Latest

3rd Party Risk Management

Update: "This was a targeted attack" says Red Cross

Mihir Bagwe  •  January 20, 2022

Data on more than 515,000 "highly vulnerable people" has been compromised as the result of a supply chain cyberattack, the International Committee of the Red Cross has disclosed. The organization's humanitarian activities are already being impacted.

Application Security

Log4Shell Update: VMware Horizon Targeted

Prajeet Nair  •  January 19, 2022

Attackers have been actively targeting Log4j vulnerabilities, or Log4Shell, vulnerabilities in the servers of virtualization solution VMware Horizon to establish persistent access via web shells, according to an alert by the U.K. National Health Service.

3rd Party Risk Management

Why SBOMs in the Healthcare IT Supply Chain Are Critical

Marianne Kolbasuk McGee  •  January 19, 2022

Because healthcare IT environments are so complicated, it will become essential for all suppliers to provide and maintain a software bill of materials for their products to remain relevant, says Curt Miller of the Healthcare Supply Chain Association.

Endpoint Protection Platforms (EPP)

McAfee Enterprise and FireEye Products Rebrand as Trellix

Mathew J. Schwartz  •  January 19, 2022

Endpoint detection and response software news: The entity formerly known as McAfee Enterprise and FireEye Products has a new name: Trellix. Think of a "security trellis to businesses across the globe, giving them support they need to keep them safe," says CEO Bryan Palma. Will customers and prospects buy in?

Electronic Healthcare Records

HHS Issues Trusted Health Data Exchange Governance Framework

Marianne Kolbasuk McGee  •  January 18, 2022

Federal regulators have released the final versions of the long-awaited Trusted Exchange Framework and Common Agreement, which provide a governance framework to promote secure, interoperable nationwide health information exchange - an effort that has been in the making for years.

Cyberwarfare / Nation-State Attacks

EU's Cyber Rapid Response Team on Standby for Ukraine

Prajeet Nair  •  January 18, 2022

After the defacement of multiple Ukrainian government websites last week and subsequent deployment of destructive malware against Ukraine over the weekend, Lithuanian officials have offered to deploy the EU's Cyber Rapid Response Team to help Ukraine deal with cyberattacks.

Business Email Compromise (BEC)

How 'The Great Resignation' Is Affecting Cybersecurity

Anna Delaney  •  January 18, 2022

People are leaving their jobs in droves during "The Great Resignation," and the cybersecurity industry is not immune to the trend. Mike Hamilton, the former CISO for the city of Seattle, warns organizations about the opportunities this presents for cybercriminals and outlines how employers can work to retain talent....

3rd Party Risk Management

Record Number of Major Health Data Breaches in 2021

Marianne Kolbasuk McGee  •  January 17, 2022

In the midst of a global pandemic, the federal breach tally shows that a record number of major health data breaches were reported in the U.S. in 2021, and the overwhelming majority of them involved hacking/IT incidents. Will those trends continue in 2022?

Blockchain & Cryptocurrency

OCC Chief Calls for Collaboration in Crypto Regulations

Devon Warren-Kachelein  •  January 15, 2022

With 16% of U.S. citizens using a cryptocurrency trading platform, OCC acting Chief Michael Hsu urges collaborative efforts to pass cryptocurrency regulations, which he says could lead to greater innovation in the space.

3rd Party Risk Management

Accellion Agrees to $8.1 Million Breach Settlement

Prajeet Nair  •  January 15, 2022

More than a year after the December 2020 cyberattack on Accellion's File Transfer Appliance, the company has agreed to an $ 8.1 million settlement to resolve a class action against it following the data exposure that resulted in the theft of both consumer and patient data.

3rd Party Risk Management

Clinic Breach Affecting 200,000 Tied to Vendor's 2020 Attack

Marianne Kolbasuk McGee  •  January 14, 2022

A family medical practice is notifying nearly 200,000 individuals that their information was compromised in a 2020 ransomware attack on cloud hosting vendor Netgain Technology, an incident that also affected several of the vendor's other clients and hundreds of thousands of their patients.

►

Application Security

ISMG Editors: Is 2022 the Year of the SBOM?

Anna Delaney  •  January 14, 2022

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of incident repose planning; the worldwide impact of the LOg4j flaw, which may lead to 2022 being the year of the SBOM; and the increasingly blurred line between conventional...