Infrastructure Security

DHS CISA Shares More Microsoft Exchange Vulnerability Guidance

by Jessica Davis

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency released another emergency directive designed to further mitigate vulnerabilities in on-prem Microsoft Exchange...

PACS Vulnerability of Orthopedic Specialist Exposes Data From 28K

by Jessica Davis

Mendelson Kornblum Orthopedic and Spine Specialists recently notified more than 28,000 patients that their data was exposed due to a vulnerability in its Picture Archiving and Communication Systems...

FBI: Mamba Ransomware Actors Weaponizing Freeware Encryption Tool

by Jessica Davis

The threat actors behind Mamba ransomware are weaponizing DiskCryptor, an open source full disk encryption software. The malware encrypts the entire drive, including the operating system, to restrict...

Brute-Force Campaign on Windows SMBs Spreads Worming Malware

by Jessica Davis

Internet-facing Windows devices are being targeted by an active malware campaign known as Purple Fox. Hackers are leveraging brute-force attempts against SMBs to deploy the malware, which has worming...

Exchange Flaw Latest: 30K Servers Vulnerable, Daily Attacks Spike

by Jessica Davis

It’s been about three weeks since Microsoft released a software update for four-zero day flaws within on-prem Exchange servers and an estimated 30,000, or 8 percent, remain unpatched....

Ransomware Extortion Threat Actors Post Data from 4 Healthcare Entities

by Jessica Davis

In the last few weeks, the ransomware hackers behind Conti, Babuk, and Avaddon leaked data they claim to have stolen from at least five healthcare entities, which should serve as a warning to the...

DHS CISA Shares Incident Response Tool for On-Prem Threat Activity

by Jessica Davis

The Department of Health and Human Services Cybersecurity and Infrastructure Security Agency unveiled the CISA Hunt and Incident Response Program (CHIRP) tool, which is designed to support entities...

Hackers Successfully Exploiting Older, Unpatched Microsoft Vulnerabilities

by Jessica Davis

The most frequent exploit in the last three months caught by HP Sure Click was against an older, unpatched memory corruption vulnerability in Microsoft Office, accounting for nearly 75 percent of all...

Microsoft Shares One-Click Mitigation Tool for Exchange Server Flaws

by Jessica Davis

Microsoft unveiled a mitigation tool for small entities and others operating without a designated IT or security team, which is designed to automatically mitigate the recently...

APT Hackers Targeting Unpatched, On-Prem Microsoft Exchange Servers

by Jessica Davis

At least 10 advanced persistent threat (APT) hacking groups are targeting unpatched, on-prem Microsoft Exchange servers, in an effort to exploit the vulnerability and take control of the impacted...

Verkada Security Camera Hack Allows Access, Leak of Hospital Live Feeds

by Jessica Davis

A report from Bloomberg shows hackers were able to gain access to the live feeds from at least 150,000 security cameras, including those belonging to several hospitals, health clinics, Tesla, and...

DHS CISA Shares Remediation, Risk Guidance for SolarWinds Compromise

by Jessica Davis

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency released new guidance to help support security leaders and administrators with risk decisions and remediation of...

Microsoft Shares IOC Scan Tool, as Attacks on Exchange Servers Expand

by Jessica Davis

The Assistant Secretary for Preparedness and Response is urging healthcare entities to path the four critical vulnerabilities found in certain Microsoft Exchange Servers, under active exploit....

CISA Urges Patch, as Hackers Exploit Zero-Day Flaws in Microsoft Exchange

by Jessica Davis

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency alerted to an out-of-band software update issued by Microsoft, which will patch four zero-day vulnerabilities found...

NSA Shares Zero Trust Security Model Guide, Recommendations

by Jessica Davis

The NSA unveiled guidance for implementing a zero trust security model across the enterprise infrastructure, which includes recommendations. The system management strategy is designed to bolster...

How to Mitigate COVID-19’s Impact on Device Security and Patient Safety

by Jessica Davis

It’s been long established that the healthcare threat landscape, in terms of its prime targeted nature and the vast number of connected supply chain vendors and medical devices, poses an equal amount of risk and network security...

Healthcare Cyberattacks Doubled in 2020, with 28% Tied to Ransomware

by Jessica Davis

Cyberattacks on healthcare more than doubled in 2020, with ransomware accounting for 28 percent of all attacks. COVID-19 response efforts, including personal protective equipment and the vaccine supply...

Demand, Sale of Backdoor Access to Healthcare Networks Spiked in 2020

by Jessica Davis

Demand for backdoor access to healthcare networks drastically increased last year, as did the number of hackers gaining and selling backdoor access on the dark web, according to CTIL research. Hackers...

White House: SolarWinds Hack Impacted 9 Fed Agencies, 100 Entities

by Jessica Davis

At a White House press briefing on Wednesday, Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger confirmed that the SolarWinds Orion compromise claimed nine federal...

Sutter Buttes Imaging PACS Vulnerability Causes 18 Month Data Breach

by Jessica Davis

Sutter Buttes Imaging (SBI) is notifying an undisclosed number of patients that their data was compromised for 18 months, due to a leak caused by a vulnerability in its third-party IT...