Hackers who are possibly members of a criminal group affiliated with numerous ransomware-as-a-service operations are exploiting a directory traversal vulnerability in a Python library that allows unauthenticated remote attackers access to sensitive information from server files.
A Mississippi women's health clinic has filed a proposed class action lawsuit against UnitedHealth Group alleging the disruption in claims processing caused by the cyberattack on the company's Change Healthcare unit and the resulting IT outage is threatening to push the practice into bankruptcy.
If software is eating the world, cloud computing is eating infrastructure. Look no further than a push for cloud-hosted alternatives to SCADA systems. Cloud-hosted SCADA presents both opportunities and challenges for OT organizations, said the U.K. National Cyber Security Center.
Amazon Web Services hired Gee Rittenhouse to help organizations protect their data and applications in the cloud. Rittenhouse spent more than two years atop San Jose, California-based security service edge vendor Skyhigh and prior to that, more than three years leading Cisco's cybersecurity unit.
Microsegmentation is a fundamental approach to achieving a mature zero-trust-guided strategy. But before tackling the complex job of microsegmenting infrastructure, IT teams must understand the business context and criticality of the data, said Robert LaMagna-Reiter, CISO at Hudl.
What if the world had access to memory-safe hardware for both IT and operational technology environments that could outright block many types of vulnerabilities from being exploited as well as make code safer to run on legacy systems? Enter the U.K.'s Digital Security by Design initiative.
The many kinds of OT and IoT gear that are not regulated medical devices but are critical to run hospitals and other care facilities present a variety of cybersecurity and patient safety concerns, said Dr. Benoit Desjardins, professor of radiology at the University of Pennsylvania Medicine.
Facebook's attempt to navigate European privacy regulations by giving users a fee-based opt-out from behavioral advertising triggered backlash from more than a dozen European politicians who accused the social media giant of treating human rights as a commodity.
In the latest weekly update, Grant Schneider of Venable LLP joined three ISMG editors to discuss the future of U.S. federal cybersecurity and privacy legislation, AI integration and recent CISA developments - all set against a backdrop of political complexities.
Healthcare organizations and makers of medical devices need to think about how to safeguard their critical medical gear against future cyberthreats, including the looming dangers posed by quantum computing, said Mike Nelson, global vice president of digital trust at security firm DigiCert.
Researchers at security firm Salt Security have uncovered multiple vulnerabilities in third-party plug-ins used in ChatGPT, including a zero-click account takeover flaw that was triggered when users attempted to install the plug-in using their ChatGPT accounts.
Advanced attackers increasingly feel the need for speed, lowering the time they spend lurking after they infiltrate networks before exfiltrating data and crypto-locking systems, experts warn in a review of top hacking strategies seen in 2023. Cue challenges for defenders.
The U.S. healthcare sector needs to closely watch government regulatory and legislative developments involving artificial intelligence, including the European Union AI Act, said Lee Kim, senior principal of cybersecurity and privacy at the Healthcare Information and Management Systems Society.
It's critical for hospitals and other firms to not only prepare for how they will respond to a cyberattack but also to consider the regional impact if a neighboring provider of services needed in the community is disrupted by a serious cyber incident, said Margie Zuk of Mitre.
Healthcare sector organizations need to focus their attention on meeting the "voluntary" essential and enhanced cybersecurity performance goals set out by federal regulators before they become potential mandates, said Kate Pierce, virtual information security officer at Fortified Heath Security.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.