Security News

Authorities at the University of California San Diego Health reported a phishing attack lead to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data. A Wednesday notice from UCSD Health explains the attack occurred between Dec. 2, 2020 and April 8, 2021 and exposed personal information including full names, addresses, date of birth, email, social security number and the date and cost of medical services.

One expert offers ways to remove the bullseye from supply vendors. In his Help Net Security article, How can a business ensure the security of their supply chain?, Reed specifically focused on Merrit's concern about making sure supply-chain vendors are putting forth the effort to meet security standards.

A new file wiping malware called Meteor was discovered used in the recent attacks against Iran's railway system. Unlike ransomware attacks, destructive wiper attacks are not used to generate revenue for the attackers.

Designed to help organizations proactively and continuously identify, manage and remediate millions of AD Attack Paths, BloodHound Enterprise gives IT Ops and SecOps professionals the tools needed to dramatically and measurably improve AD security posture with minimal effort. As a largely unseen, unmanaged and growing problem for enterprises, AD Attack Paths are used by attackers to gain control of systems and data, impersonate users, abuse legitimate access to non-AD systems and much more.

Business email compromise refers to all types of email attacks that do not have payloads. In a recent study, 71% of organizations acknowledged they had seen a business email compromise attack during the past year.

The U.S. government and its allies are pleading with defenders to pay attention to gaping holes in perimeter-type devices, warning that advanced threat actors are feasting on known security defects in VPN appliances, network product gateways and enterprise cloud applications. In a joint advisory published Wednesday, cybersecurity response agencies from the U.S., the U.K., and Australia called special attention to flaws in network perimeter tech from Citrix, Fortinet, Pulse, F5 Networks and MobileIron.

Businesses have connections to other businesses, who supply them with goods, and whom they supply with goods - both parts and software. In many cases, a company has its own supply chain while simultaneously being part of the supply chain for other, probably larger, businesses.

United States President Joe Biden has shared his view that a "Real shooting war" could be sparked by a severe cyber attack. "We've seen how cyber threats, including ransomware attacks, increasingly are able to cause damage and disruption to the real world," he said.

According to a new Sophos Home survey, forty-five percent of consumers say they're more at risk of being hit by an attack now than they were before the pandemic, and 61% believe their household could be the target of an attack in the next year. Many consumers are uninformed about online security.

Stellar Cyber announced a major leap to boost security analyst efficiency to identify attacks earlier. The new incident correlation technology utilizes advanced GraphML algorithms to automatically group and consolidate large volumes of alerts and events into a much smaller number of highly precise and actionable incidents.