Australia's information commissioner has urged organifzations to quicken the process of notifying those affected by data breaches instead of spending months analyzing each incident. Angelene Falk said it can take anywhere from 20 days to five months to notify breach victims, putting them at risk.
The Federal Trade Commission and the Department of Health and Human Services have publicly named 130 hospitals and telehealth companies that were recently warned that the use of online tracking tools in their websites or mobile apps potentially violates federal data privacy and security regulations.
A startup founded by the longtime leader of Secdo and backed by the likes of Qumra Capital and Accel could soon be acquired by Tenable. The company is in advanced negotiations to purchase cloud infrastructure security startup Ermetic in a deal valued at between $300 million and $350 million.
New regulations, including those coming into effect in the U.S., are pushing many medical device makers to radically reconsider how they approach cybersecurity for their products - including air gapping connections, said Phil Englert of the Health Information Sharing and Analysis Center.
It is increasingly important for healthcare entities to carefully examine their cyber and other insurance policies to see what risks are covered in the event of a cyber incident, especially as the threat landscape continues to evolve, said attorney Peter Halprin, a partner at law firm Pasich LLP.
Has the cry of the Qakbot come to an end? While the pernicious, multifunction malware fell quiet last week thanks to Operation "Duck Hunt," lucrative cybercrime operations have a history of rebooting themselves. Rivals also offer ready alternatives to ransomware groups and other criminal users.
Multiple hackers are minting newer capabilities from an open-source information stealer to spawn new variants. The malware steals sensitive information such as corporate credentials, which are resold to other threat actors for attacks, including operations related to espionage or ransomware.
IoT and OT devices, which include network-attached storage devices, hold valuable data that ransomware groups seek to compromise. NAS devices are often exposed on the internet and lack the robust security measures found in other endpoints, said Daniel dos Santos of Forescout Technologies.
Security experts are warning organizations with Juniper Networks SRX firewalls and EX switches to update them immediately to patch multiple vulnerabilities attackers have been targeting to remotely execute code, and which may allow them to pivot to internal networks.
It's critical for healthcare sector entities considering - or already using - generative AI applications to create an extensive threat modeling infrastructure and understand all attack vectors, said Mervyn Chapman, principal consultant at consulting and managed services firm Ahead.
In the latest "Proof of Concept," two CyberEd board members, Connecticut state CISO Jeff Brown and Maricopa County CISO Lester Godsey, join ISMG editors to discuss securing digital government services, improving user experiences and balancing user convenience with robust identity verification.
This week, Japan's cybersecurity agency reportedly was breached, social media companies were urged to ward off data scraping, the NSA said it respects foreign intelligence targets, Polish authorities arrested two for hacking a rail network, and a ransomware gang used GDPR fines as scare tactics.
Medical device maker Medtronic MiniMed violated patient privacy by using tracking and authentication technologies such as Google Analytics and Firebase in its InPen diabetes management app and services, according to a proposed federal class action lawsuit filed this week.
Malwarebytes laid off at least 100 workers this week and plans to split its consumer and corporate-facing business units into separate companies. The antivirus firm cut also recently axed its chief product officer, chief information officer and chief technology officer.
Cybersecurity doublespeak is never a good sign, especially when it comes in a letter this week addressed to half a million current and former employees of fast-fashion retailer Forever 21, warning them that their personal information was stolen in an eight-week breach discovered in March.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.