Security News > 2023 > July

HCA Healthcare disclosed a data breach impacting an estimated 11 million patients who received care at one of its hospitals and clinics after a threat actor leaked samples of the stolen data on a hacking forum.As first reported by DataBreaches.net, on July 5th, 2023, a threat actor began selling data allegedly belonging to HCA Healthcare on a forum used to sell and leak stolen data.

Ideally, printing services should avoid storing the content of your files, or at least delete daily. Print services should also communicate clearly upfront what information they're collecting and why.

MITRE ATT&CK is a widely adopted framework and knowledge base that outlines and categorizes the tactics, techniques, and procedures used in cyberattacks. The MITRE ATT&CK Framework can be found here: https://attack.

Cloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services Fargate. SCARLETEEL was first exposed by the cybersecurity company in February 2023, detailing a sophisticated attack chain that culminated in the theft of proprietary data from AWS infrastructure and the deployment of cryptocurrency miners to profit off the compromised systems' resources illegally.

Apple has patched an actively exploited zero-day vulnerability by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems. The vulnerability has also been fixed with a regular security update in Safari, so users running macOS Big Sur and macOS Monterey can also implement the fix.

Today, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The EU-U.S. Data Privacy Framework introduces new binding safeguards to address all the concerns raised by the European Court of Justice, including limiting access to EU data by US intelligence services to what is necessary and proportionate, and establishing a Data Protection Review Court, to which EU individuals will have access.

A developing piece of ransomware called Big Head is being distributed as part of a malvertising campaign that takes the form of bogus Microsoft Windows updates and Word installers. Big Head was first documented by Fortinet FortiGuard Labs last month, when it discovered multiple variants of the ransomware that are designed to encrypt files on victims' machines in exchange for a cryptocurrency payment.

Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast and EaseProbe, two open-source platforms written in Go. Owncast vulnerability.

As one of hundreds of NHS trusts in the country, Barts manages five hospitals in the capital and says it serves about 2.5 million people. The criminals behind the attack are the notorious BlackCat crew, aka AlphaV, who have lately made a habit of going after healthcare providers in search of sensitive data.

Due to their distinct perspectives, Board members and CISOs often have differing views on cyber attack risks. A difference in perspective is a fundamental reason Board members and CISO are not always aligned.