A breach investigation into an incident initially appearing to affect only one individual has turned into a $300,640 HIPAA settlement for a dermatology practice that was subsequently discovered to be improperly disposing many patient information for more than a decade.
An online search by cybersecurity firm Cyfirma found more than 80,000 unpatched cameras made by Hangzhou Hikvision Digital Technology Co. Attackers could exploit the vulnerability to add the cameras to a botnet or as a launching point for lateral movement deeper into the camera operator's network.
Attackers could take advantage of a misconfiguration in Palo Alto firewalls to launch amplification DDoS attacks, a vulnerability that led the U.S. Cybersecurity and Infrastructure Security Agency added the vulnerability its catalog of actively exploited vulnerabilities.
A Texas-based hospital is apparently still contending with pressure to pay an extortion group that claims to have stolen patient data months ago, while a French medical center responds to a weekend attack and demands to pay a $10 million ransom.
Accenture analyzed the top 20 most active ransomware leak sites to see how threat actors are posting sensitive corporate information and making the data easy to search and exploit. Accenture's Robert Boyce explains how cybercriminals are weaponizing stolen ransomware data for follow-up attacks.
Twitter's former security chief, Peiter Zatko, aka "Mudge," filed a whistleblowing complaint against the social media giant with the U.S. Securities and Exchange Commission, alleging that "extreme, egregious deficiencies" in its cybersecurity remain unresolved.
Evolving social engineering campaigns - including a significant rise in vishing attacks - continue to pose significant data security threats to healthcare and public sector entities, federal authorities warn, urging entities to take steps to avoid falling victim.
Expel is out with its latest quarterly threat report, which reveals that Identity-based attacks now account for 56% of incidents identified by Expel's SOC. Jon Hencinski shares highlights from the report and how to respond to BEC, ransomware and attackers who have found ways to defeat MFA.
Hackers looted Bitcoin ATMs of $16,000 in an attack manufacturer General Bytes says stems from a zero day vulnerability accidently introduced in 2020. An executive with the Czech company suggest attackers may have been motivated out of vengeance for its pro-Ukraine stance.
In the tit-for-tat world of advanced persistent threats, security measures set by Microsoft such as multifactor authentication are being met by Russian hacking group APT29 with circumvention techniques. Mandiant says it's seeing several new hacking methods by the group, also known as Cozy Bear.
Beleaguered spyware vendor NSO Group is attempting to reboot its corporate image by pledging to only sell its wares to NATO member countries, lay off 10% of its workforce and replace its CEO, as it seeks a buyer. But the company, which remains blacklisted by the U.S., faces an uphill battle.
Domain name registrars track domain name owners via "whois" data, which is a crucial tool for investigators combating cybercrime. But Kroll's Alan Brill says that since the EU General Data Protection Regulation went into effect, many registrars no longer publicly share such information, and that's a problem.
At Splunk, we believe data is the key to success in all facets of life, including building your March Madness bracket. That is why we built a prediction engine in Splunk to showcase the data behind each team and try to curate the perfect bracket. During the webinar, Splunk experts will share the story behind the...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.