What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-01-23 21:56:16 | 84% of Healthcare Organizations Spotted a Cyberattack in the Late Year (lien direct) | Pas de details / No more details | Medical | ★★★ | |
 |
2025-01-23 14:27:45 | ColorTokens appoints Guru Gurushankar as SVP and GM for healthcare and life sciences (lien direct) | >ColorTokens Inc., a global enterprise microsegmentation company, announced the appointment of Guru Gurushankar as senior vice president and...
>ColorTokens Inc., a global enterprise microsegmentation company, announced the appointment of Guru Gurushankar as senior vice president and... |
Medical | ★★★ | |
 |
2025-01-23 13:01:21 | Android enhances theft protection with Identity Check and expanded features (lien direct) | Posted by Jianing Sandra Guo, Product Manager, Android, Nataliya Stanetsky, Staff Program Manager, Android
Today, people around the world rely on their mobile devices to help them stay connected with friends and family, manage finances, keep track of healthcare information and more – all from their fingertips. But a stolen device in the wrong hands can expose sensitive data, leaving you vulnerable to identity theft, financial fraud and privacy breaches.
This is why we recently launched Android theft protection, a comprehensive suite of features designed to protect you and your data at every stage – before, during, and after device theft. As part of our commitment to help you stay safe on Android, we\'re expanding and enhancing these features to deliver even more robust protection to more users around the world.
Identity Check rolling out to Pixel and Samsung One UI 7 devices
We\'re officially launching Identity Check, first on Pixel and Samsung Galaxy devices eligible for One UI 71, to provide better protection for your critical account and device settings. When you turn on Identity Check, your device will require explicit biometric authentication to access certain sensitive resources when you\'re outside of trusted locations. Identity Check also enables enhanced protection for Google Accounts on all supported devices and additional security for Samsung Accounts on One UI 7 eligible Galaxy devices, making it much more difficult for an unauthorized attacker to take over accounts signed in on the device.
As part of enabling Identity Check, you can designate one or more trusted locations. When you\'re outside of these trusted places, biometric authentication will be required to access critical account and device settings, like changing your device PIN or biometrics, disabling theft protection, or accessing Passkeys.
Identity Check gives you more peace of mind that your most sensitive device assets are protected against unauthorized access, even if a thief or bad actor manages to learn your device PIN.
Identity Check is rolling out now to Pixel devices with Android 15 and will be available on One UI 7 eligible Galaxy devices in the coming weeks. It will roll out to supported Android devices from other manufacturers later this year.
Theft Detection Lock: expanding AI-powered protection to more users
One of the top theft protection features introduced last year was Theft Detection Lock, which uses an on-device AI-powered algorithm to help detect when your phone may be forcibly taken from you. If the machine learning algorithm detects a potential theft attempt on your unlocked device, it locks your scre |
Tool Mobile Medical | ★★★ | |
 |
2025-01-22 11:10:00 | Account Compromise and Phishing Top Healthcare Security Incidents (lien direct) | Netwrix claims 84% of healthcare organizations detected a cyber-attack in the past year
Netwrix claims 84% of healthcare organizations detected a cyber-attack in the past year |
Medical | ★★★ | |
 |
2025-01-21 17:05:53 | 84% of Healthcare Organisations Spotted a Cyberattack within the Last 12 Months, and 69% of Them Faced Financial Damage as a Result (lien direct) | 84% of Healthcare Organisations Spotted a Cyberattack within the Last 12 Months, and 69% of Them Faced Financial Damage as a Result
One in five healthcare organisations reported a change in senior leadership (21%) or lawsuits (19%) as attack consequences, compared to 13% among other sectors surveyed.
-
Special Reports
/
affiche
84% of Healthcare Organisations Spotted a Cyberattack within the Last 12 Months, and 69% of Them Faced Financial Damage as a Result One in five healthcare organisations reported a change in senior leadership (21%) or lawsuits (19%) as attack consequences, compared to 13% among other sectors surveyed. - Special Reports / affiche |
Medical | ★★★ | |
|
2025-01-21 10:47:45 | ASL CN1 Cuneo selects Cubbit\\'s geo-distributed S3 cloud (lien direct) | ASL CN1 Cuneo selects Cubbit\'s geo-distributed S3 cloud, achieving data resilience and 50% savings on storage costs
With Cubbit DS3, healthcare company ASL CN1 Cuneo protects its data with exceptional resilience against ransomware and disasters, fully complying with NIS2 and GDPR standards, as well as all regional public sector regulations.
