Security News

While H1 2023 saw an encouraging decrease in the overall number of data breaches impacting healthcare organizations, it was overshadowed by large-scale breaches resulting in a significant increase in the number of individuals affected, which reached record levels, according to Critical Insight. Notably, the report revealed a decrease in total breaches but an increase in the number of individuals affected; the focus of attacks on the supply chain and third-party associates; and, particularly noteworthy, the shift in some attackers' strategies from encryption to extortion.

After nearly two decades of my career leading a cybersecurity office, people, vendors, stakeholders and budgets in public health administration as well as in the private healthcare sector, I find that the industry is particularly vulnerable to cyberattacks. Healthcare organizations have experienced a spike in attacks often due to inadequate security, the high likelihood to quickly consort to attackers' payout demand, and sheer value of patient records that they possess.

A hacktivist group known as Mysterious Team Bangladesh has been linked to over 750 distributed denial-of-service (DDoS) attacks and 78 website defacements since June 2022. "The group most...

"Technology is accelerating at a breakneck pace - bringing sophisticated new tools to both attackers and defenders. And although attacker tools are evolving, social engineering continues to be the leading tactic used to breach corporate networks," said Noopur Davis, EVP, Chief Information Security and Product Privacy Officer, Comcast Corporation and Comcast Cable. The report leverages data from 23.5 billion cybersecurity attacks, spanning 500 threat types and 900 distinct infrastructure and software vulnerabilities.

As you can imagine, especially in an online world in which ransomware breaches can bring a company to a digital standstill overnight, and where even coughing up a multimillion-dollar blackmail payment to the attackers for a "Recovery program" might not be enough to get things going again. Ransomware attacks these days frequently involve cybercriminals stealing copies of your trophy data first, notably including employee and customer details, and then scrambling your copies of those very same files, thus squeezing you into a double-play cybersecurity drama.

Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. A typical example of an IDOR flaw is the ability of a user to trivially change the URL to obtain unauthorized data of another transaction.

The defense sector in Ukraine and Eastern Europe has been targeted by a novel. NET-based backdoor called DeliveryCheck that's capable of delivering next-stage payloads.

Thales cloud security study shows that 79% of organizations have more than one cloud provider and 75% of companies said they store at least 40% of their sensitive data in the cloud. While Thales, in its 2023 Cloud Security Study, found that well over a third of businesses experienced a data breach in their cloud environment last year versus 34% in 2021, organizations are increasingly caching sensitive data in multiple cloud environments.

While surface-level confidence around hybrid cloud security is high, with 94% of global respondents stating their security tools and processes provide them with complete visibility and insights into their IT infrastructure, the reality is nearly one third of security breaches aren't spotted by IT and security professionals, according to Gigamon. Only 19% claim effective security education for staff is a crucial factor for gaining confidence on IT infrastructure security.

Findings in network intelligence firm Gigamon's Hybrid Cloud Security Survey report suggest there's a disconnect between perception and reality when it comes to vulnerabilities in the hybrid cloud: 94% of CISOs and other cybersecurity leaders said their tools give them total visibility of their assets and hybrid cloud infrastructure, yet 90% admitted to having been breached in the past 18 months, and over half fear attacks coming from dark corners of their web enterprises. Key to understanding hybrid cloud security Must-read security coverage Google offers certificate in cybersecurity, no dorm room required The top 6 enterprise VPN solutions to use in 2023 EY survey: Tech leaders to invest in AI, 5G, cybersecurity, big data, metaverse Electronic data retention policy.