
11% of UK IT Professional Do Not Know What Ransomware is
A survey of UK IT decision makers has revealed that 69% of large organizations in the United Kingdom expect to be attacked with ransomware in the next 12 months, while 44% have already experienced a ransomware attack. Out of the organizations that had already been attacked, three quarters believed they would be attacked again in the next 12 months. The threat from ransomware is well understood in the United States, but news isn’t...
Yahoo Data Breach Confirmed: 500 Million Users Affected
Two months ago, a massive Yahoo data breach appeared to have been uncovered. The records of more than 200 million Yahoo email account holders seemed to have been listed for sale on a Darknet marketplace. The hacker who placed the listing on the site – Peace – had previously listed other large databases for sale, including the data from the MySpace and LinkedIn data breaches. Peace is the co-founder of the Darknet marketplace...
Malicious Microsoft Publisher Files Used in Phishing Attacks on Businesses
Hackers are using malicious Microsoft Publisher files to create backdoors in Windows computers. The files are being used in targeted attacks on businesses, with a view to stealing sensitive data. A new campaign has been identified by Bitdefender that is targeting small to medium-sized businesses in the UK and China. So far, around 2,000 of the malicious emails have been captured. Spear phishing emails containing malicious Microsoft...
World Anti-Doping Agency Cyberattack: Olympics Stars’ Medical Files Published
The medical records of a number of leading U.S athletes have been leaked online. The data came from a hack of the World Anti-Doping Agency and Court of Arbitration for Sport (WADA-CAS). A group of hackers operating under the name Tsar Team / Fancy Bears successfully hacked WADA’s anti-doping administration and management system (ADAMS) database and stole sensitive data on U.S. athletes. The data have now been uploaded to the hacking...
Defenses Against Ransomware Must be Improved, Says FTC Chair
FTC Chair, Edith Ramirez believes that more needs to be done to deal with the ransomware threat and says defenses against ransomware must be improved. At a recent forum event which examined the rise in the use of ransomware and the strategies that can be adopted by organizations to deal with the threat, Ramirez said ransomware is now “among the most troubling cyberthreats.” She also explained that the problem is unlikely...
RAA Ransomware Tweaked to Attack Businesses
A new variant of RAA ransomware has been discovered by Kaspersky Lab. The new RAA ransomware variant has been developed to make it more effective against businesses. RAA ransomware was first discovered in June. The ransomware was also discovered to incorporate Pony; an information stealing Trojan. However, the hackers responsible for developing RAA ransomware have been working on making the file-encrypting, information stealing...
Healthcare Industry Must do More to Deal with the Threat from Phishing
The benefit of conducting simulated phishing attacks has been well documented, yet many healthcare organizations do not put anti-phishing training to the test. Consequently, knowledge gaps may be allowed to persist which could jeopardize network security. A recent study conducted by Wombat suggests the healthcare industry must do more to deal with the risk of phishing. Healthcare professionals’ knowledge of phishing threats does not...
Emergency OS X Security Updates Released by Apple
Apple has released emergency OS X security updates to tackle three zero-day vulnerabilities which are being actively exploited. The Emergency OS X updates tackle the “Trident vulnerabilities” which are currently being used by the Israeli firm, NSO Group Technologies. According to security researchers from Lookout Security and Citizen Lab, the exploits, which were discovered last week, could well have been weaponized and used to attack...
1.1 Billion Records Exposed in 2016 Data Breaches
According to a new data breach report published by Risk Based Security, more than 1.1 billion records have been exposed or stolen in the first 6 months of 2016. Those figures make 2016 the worst ever year for data breaches by some distance and the year is far from over yet. The good news, if you can call it that, is compared to the first 6 months of 2015, data breaches are down by 17%. Unfortunately, cyberattacks on organizations are...
Phishing Threat Greater Than Any Other Time in History
The Anti-Phishing Working Group (APWG) has released a new report on phishing that shows, during the first three months of 2016, phishing activity was greater than at any other time in history. APWG defines phishing as a criminal mechanism that employs technical subterfuge and social engineering techniques to steal personal identity data and financial credentials. APWG therefore includes CEO scams or business email compromise attacks,...
New Privacy and Security of Healthcare Data Study Released by Ponemon
The Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data has been released this week by the Ponemon Institute. This year’s study has highlighted some worrying data breach trends and the new report clearly shows that healthcare organizations – and their business associates – need to do more to improve data security in order to prevent breaches of protected health information. Many healthcare organizations lacked the...
Threat from Ransomware Prompts FBI to Issue a Warning to Healthcare Organizations
The threat from ransomware has increased considerably over the course of the past few months, and healthcare organizations are in cybercriminals’ cross-hairs. Attacks on healthcare providers have been occurring with increasing regularity, prompting the FBI to issue a warning. Ransomware is not new, but it is increasingly being used by cybercriminals to attack large organizations. In 2015, the FBI saw a sharp upward trend in the use of...