-
Market News
ASL CN1 Cuneo selects Cubbit\'s geo-distributed S3 cloud, achieving data resilience and 50% savings on storage costs With Cubbit DS3, healthcare company ASL CN1 Cuneo protects its data with exceptional resilience against ransomware and disasters, fully complying with NIS2 and GDPR standards, as well as all regional public sector regulations. - Market News |
Ransomware Medical Cloud | ★★★ | |
|
2025-01-21 08:49:19 | US HC3 warns BEC emerges as one of \\'most financially damaging\\' cybersecurity threat to healthcare sector (lien direct) | The Health Sector Cybersecurity Coordination Center (HC3) within the U.S. Department of Health & Human Services (HHS) identified...
The Health Sector Cybersecurity Coordination Center (HC3) within the U.S. Department of Health & Human Services (HHS) identified... |
Threat Medical | ★★★ | |
 |
2025-01-20 05:55:49 | Securing Health Data in 2025: The Rising Cybersecurity Challenges (lien direct) | Since 1996, the Health Insurance Portability and Accountability Act (HIPAA) has been the cornerstone of patient privacy. The act established standards for how healthcare organizations handle and share patient data, creating a framework for ensuring confidentiality. But the healthcare landscape has transformed dramatically, and with it, the risks have multiplied. Emerging cyber threats and complex [...]
Since 1996, the Health Insurance Portability and Accountability Act (HIPAA) has been the cornerstone of patient privacy. The act established standards for how healthcare organizations handle and share patient data, creating a framework for ensuring confidentiality. But the healthcare landscape has transformed dramatically, and with it, the risks have multiplied. Emerging cyber threats and complex [...] |
Medical | ★★★ | |
|
2025-01-17 05:06:14 | Educate, Prepare, & Mitigate: The Keys to Unlocking Cyber Resilience (lien direct) | In 2024, consumers saw an array of cybersecurity incidents that impacted them directly, and in dramatic ways. From the Change Healthcare attack that impacted healthcare systems and prevented some from getting medication, to the more recent issues involving Ahold Delhaize that left grocery stores shelves practically empty right before the Thanksgiving holiday, consumers are feeling [...]
In 2024, consumers saw an array of cybersecurity incidents that impacted them directly, and in dramatic ways. From the Change Healthcare attack that impacted healthcare systems and prevented some from getting medication, to the more recent issues involving Ahold Delhaize that left grocery stores shelves practically empty right before the Thanksgiving holiday, consumers are feeling [...] |
Medical | ★★★ | |
|
2025-01-16 22:03:05 | 183M Patient Records Exposed: Fortified Health Security Releases 2025 Healthcare Cybersecurity Report (lien direct) | Pas de details / No more details | Medical | ★★ | |
|
2025-01-16 13:51:26 | New EU action plan set to protect hospitals, healthcare providers against rising cybersecurity threats (lien direct) | The European Commission has unveiled an EU action plan designed to strengthen the cybersecurity of hospitals and healthcare...
The European Commission has unveiled an EU action plan designed to strengthen the cybersecurity of hospitals and healthcare... |
Medical | ★★ | |
|
2025-01-16 08:30:00 | EU To Launch New Support Centre by 2026 to Boost Healthcare Cybersecurity (lien direct) | A new EU action plan will be structured around four pillars: prevention, threat detection and identification, response to cyber-attacks and deterrence
A new EU action plan will be structured around four pillars: prevention, threat detection and identification, response to cyber-attacks and deterrence |
Threat Medical | ★★★ | |
 |
2025-01-15 17:52:17 | No new funding in EU plan to tackle ransomware attacks against hospitals (lien direct) | The European Commission has a new “action plan” to reduce the health sector\'s vulnerability to cyberattacks. For funding, it only offers healthcare entities guidance on opportunities available elsewhere.
