Security News

The U.S. Department of Health and Human Services has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country. "While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal," the agency's Health Sector Cybersecurity Coordination Center said [PDF].

U.S. healthcare organizations could be in the crosshairs of a new cyberthreat collective dubbed Royal. The warning from HHS's Health Sector Cybersecurity Coordination Center identified the relatively new group as perps behind several attacks first appearing in September 2022 against Healthcare and Public Healthcare targets.

One scam for example used an old video of Elon Musk talking with other specialists about cryptocurrencies as a lure to have users click a fake website promising to double the users' crypto money. Figure A. Another scam sent to legitimate Trezor users asked users to install a fake application and disclose their crypto wallet seed, allowing fraudsters to steal their cryptocurrencies.

A cyber security risk that comes from within an organization is referred to as an insider threat. Insider threats might be carried out purposefully or accidentally.

Where IoT-enabled devices connect to wider networks, their potential functionalities are immense, with countless applications across various industries, including production and manufacturing,...

Two more US states have launched aggressive action against made-in-China social media app TikTok. "The TikTok app is a malicious and menacing threat unleashed on unsuspecting Indiana consumers by a Chinese company that knows full well the harms it inflicts on users," said AG Todd Rokita in a statement.

A new report conducted by Enterprise Strategy Group highlights why today's security teams find it increasingly difficult to detect and stop cyber threats targeting their organizations. The research found that 70% of organizations have fallen victim to an attack that used encrypted traffic to avoid detection.

A sophisticated threat actor named 'CashRewindo' has been using aged domains in global malvertising campaigns that lead to investment scam sites. [...]

A company's supply chain is like a body's nervous system: a mesh of interconnected manufacturers, vendors, sub-contractors, service delivery firms, even coding and collaboration tools. A recent study by NCC Group estimated that supply chain attacks increased by 51% in the last six months of 2021, and the BlackHat 2022 conference featured a number of talks highlighting the vulnerability of supply chains not just between companies connected by business operations, but also software coding practices.

Despite massive spend to protect enterprise digital assets, security breaches are still on the rise. The disconnect between the level of investment and the volume and impact of attacks is largely attributed to outdated approaches that favor perimeter protection and point solutions despite a digital supply chain that is more distributed than ever.