Employees are the Weakest Security Link Says Verizon Report
The 9th annual Verizon Data Breach Investigations Report was published this Tuesday. The report provides a valuable insight into the main causes of data breaches in 2015. The report shows that the biggest causes of healthcare data breaches in 2015 were stolen login credentials, privilege misuse, and miscellaneous errors. The threat from within cannot be ignored, but it was malicious external actors that caused healthcare organizations...
Locky and Samas Attacks Prompt US-CERT to Issue Ransomware Alert
The spate of recent ransomware attacks on U.S. healthcare providers and businesses has prompted US-CERT to issue a warning about the destructive ransomware variants, Locky and Samas. The latest alert was issued by the Department of Homeland Security in conjunction with the Canadian Cyber Incident Response Centre (CCIRC) to raise awareness of the threat from ransomware, the mode of action of the malicious software, the variants that...
Ransomware Attacks on Hospitals on The Rise
The recent spate of ransomware attacks on hospitals continues. In the last few days, two more attacks on Southern Californian hospitals have been announced. Ransomware is a form of malware that encrypts files to prevent the victims from accessing their data. Ransomware is spread predominantly via email, although web-borne attacks are also being used to install the malicious software on end user devices. Once installed, ransomware...
Biggest Healthcare Data Breaches of 2015
The financial sector and retail industries have suffered the largest data breaches over the past couple of years, but 2015 was without doubt the year of the healthcare data breach. The biggest healthcare data breaches of 2015 were all caused by hackers and the industry has been increasingly targeted by cybercriminals seeking valuable healthcare data. Biggest Healthcare Data Breaches of 2015 The two biggest healthcare data breaches of...
Anti-Phishing Solutions for Healthcare Providers
Phishing is main method used by hackers to gain access to healthcare data, but fortunately there are a number of anti-phishing solutions for healthcare providers that can be employed to protect networks, and the computers that connect to them. While software solutions can reduce the likelihood of phishing emails being delivered to inboxes, what happens when emails do sneak past anti-spam filters? How likely is it that healthcare...
OCR HIPAA Settlement for a Phishing Attack
University of Washington Medicine has agreed to an OCR HIPAA settlement for a phishing attack suffered in 2013. A financial penalty of $750,000 must be paid to Office for Civil Rights, and a corrective action plan (CAP) must be adopted to address areas of non-compliance with the HIPAA Security Rule. First OCR HIPAA Settlement for a Phishing Attack Data breaches are investigated by Office for Civil Rights and financial penalties are...
Essential Healthcare Mobile Security Considerations
The use of Smartphones, tablets and other mobile devices in healthcare is growing. Even though healthcare mobile security issues are numerous, the devices are simply too beneficial. Provided healthcare mobile security problems are tackled, the devices can help to improve efficiency, productivity, patient engagement, staff happiness, and drive down costs. Many HIPAA-covered entities rely on the devices and consider them to be critical...
Cybercriminals Exploiting Bugs in Human Hardware via LinkedIn
New cybersecurity vulnerabilities are being discovered on a daily basis, and health IT departments are diverting resources to plug security holes and address software risks as soon as they arise; however, it is important not to forget bugs in human hardware, which are arguably must easier for hackers to exploit. Bugs in Human Hardware Being Exploited Bugs in human hardware is a term often used to describe security flaws in human...
New Android Phone Data Security Report Released
The timespan between reports of Android phone data security problems is getting shorter. As soon as one major security vulnerability is discovered and addressed, other security flaws are found. Due to the number of security issues with the devices, some view Android Smartphones as a data breach waiting to happen. Bad news for healthcare providers with a BYOD policy allowing the devices to connect to their networks. Critical...
Medical Device Security Vulnerabilities are Putting Patient Data at Risk
A new report presented at the DerbyCon Security Conference on Tuesday has revealed serious medical device security vulnerabilities. The medical device security vulnerabilities are present in a wide range of devices used in hospitals and clinics, and the vulnerabilities could potentially be exploited by hackers seeking data to use for identity theft and fraud. Patient data is being recorded and stored on medical devices and computer...
Oakland Family Services Data Breach Announced
The Oakland Family Services data breach was caused by an individual employee responding to a phishing email, potentially exposing the PHI of 16,000 patients. The Department of Health and Human Services’ Office for Civil Rights has been notified of a recent Oakland Family Service data breach that exposed the Protected Health Information (PHI) and Personally Identifiable Information (PII) of up to 16,000 patients. Individuals who...
New Android Smartphone Data Security Warnings Issued
An Android Smartphone data security warning has recently been issued by IBM’s X-Force Application Security Research Team. CheckPoint has also discovered Android security vulnerabilities which have potential to be exploited by hackers. The new security vulnerabilities have been discovered in the operating system, with IBM’s warning suggesting as many as 55% of Android phone users could be affected by the security flaw. The warning came...