The European Commission has a new “action plan” to reduce the health sector\'s vulnerability to cyberattacks. For funding, it only offers healthcare entities guidance on opportunities available elsewhere. |
Ransomware Vulnerability Medical | ★★ | |
 |
2025-01-15 16:00:52 | 5 Trends Shaping Healthcare Cybersecurity in 2025 (lien direct) | >Palo Alto Networks shares five of the top healthcare cybersecurity trends and strategies to prepare you for transformation in 2025 and beyond.
>Palo Alto Networks shares five of the top healthcare cybersecurity trends and strategies to prepare you for transformation in 2025 and beyond. |
Medical | ★★ | |
|
2025-01-13 05:15:16 | Medusind Data Breach Exposes Over 360,000 Individuals\\' Healthcare Info (lien direct) | Medusind, a healthcare revenue cycle management provider, has disclosed a data breach that compromised the personal and health information of 360,934 people. The breach, which happened over a year ago, affirms the ongoing cybersecurity challenges in the healthcare sector. The company, which operates 12 locations across the US and India and supports more than 6,000 [...]
Medusind, a healthcare revenue cycle management provider, has disclosed a data breach that compromised the personal and health information of 360,934 people. The breach, which happened over a year ago, affirms the ongoing cybersecurity challenges in the healthcare sector. The company, which operates 12 locations across the US and India and supports more than 6,000 [...] |
Data Breach Medical | ★★★ | |
 |
2025-01-10 15:52:00 | Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity (lien direct) | Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints – from legacy medical devices to IoT sensors – onto their production networks.
Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints – from legacy medical devices to IoT sensors – onto their production networks. |
Medical | ★★★ | |
|
2025-01-10 10:25:00 | Medusind Breach Exposes Sensitive Patient Data (lien direct) | The US medical billing firm is notifying over 360,000 customers that their personal, financial and medical data may have been exposed
The US medical billing firm is notifying over 360,000 customers that their personal, financial and medical data may have been exposed |
Medical | ★★★ | |
 |
2025-01-09 00:44:13 | Database tables of student, teacher info stolen from PowerSchool in cyberattack (lien direct) | Class act: Biz only serves 60M people across America, no biggie A leading education software maker has admitted its IT environment was compromised in a cyberattack, with students and teachers\' personal data – including some Social Security Numbers and medical info – stolen.…
Class act: Biz only serves 60M people across America, no biggie A leading education software maker has admitted its IT environment was compromised in a cyberattack, with students and teachers\' personal data – including some Social Security Numbers and medical info – stolen.… |
Medical | ★★ | |
 |
2025-01-08 22:28:17 | Fast Pace Health: Zero Phishing Incidents Since Harmony Email & Collaboration Implementation (lien direct) |  Healthcare entities have a 51% probability of falling victim to phishing attacks. Successful incidents not only lead to control over systems, but can also expose patient health information, financial and insurance data. Healthcare providers are seeing an 81% uptick in threats, especially as cyber criminals weaponize increasingly advanced methods, and some organizations are struggling to keep pace. With over 265 clinic locations across the United States and a mission to deliver high-quality, accessible and compassionate care to under-served communities, Fast Pace Health recently found itself ill-equipped to fend off high volumes of relentless cyber threats. On account of overseeing large […]
Healthcare entities have a 51% probability of falling victim to phishing attacks. Successful incidents not only lead to control over systems, but can also expose patient health information, financial and insurance data. Healthcare providers are seeing an 81% uptick in threats, especially as cyber criminals weaponize increasingly advanced methods, and some organizations are struggling to keep pace. With over 265 clinic locations across the United States and a mission to deliver high-quality, accessible and compassionate care to under-served communities, Fast Pace Health recently found itself ill-equipped to fend off high volumes of relentless cyber threats. On account of overseeing large […]
|
Medical | ★★★ | |
 |
2025-01-08 12:28:01 | Medical billing firm Medusind discloses breach affecting 360,000 people (lien direct) | Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. [...]
Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. [...] |
Data Breach Medical | ★★★ | |
|
2025-01-07 21:55:15 | Massachusetts health firm reaches $80,000 settlement with HHS following ransomware investigation (lien direct) | The Department of Health and Human Services (HHS) reached the agreement with Elgon Information Systems after the company violated federal rules around the protection of healthcare data.
