Cybersecurity Vulnerabilities

Threat actors increasingly exploit zero-day vulnerabilities to evade threat detection

April 25, 2024 - Threat actors are increasingly targeting edge devices, exploiting zero-day vulnerabilities, and engaging in living off the land attacks to evade threat detection tools, Mandiant revealed in a recent report. In 2023, Mandiant tracked 97 unique zero-day vulnerabilities that were exploited in the wild, signifying a 50% increase from 2022. Exploits...

Read More


More Articles

GAO Urges FDA, CISA to Revamp Medical Device Cybersecurity Agreement

by Jill McKeon

The US Government Accountability Office (GAO) released a report on medical device cybersecurity to address limitations in federal agencies’ authority, explore challenges in accessing federal...

CISA’s Healthcare Risk and Vulnerability Assessment Reveals Sector-Wide Improvement Areas

by Jill McKeon

The Cybersecurity and Infrastructure Security Agency (CISA) published a cybersecurity advisory based on key findings that the agency uncovered during a risk and vulnerability assessment (RVA) conducted...

Delta Dental of California MOVEit Hack Impacts 7M Individuals

by Jill McKeon

Delta Dental of California informed nearly 7 million individuals of a data breach stemming from the May 2023 hack of Progress Software’s MOVEit Transfer software. As previously reported,...

Hospitals Urged to Secure Systems Against Citrix Bleed Cybersecurity Vulnerability

by Jill McKeon

Hospitals should take immediate action to protect against the Citrix Bleed cybersecurity vulnerability, the American Hospital Association (AHA) warned, following multiple alerts by government agencies...

HC3 Urges Healthcare Sector to Update SolarWinds Following Vulnerability Disclosure

by Jill McKeon

The Health Sector Cybersecurity Coordination Center (HC3) urged the sector to prioritize monitoring and upgrading SolarWinds systems following a series of cybersecurity vulnerability...

Researchers Observe 59% Spike in Medical Device Security Vulnerabilities

by Jill McKeon

Security vulnerabilities in medical devices and the software applications that support them continue to pose a significant threat to healthcare, the Health Information Sharing and Analysis Center...

MOVEit Breach Notifications Continue to Roll In, Impacting Health Data

by Jill McKeon

Entities across the country are still feeling the effects of the MOVEit Transfer hack as more organizations report breaches stemming from the vulnerability. Earlier this week, the Colorado Department...

CISA Releases Advisory On Preventing Web Application Access Control Abuse

by Jill McKeon

Insecure direct object reference (IDOR) vulnerabilities in web applications pose a threat to organizations around the world, the Cybersecurity and Infrastructure Security Agency (CISA) warned in a...

Security Flaws Found in Software Development Kit Used for Telemedicine Services

by Jill McKeon

Claroty’s Team82 and Check Point Research (CPR) discovered critical vulnerabilities in the QuickBlox software development kit (SDK) and application programming interface (API), a framework that...

Medtronic Discloses Cybersecurity Vulnerability in Paceart Optima System

by Jill McKeon

Medtronic notified the Cybersecurity and Infrastructure Security Agency (CISA) of a cybersecurity vulnerability (CVE-2023-31222) found in its Paceart Optima System. If exploited, threat actors may be...

Progress Software Discloses Another MOVEit Cybersecurity Vulnerability

by Jill McKeon

Progress Software has disclosed another critical cybersecurity vulnerability in its MOVEit Transfer software. The previously reported vulnerability (CVE-2023-34362) involves a SQL injection flaw, and...

Revenue Cycle Vendor Discloses Breach Tied to Fortra GoAnywhere Hack

by Jill McKeon

Tennessee-based revenue cycle management vendor Intellihartx (ITx) disclosed a data breach to the Maine Attorney General’s Office that impacted 489,830 individuals. The breach stemmed from a...

Clop Ransomware Gang Exploiting MOVEit Cybersecurity Vulnerability

by Jill McKeon

The Cybersecurity and Infrastructure Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint cybersecurity advisory (CSA) regarding Clop ransomware, a group that has been active...

Cybersecurity Vulnerability in MOVEit Transfer Software Poses Threat to Healthcare

by Jill McKeon

A critical cybersecurity vulnerability (CVE-2023-34362) in Progress Software’s MOVEit Transfer software may result in privilege escalation and unauthorized access if exploited, the Health Sector...

HC3 Warns Healthcare of Cyberattacks Against Popular Data Backup Software

by Jill McKeon

The Health Sector Cybersecurity Coordination Center’s (HC3) latest alert details the growing trend of threat actors targeting a known vulnerability in Veeam Backup & Replication (VBR)...

Rise Interactive Faces Class Action Lawsuit Over Healthcare Data Breach

by Sarai Rodriguez

Rise Interactive Media & Analytics was hit with proposed a class action healthcare data breach lawsuit in the aftermath of a November 2022 breach.  The law firm Wolf Haldenstein, Adler...

CISA Launches Pilot Program to Help Critical Infrastructure Manage Cybersecurity Vulnerabilities

by Jill McKeon

The Cybersecurity and Infrastructure Security Agency (CISA) launched its Ransomware Vulnerability Warning Pilot (RVWP) with the goal of helping critical infrastructure entities remain aware of and...

Outdated Operating Systems Remain Key Medical Device Security Challenge

by Jill McKeon

Microsoft’s support of Windows 8.1 ended on January 10, meaning that the company will no longer provide software updates and technical assistance for that version of its operating system (OS). To reduce risk, Microsoft recommended...

Community Health Systems Impacted by Data Breach Tied to GoAnywhere MFT Vulnerability

by Jill McKeon

In a recent Securities and Exchange Commission (SEC) filing, Community Health Systems (CHS) disclosed a third-party data breach involving Fortra’s GoAnywhere managed file transfer (MFT)...

Recent Articles