UCLA Health System Hack Uncovered
A UCLA Health System hack has been uncovered in which 4.5 million patient health records have been accessed and potentially stolen. This may not be the biggest healthcare data breach in 2015; the Anthem Hack exposed 78.8 million records and the Primera Blue Cross breach resulted in 11 million records being compromised – but this certainly ranks as one of the most serious healthcare data breaches ever reported. The data exposed in the...
FBI Warning Issued over Cryptowall Ransomware Threat
The Cryptowall ransomware threat has now reached a critical level, with the FBI deeming it necessary to issue a warning to allow businesses and individuals to take extra care. Ransomware is a type of malware that disables the target’s computer by encrypting the device. If an attack is successful, the device will be locked until a ransom is paid. Only then will the necessary security fix be provided to unlock the device. There are...
1.1 Million Records Exposed in CareFirst BCBS Cyberattack
A major cybersecurity breach has been discovered by CareFirst Blue Cross Blue Shield after an email account was compromised; the CareFirst BCBS cyberattack is reported to have affected 1.1 million health plan members. CareFirst is the third healthcare insurance company to suffer a major data breach in the last few months. The first announcement came from Anthem Inc., in February, after it discovered it had suffered a data breach that...
2019 Cost of Data Breaches will be $2.1 Trillion
The cost of data breaches is rising, and this is not likely to change according to a study conducted by Juniper Research; data breach costs will have risen to $2.1 trillion in just four years’ time. The Cost of Data Breaches Will Continue to Increase By 2019, researchers predict that cybercrime will be having an incredible impact on the lives of consumers. Their personal data is what thieves are after. With that information, criminals...
Main HIPAA Breach Threat is Human Error Says New Report
The Protected Health Information (PHI) held by health plans and healthcare providers is of high value to thieves, and cyberattacks are on the increase; however the main HIPAA breach threat is human error, according to a new report by Baker Hostetler. The data for the report comes from an analysis of over 200 data security incidents that were reported by the company’s clients, which spanned a number of different industries. The company...
Ponemon Institute Says Crime Leading Cause of Healthcare Data Breaches
The leading cause of healthcare data breaches is now crime, according to a new study published by the Ponemon Institute. The Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, published yesterday, offers an insight into the main causes of HIPAA breaches. The report allows covered entities to assess their own defenses and divert resources to deal with the biggest risks. A survey was conducted on 90 healthcare...
Seton Family of Hospitals HIPAA Breach Reported
A Seton Family of Hospitals HIPAA breach has been reported. The Protected Health Information (PHI) of approximately 39,000 patients has been obtained by hackers after some of the healthcare provider’s email accounts were compromised on February 26, 2015. Hackers are understood to have gained access to the email accounts using a phishing campaign in which users’ login details were captured. An unspecified number of accounts were...
2015 Data Breach Investigations Report Released
Verizon, the broadband and telecommunications company, has released its 2015 data breach investigations report which reveals the extent to which hackers have managed to break through security defense. Data Breach Investigations Report Shows Many Vulnerabilities Exist This year the healthcare industry is featured heavily in the report following a number of high profiles HIPAA breaches last year. The report highlights some of the...
HITRUST Cyber Discovery Study Announced
The HITRUST Cyber Discovery Study intends to find out more about the threat hackers pose to the healthcare industry and get some much needed answers to important healthcare cybersecurity questions. The healthcare industry may appear to be under attack from hackers, but without an assessment of the cybersecurity threat to the healthcare industry it is not possible to determine how real the danger is. HITRUST – The Health Information...
Healthcare Data Breaches Increase in Q1 2015
The high volume of healthcare data breaches of last year has continued into 2015, with the last three months seeing 91 million new victims created as hackers infiltrate healthcare databases and the industry resists implementing data encryption. A Record Breaking Year for Healthcare Data Breaches The healthcare industry is under attack from thieves. Cybercriminals were responsible for two of the largest data breaches ever recorded....
Evansville Clinic Sends 4400 Patient Breach Notification Letters After E-mail Hack
St. Mary’s Medical Center has sent 4,400 patient breach notification letters warning of a HIPAA breach in which hackers gained access to several email accounts of hospital employees, according to a statement issued by hospital spokesman, Randy Capehart. The statement announced that a sophisticated E-mail hack had taken place in January this year in which hackers had gained access to several email accounts of hospital employees. The...
Security Encryption Software Can Prevent HIPAA Breaches
As the year draws to a close, many people in the healthcare industry will be breathing a sigh of relief and will be glad to see the back of ‘the year of data breaches’; however as bad as this year was for HIPAA breaches, many of these security incidents could have been prevented with the use of security encryption software. There is often a public outcry following a large scale data breach. Patients want to know how multiple-hospital...