The Department of Health and Human Services (HHS) reached the agreement with Elgon Information Systems after the company violated federal rules around the protection of healthcare data. |
Ransomware Medical | ★★ | |
|
2025-01-04 01:30:10 | Amazon worker – struck and shot in New Orleans terror attack – initially denied time off (lien direct) | Web giant now pledges full support A warehouse worker at an Amazon facility in Mobile, Alabama, who was struck by a truck and shot in the New Orleans New Year\'s Day deadly terror attack, was initially denied medical leave by the internet mega-giant, possibly due to an HR mix-up.…
Web giant now pledges full support A warehouse worker at an Amazon facility in Mobile, Alabama, who was struck by a truck and shot in the New Orleans New Year\'s Day deadly terror attack, was initially denied medical leave by the internet mega-giant, possibly due to an HR mix-up.… |
Mobile Medical | ★★★ | |
|
2025-01-03 21:14:42 | New HIPAA Cybersecurity Rules Pull No Punches (lien direct) | Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it.
Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it. |
Medical | ★★★ | |
|
2025-01-03 13:00:23 | Ensuring HIPAA Compliance with Secure Remote Access (lien direct) | >When it comes to remote access, healthcare organizations must contend with the same challenges as their counterparts in many other industries: remote workers and third-party contractors need fast, reliable connections to enterprise resources. The security team also needs to defend against threats like data breaches and the introduction of malware. One notable difference in healthcare is that organizations are subject to stringent HIPAA compliance requirements meant to protect the sensitive patient records they store and share. Even while facing a rising number of attacks, healthcare organizations need to provide secure and efficient remote access to systems to deliver high quality […]
>When it comes to remote access, healthcare organizations must contend with the same challenges as their counterparts in many other industries: remote workers and third-party contractors need fast, reliable connections to enterprise resources. The security team also needs to defend against threats like data breaches and the introduction of malware. One notable difference in healthcare is that organizations are subject to stringent HIPAA compliance requirements meant to protect the sensitive patient records they store and share. Even while facing a rising number of attacks, healthcare organizations need to provide secure and efficient remote access to systems to deliver high quality […] |
Malware Medical | ★★ | |
|
2025-01-02 21:30:43 | Proposed HIPAA Amendments Will Close Healthcare Security Gaps (lien direct) | The changes to the healthcare privacy regulation with technical controls such as network segmentation, multi-factor authentication, and encryption. The changes would strengthen cybersecurity protections for electronic health information and address evolving threats against healthcare entities.
The changes to the healthcare privacy regulation with technical controls such as network segmentation, multi-factor authentication, and encryption. The changes would strengthen cybersecurity protections for electronic health information and address evolving threats against healthcare entities. |
Medical Technical | ★★ | |
|
2025-01-02 14:30:00 | HIPAA Rules Update Proposed to Combat Healthcare Data Breaches (lien direct) | The US government has set out proposals to increase security obligations on healthcare providers to protect patient data amid surging cyber-attacks in the sector
The US government has set out proposals to increase security obligations on healthcare providers to protect patient data amid surging cyber-attacks in the sector |
Medical | ★★★ | |
|
2025-01-02 04:24:11 | 2024 Year in Review (Part 1) (lien direct) | As 2023 came to a close, it was easy to predict that breaches would continue to dominate the cybersecurity news. However, the scale of the events, specifically the Change Healthcare breach eclipsed all others for the year. The other event that shook not only the entire technology community, but also the world, was the Crowdstrike [...]
As 2023 came to a close, it was easy to predict that breaches would continue to dominate the cybersecurity news. However, the scale of the events, specifically the Change Healthcare breach eclipsed all others for the year. The other event that shook not only the entire technology community, but also the world, was the Crowdstrike [...] |
Prediction Medical | ★★★ | |
|
2024-12-30 18:13:00 | New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits (lien direct) | The United States Department of Health and Human Services\' (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients\' data against potential cyber attacks.
