The Pennsylvania Department of Health and its third-party contractor Insight Global have been sued, after reports that its COVID-19 contact tracing app exposed the sensitive data of at least 72,000...
Reports consistently highlight the risk of vulnerability exploits and ransomware to healthcare. But email is often the key access point in these attacks, through phishing and stolen credentials. As insiders remain a leading threat,...
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency released an alert for a newer ransomware variant and remote access trojan (RAT) spotted in the wild using publicly...
At least 75 percent of healthcare entities are impacted by a host of TCP/IP vulnerabilities, uncovered by Forescout Research Labs within the last year. NUMBER:JACK, NAME:WRECK, and AMNESIA:33 are found...
Ivanti released a software update to patch a critical zero-day authentication bypass vulnerability in its Pulse Connect Secure (PCS) virtual private network (VPN) software, which the Department of...
On Thursday, the NSA unveiled guidance designed to support the defense of malicious cyber activity on targeted, connected operational tech (OT). Although aimed at federal agencies, private sector...
NIST and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency released guidance to support entities with the defense against supply chain attacks, in the wake of the...
Russian Advanced persistent threat (APT) actors are actively targeting a range of US entities to gather intelligence agencies. Recent federal guidance aims to shed light on the tactics used in these...
Driven by Clop actors and the Accellion File Transfer Appliance (FTA) hack, exfiltration and extortion attempts are now occurring in the vast majority of ransomware attacks, increasing from 70 percent...
Threat actors are moving at a drastic pace and with stealthy tactics able to hide their activities from system administrators. The truth is that healthcare is struggling with some massive cybersecurity...
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency released a report on the relatively new malware variant known as SUPERNOVA, which ties the threat to both...
The Ryuk ransomware variant has been updated, yet again. A recent Advanced Intelligence (AdvIntel) report shows the threat actors are increasingly relying on service-based remote desktop protocols...
Entities using SonicWall Hosted Email Security (HES) are being urged to prioritize the patching of three zero-day vulnerabilities within the software, which researchers have observed being exploited in...
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency issued an alert that warned critical, zero-day vulnerabilities in certain Ivanti Pulse Connect Secure SSL VPNs are...
Russian-based nation-state threat actors were recently tied to two newer malware variants leveraging the widespread SolarWinds Orion supply chain compromise for a host of nefarious activities,...
The National Security Agency, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency, and the FBI released a joint alert, warning that nation-state threat actors from...
The Health-ISAC recently published supply-chain cyberattack insights in collaboration with the American Hospital Association, meant to support healthcare provider organizations prevent and respond to...
CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC), formerly known as Trusted Health Plan, recently notified 200,665 plan members that their data was compromised and...
In a rare move, a court-authorized FBI operation removed web shells from a host of exploited on-prem Microsoft Exchange Servers. Many of the victims may have been unaware their systems were...
Microsoft disclosed and issued patches for four newly detected vulnerabilities found in on-prem Microsoft Exchange Servers version 2016 and 2019. The Department of Homeland Security is urging all...