Source: CISA

CISA Advises Federal Agencies to Patch VMware Flaws

Mihir Bagwe • May 19, 2022

An emergency directive from the U.S. Cybersecurity and Infrastructure Security Agency advises all federal agencies in the country to immediately patch and address two vulnerabilities - one with a critical CVSS score and the other with a high score - that affect at least five VMware products.

Critical Infrastructure Security

Okta's Data Breach Debacle After Lapsus$ Attack: Postmortem

Latest

Fraud Management & Cybercrime

2 Health Plans Report Major Breaches Following Attacks

Marianne Kolbasuk McGee • May 19, 2022

Two recent apparent ransomware attacks on health plans have potentially affected hundreds of thousands of individuals. One of the incidents allegedly involved the Conti ransomware group, and the other allegedly involved Hive. One of the health plans is already facing legal fallout.

Fraud Management & Cybercrime

Ransomware Attack Vectors: RDP and Phishing Still Dominate

Mathew J. Schwartz • May 19, 2022

Attackers who successfully infect targets with ransomware primarily first gain access by exploiting poorly secured remote desktop protocol or VPN connections or by using malware-laden phishing emails, reports security firm Group-IB, based on more than 700 attacks it investigated in 2021.

Critical Infrastructure Security

Ransomware Ecosystem: Big Changes Since Colonial Pipeline

Anna Delaney • May 19, 2022

The latest edition of the ISMG Security Report analyzes the changes in the ransomware landscape one year after the attack on Colonial Pipeline. It also revisits the Ryuk ransomware attack on a school district in Illinois and examines common culprits hindering effective Zero Trust adoption.

3rd Party Risk Management

Victim List in EHR Vendor Hack Grows as New Details Emerge

Marianne Kolbasuk McGee • May 18, 2022

The list of ophthalmology practices and the number of individuals affected by a December hacking incident at a cloud-based electronic health records vendor, which resulted in deleted databases, are growing as more details about the attack slowly emerge.

Access Management

Five Eyes Alliance Advises on Top 10 Initial Attack Vectors

Mihir Bagwe • May 18, 2022

Poor security configurations, weak controls and gaps in authentication protocols are among the common initial access vectors "routinely exploited" by threat actors, the Five Eyes cybersecurity alliance says. Firms offering cybersecurity services weigh in on the gaps and implementation challenges.

Blockchain & Cryptocurrency

Cryptocurrency-Stealing 'Cryware' Malware Attacks Surge

Mathew J. Schwartz • May 18, 2022

Criminals are doubling down on their use of information-stealing malware, such as Cryptobot, RedLine Stealer and QuilClipper, to steal private keys and siphon off cryptocurrency being stored in internet-connected hot wallets or to raid cryptocurrency holders' online exchange accounts.

Business Continuity Management / Disaster Recovery

Conti Claims It Has 'Insiders' in Costa Rican Government

Mihir Bagwe • May 17, 2022

Ransomware group Conti, which has been holding to ransom crypto-locked Costa Rican government systems since April, has claimed on its leak site Conti News that it has "insiders" in the country's government, and that they are working toward the compromise of "other systems."

3rd Party Risk Management

Google Unveils Service to Secure Open-Source Dependencies

Michael Novinson , Brian Pereira • May 17, 2022

Google will offer customers access to the same technology it uses to lock down developer workflows to ensure open-source dependencies are addressed. Assured Open Source Software will allow clients to ensure third-party software they're using is scanned, analyzed and fuzz-tested for vulnerabilities.

Electronic Healthcare Records

An Initiative to Enhance Patient ID, Record Matching

Marianne Kolbasuk McGee • May 17, 2022

A new initiative aims to create a standards-based nationwide patient credential and matching ecosystem to ultimately improve matching patients with their electronic health information, says Scott Stuewe, CEO of DirectTrust, the nonprofit, vendor-neutral organization that is leading the effort.

3rd Party Risk Management

Trusting Our Global Supply Chain

Steve King • May 17, 2022

In this episode of "Cybersecurity Unplugged," Tim Danks of Global Risk Perspectives discusses issues around trusting our global supply chain, including the role of Huawei, the steps needed to secure critical infrastructure, and the process for determining a comfortable level of risk management.

Access Management

Proof of Concept: Apple/Microsoft/Google Back Passwordless

Anna Delaney • May 16, 2022

In the latest "Proof of Concept," Lisa Sotto, Jeremy Grant and ISMG editors discuss the significance of Apple, Google and Microsoft supporting the FIDO protocol's passwordless sign-in standard, progress made on Biden's cybersecurity executive order and updates on U.S. cybersecurity and privacy laws.

Breach Notification

AvosLocker Claims Data Theft From Another Healthcare Entity

Marianne Kolbasuk McGee • May 16, 2022

In its most recent assault against a healthcare entity, ransomware-as-a-service operator AvosLocker claims to be behind an attack allegedly involving data theft from Texas-based CHRISTUS Health, which operates hundreds of healthcare facilities in the U.S., Mexico and South America.