The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the
The United States Department of Health and Human Services\' (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients\' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the |
Medical | ★★★ | |
|
2024-12-28 13:32:59 | Peter Machat, Senior Director EMEA Central, ARMIS: Combining Armis\\' Centrix platform with Armis\\' channel partners services, is a good way for your Cybersecurity posture. (lien direct) | Global Security Mag: Good afternoon, Peter. Global Security Mag is happy to have this opportunity to exchange with you about Armis. Could you please tell us what Armis is presenting at it-sa 2024?
Peter Machat: Thanks for having me. Armis has a booth with its distributor Infinigate to allow our experts showing a demonstration instance for our cyber exposure management platform based on some standard data from different scenarios like healthcare, or like typical OT Security, just to give an idea about what Company\'s IT assets are visible. And for that purpose, they use different sources. They usually use all the integrations the customer offers, meaning systems the customers already have, like CrowdStrike Endpoint Protection Platform and so on. These data are integrated, and a network flow analysis can also be done. Network assets can be mapped and listed, information from different systems and vulnerabilities can be gathered and shown. That is part one of Armis\' solution and on top of that, we give recommendations, prioritizing what should be done. Our solution is directly integrated with tickets management systems like ServiceNow, so, tickets can be created to resolve the cases issued.
-
Interviews
/
affiche,
it-sa 2024 en
Global Security Mag: Good afternoon, Peter. Global Security Mag is happy to have this opportunity to exchange with you about Armis. Could you please tell us what Armis is presenting at it-sa 2024? Peter Machat: Thanks for having me. Armis has a booth with its distributor Infinigate to allow our experts showing a demonstration instance for our cyber exposure management platform based on some standard data from different scenarios like healthcare, or like typical OT Security, just to give an idea about what Company\'s IT assets are visible. And for that purpose, they use different sources. They usually use all the integrations the customer offers, meaning systems the customers already have, like CrowdStrike Endpoint Protection Platform and so on. These data are integrated, and a network flow analysis can also be done. Network assets can be mapped and listed, information from different systems and vulnerabilities can be gathered and shown. That is part one of Armis\' solution and on top of that, we give recommendations, prioritizing what should be done. Our solution is directly integrated with tickets management systems like ServiceNow, so, tickets can be created to resolve the cases issued. - Interviews / affiche, it-sa 2024 en |
Vulnerability Industrial Medical | ★★ | |
|
2024-12-23 17:15:00 | Ransomware Attack Exposes Data of 5.6 Million Ascension Patients (lien direct) | US healthcare giant Ascension revealed that 5.6 million individuals have had their personal, medical and financial information breached in a ransomware attack
US healthcare giant Ascension revealed that 5.6 million individuals have had their personal, medical and financial information breached in a ransomware attack |
Ransomware Medical | ★★ | |
 |
2024-12-23 13:46:44 | Weekly OSINT Highlights, 23 December 2024 (lien direct) | ## Snapshot Last week\'s OSINT reporting revealed a variety of cyberattack trends, with phishing, malware, and supply chain attacks remaining prominent tactics across multiple industries. Attackers frequently exploit trust within organizations and communities, as seen in campaigns targeting security professionals with trojanized tools and compromised repositories, such as the MUT-1244 attack. Additionally, phishing continues to be a primary vector for delivering malware, ranging from credential harvesters like BellaCPP and Zloader to backdoors like CLNTEND and Glutton. Attackers are increasingly refining their techniques with evasion methods, such as DNS tunneling, obfuscated payloads, and exploiting vulnerabilities in software like ERP systems and cloud services. Threat actors span various regions and sectors, with notable focus on defense, government, financial, and technology targets, in the EMEA, APAC, and LATAM regions. ## Description 1. [WikiKit Campaigns Target Industries With Phishing Kits](https://security.microsoft.com/intel-explorer/articles/81b47d0d): WikiKit targets industries such as automotive, manufacturing, and healthcare, leveraging phishing kits with corporate branding to harvest credentials. The campaign uses advanced evasion techniques like tamper-proof JavaScript and CAPTCHA checks to bypass detection and continues to evolve. 