Security News > 2023 > July

Healthcare continues to be one of the most attractive targets for cyberattackers, and the number of breaches affecting the industry is increasing yearly. In this Help Net Security video, Steve Gwizdala, VP of Healthcare at ForgeRock, discusses how vigilance and new ways of enhancing cybersecurity measures will be crucial to healthcare organizations and businesses responsible for protecting consumers' online information - across the entire supply chain.

In this Help Net Security interview, Mike Fey, CEO of Island, explains the differences between consumer browsers and the Island Enterprise Browser, how it protects organizations' data, and how it uses contextual information to provide users with a safe browsing experience. How does the Island Enterprise Browser create intelligent boundaries across users, devices, networks, and locations?

Small organizations face the same security threats as organizations overall but have less resources to address them, according to Netwrix. Smaller organizations usually have fewer resources and experience with which to address security threats.

Ghostscript is a free and open-source implementation of Adobe's widely-used PostScript document composition system and its even-more-widely-used PDF file format, short for Portable Document Format. Loosely put, Ghostscript reads in PostScript program code, which describes how to construct the pages in a document, and converts it, or renders it, into a format more suitable for displaying or printing, such as raw pixel data or a PNG graphics file.

The Swedish data protection watchdog has warned companies against using Google Analytics due to risks posed by U.S. government surveillance, following similar moves by Austria, France, and Italy last year. The development comes in the aftermath of an audit initiated by the Swedish Authority for Privacy Protection against four companies CDON, Coop, Dagens Industri, and Tele2.

This policy from TechRepublic Premium provides guidelines for the consistent and secure management of passwords for employees and system and service accounts. These guidelines include mandates on how passwords should be generated, used, stored and changed as well as instructions for handling password compromises.

In a decision published yesterday, the agency explains that by using Google Analytics to generate web statistics the firms were breaching European Union's General Data Protection Regulation. The United States has been deemed as a risky location for the storage of data of European users, as per the July 2020 "Schrems II" judgment, where the Court of Justice of the European Union ruled that any data transfers to the U.S. in the context of the then-existing mechanism, "Privacy Shield," were illegal.

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry. The problem is with the inconsistent information between a package's manifest data as displayed in the NPM registry and the data present in the 'package.

The threat actors behind the DDoSia attack tool have come up with a new version that incorporates a new mechanism to retrieve the list of targets to be bombarded with junk HTTP requests in an attempt to bring them down. Launched in 2022 and a successor of the Bobik botnet, the attack tool is designed for staging distributed denial-of-service attacks against targets primarily located in Europe as well as Australia, Canada, and Japan.