Security News

In this Help Net Security interview, Dr. Omar Sangurima, Principal Technical Program Manager at Memorial Sloan Kettering Cancer Center, discusses the impact of cyberattacks on patient safety and care delivery, emphasizing how disruptions to critical healthcare services can harm patients and even lead to life-threatening situations. The consequences of a successful cyberattack on a healthcare organization can be severe, including the compromise of patient data and potential harm to patients.

Digital threat actors are adopting evolving tactical behaviors, opting for different types of malicious attacks compared to previous years, according to SonicWall. Overall intrusion attempts were...

The U.S. SEC has introduced new rules for publicly traded companies to disclose cyberattacks within four business days if they are considered significant to investors. Foreign private issuers are also required to provide equivalent disclosures. SEC Chair Gary Gensler stated that consistent and comparable disclosure would benefit both companies and investors.The rules demand listed companies to include cyberattack details in periodic report filings (8-K forms). These rules will be effective from December or 30 days after publication in the Federal Register. Smaller companies will have an additional 180 days to comply. Disclosure timelines may be delayed if immediate disclosure poses a risk to national security or public safety.

Norwegian mining and recycling giant TOMRA says it has isolated tech systems as it deals with an "Extensive cyberattack."TOMRA has multiple divisions that focus on areas including waste and recycling solutions, metal sorting systems, mining machine systems and food sorting equipment.

Microsoft patches four exploited zero-days, but lags with fixes for a fifthFor July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed at defense and government entities in Europe and North America. Apple pushes out emergency fix for actively exploited zero-dayApple has patched an actively exploited zero-day vulnerability by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems.

The extension enabled threat actors to monitor browser history, take screenshots, and inject malicious scripts that targeted cryptocurrency exchanges. Multiple malicious extensions target user installations, leading to a real danger of data exfiltration and system compromise.

In April 2023, Australian law firm HWL Ebsworth was hit by a cyberattack that possibly resulted in data of hundreds of its clients and dozens of government agencies being compromised. "The attacks emanated from two separate threat campaigns. One campaign attempted to infect law firm employees with the GootLoader malware. The other campaign hit law firm employees and other victims with the SocGholish malware," the company revealed.

Petro-Canada gas stations across Canada are impacted by technical problems preventing customers from paying with credit card or rewards points as its parent company, Suncor Energy, discloses they suffered a cyberattack.Suncor Energy is the 48th-largest public company in the world, and one of Canada's largest synthetic crude producers, having an annual revenue of $31 billion.

In this Help Net Security interview, Brett Harris, Cybersecurity Officer for the Americas at Siemens Healthineers, discusses the long-term impacts of cyberattacks on healthcare institutions and what healthcare providers can do to protect patients' personal data and medical devices. Could you elaborate on the long-term impacts of significant cyberattacks on healthcare institutions?

The University of Manchester finally confirmed that attackers behind a cyberattack disclosed in early June had stolen data belonging to alums and current students. The university first disclosed the attack on June 9, warning that data was likely stolen but said the incident was unrelated to the MOVEit Transfer data theft attacks.