The National Security Agency, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency, and the FBI released a joint alert, warning that nation-state threat actors from...
The Health-ISAC recently published supply-chain cyberattack insights in collaboration with the American Hospital Association, meant to support healthcare provider organizations prevent and respond to...
Threat actors are continuing to target the COVID-19 vaccine cold chain, the means of delivering and storing vaccines at safe temperatures, with spear-phishing campaigns that leverage pharma and...
In a rare move, a court-authorized FBI operation removed web shells from a host of exploited on-prem Microsoft Exchange Servers. Many of the victims may have been unaware their systems were...
Microsoft disclosed and issued patches for four newly detected vulnerabilities found in on-prem Microsoft Exchange Servers version 2016 and 2019. The Department of Homeland Security is urging all...
A group of nine DNS vulnerabilities in four popular TCP/IP stacks used in more than 100 million enterprise, consumer, and industrial IoT devices pose a critical risk of hacking or remote code execution...
Data extortion was once seen as a rare, or potential threat, rather than a pressing issue, while ransomware and subsequent downtime were greater concerns for healthcare cybersecurity. But...
An evaluation of the Department of Health and Human Services against Federal Information Security Modernization Act of 2014 (FISMA) principles found the agency’s information security program...
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency shared another tool to support remediation of threats posed by the SolarWinds supply-chain attack. The new dashboard...
The information blocking provisions of the 21st Century Cures Act officially went into effect this week, putting into focus the Department of Health and Human Services’ regulatory and compliance...
An active cyberattack campaign was spotted in the wild, targeting systems running unpatched or misconfigured SAP systems. Threat actors are exploiting these vulnerabilities to gain full control of the...
Advanced persistent threat actors are actively exploiting unpatched vulnerabilities in Fortinet FortiOS platforms belonging to technology services, government agencies, and other private sector...
VMware issued a software update for its vRealize Operations, Cloud Foundation, and Lifecycle Manage to address two severe flaws that could allow an attacker to steal admin credentials and manipulate or...
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency released another emergency directive designed to further mitigate vulnerabilities in on-prem Microsoft Exchange...
Multiple fraudulent COVID-19 vaccine, pharmacy, and other pandemic-related websites have been taken down, as a result of a federal government enforcement effort to combat fraud schemes and attacks...
Senior medical research personnel in the US and Israel are being targeted by a credential phishing campaign launched by a nation-state hacking group with ties to Iran, according to a new Proofpoint...
Around the world, healthcare entities are steadily making progress on vaccinating individuals against COVID-19. Many of these providers are relying on technology for vaccine appointment scheduling and...
The threat actors behind Mamba ransomware are weaponizing DiskCryptor, an open source full disk encryption software. The malware encrypts the entire drive, including the operating system, to restrict...
Internet-facing Windows devices are being targeted by an active malware campaign known as Purple Fox. Hackers are leveraging brute-force attempts against SMBs to deploy the malware, which has worming...
The FBI recently warned private sector entities that cybercriminals are increasingly leveraging business email compromise attacks against federal government agencies, which has hindered...