Security News

The Black Basta ransomware operation is suspected of exploiting a Windows privilege escalation vulnerability as a zero-day before a fix was made available. A report by Symantec says that CVE-2024-26169 has been actively exploited by the Cardinal cybercrime group, the operators of the Black Basta gang, noting that there's a good chance it was leveraged as a zero-day.

Recent cyberattacks targeting the nation's healthcare system have demonstrated the vulnerability of hospitals and payment systems. In January of 2024, the Department of Health and Human Services launched a healthcare cybersecurity gateway website to simplify access to the Department's healthcare-specific cybersecurity information and resources and published voluntary Healthcare and Public Health Cybersecurity Performance Goals designed to help healthcare institutions plan and prioritize high-impact cybersecurity practices.

Microsoft has unveiled a new cybersecurity program to support hospitals serving more than 60 million people living in rural America. In 2023, the healthcare sector reported more ransomware attacks than any other critical infrastructure sector and attacks involving ransomware against the healthcare sector were up nearly 130%. Cybersecurity attacks disrupt health care operations across the country and pose a direct threat to patient care and essential operations of hospitals.

Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. "WARMCOOKIE...

State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the...

The U.K. is by no means a reflection of Europe as a whole when it comes to technical proficiency. "We must strive for greater collaboration between higher education institutions, government and the technology industry to meet the rapidly evolving skill requirements of the digital economy. Without this collaboration and the right level of investment, we will continue to fall behind in technical skills proficiency."

Many of the underlying open-source projects are unvetted for the purpose of AI. In return for the massive financial benefits corporations receive by leveraging open source in AI, it is in their best interest to contribute towards community efforts and to the foundational security of the open-source components up front. Making deep and lasting positive change for security universally will require collaboration across industry participants, both for ease and financial gain, as well as to avoid the involvement of further oversight by governmental organizations in both the open source and private sectors.

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is...

First, there needs to be a shift in thinking when it comes to data security and an acknowledgment that the threat landscape has become much more complex with the majority of sensitive corporate data now residing in the cloud rather than in dedicated private data centers, multiple servers, network equipment, and storage devices. Instead, organizations must think about adopting a defense-in-depth approach to their security strategy - one that provides continuous insights into what's happening to their mobile devices, and an ability to detect and respond with AI-driven automation to protect sensitive data in the cloud no matter where it goes.

As a Cloud Security Operations and Compliance Professional, you will support the availability, integrity, and security of ongoing Security Services operations. Have knowledge of and be able to define and recommend security policy changes to security devices such as firewalls, proxies, email gateways, Intrusion Detection/Prevention Systems, end-point application whitelisting and anti-virus solutions, and Data Loss Prevention solutions.