2. [BellaCPP Malware Linked to Charming Kitten](https://security.microsoft.com/intel-explorer/articles/725329cd): BellaCPP malware demonstrates sophisticated persistence techniques and SSH tunneling capabilities. Found alongside an older BellaCiao sample on an infected machine in Asia, it highlights attackers\' evolving strategies to maintain network access, emphasizing the importance of thorough network investigations. 3. [Zloader Evolves With Enhanced DNS Tunneling](https://security.microsoft.com/intel-explorer/articles/9d76113f): Zloader malware now uses a custom DNS tunnel for C2 communications, advanced anti-analysis techniques, and GhostSocks payloads. Its evolving role as an initial access broker for ransomware highlights its growing sophistication and targeted infection methods. 4. [FlowerStorm Rises Amid Rockstar2FA Collapse](https://security.microsoft.com/intel-explorer/articles/ff7a63bc): After technical failures disrupted Rockstar2FA, FlowerStorm emerged with similar phishing infrastructure targeting North America and Europe. The service industry has been heavily impacted by these campaigns, which share backend similarities and operational overlap. 5. [Holiday-Themed Phishing Attacks Exploit Seasonal Urgency](https://security.microsoft.com/intel-explorer/articles/f8198f90): Threat actors exploit the holiday season with targeted lures, delivering malware like Remcos RAT and executing fraud schemes. Campaigns impersonate airlines, HR departments, and nonprofits to steal credentials, money, or sensitive information. 6. [IAM User Exploitation Targets Cloud LLM Models](https://security.microsoft.com/intel-explorer/articles/729893a5): Attackers exploited compromised IAM keys to access AWS environments and attempt unauthorized use of Bedrock LLM models. Despite privilege escalation efforts, Service Control Policies thwarted their attempts to invoke APIs for further abuse. 7. [Lumma Stealer Campaign Abuses Ad Networks](https://security.microsoft.com/intel-explorer/articles/994ccfa2): The Lumma Stealer malware campaign used Monetag ad networks to target users with malicious PowerShell commands disguised as CAPTCHA solutions. The malware harvests sensitive data and continues to resurface despite takedowns of compromised ad accounts. 8. [Evolved NodeStealer Variant Targets Facebook Ads and Financial Data](https://security.microsoft.com/intel-explorer/articles/f7587417): Trend Micro\'s Managed XDR team identified an evolved Python-based NodeStealer variant targeting Facebook Ads Manager accounts, credit card details, and browser-stored data. Spear-phishing emails in Bahasa Melayu, with poorly translated subject lines, were used to target an | Ransomware Malware Tool Vulnerability Threat Prediction Medical Cloud Technical | ★★★ | |
|
2024-12-20 19:55:42 | Nearly 6 million people were impacted by ransomware attack on healthcare giant Ascension (lien direct) | A cyberattack against the massive health system in May had an even larger impact than previous reported, leading to the exposure of sensitive information belonging to millions of people.
A cyberattack against the massive health system in May had an even larger impact than previous reported, leading to the exposure of sensitive information belonging to millions of people. |
Ransomware Medical | ★★★ | |
|
2024-12-20 18:52:43 | (Déjà vu) WikiKit AiTM Phishing Kit: Where Links Tell Lies (lien direct) | #### Targeted Industries - Critical Manufacturing - Healthcare & Public Health ## Snapshot Researchers from TRAC Labs recently uncovered a phishing kit dubbed "WikiKit," which received its name for redirecting to Wikipedia pages when JavaScript is disabled or the phishing link is invalid. ## Description Launched in October 2024, WikiKit campaigns have been observed impacting multiple industries, including automotive, manufacturing, and healthcare. The phishing kit uses Jimdosite-hosted landing pages that mimic corporate branding and prompt users to click on a link labeled "Review Document Here," redirecting them to credential harvesting pages. Attackers exploit compromised corporate email accounts to distribute phishing links, sometimes disguising them as legitimate Salesforce redirects to increase user trust. Victims who interact with these phishing links encounter CAPTCHA checks before entering credentials, which are then validated and sent to the attackers\' servers. The phishing kit dynamically customizes pages with the victim\'s company logo and background, enhancing its legitimacy. WikiKit employs advanced techniques to evade detection, including tamper-proof JavaScript code that disrupts debugging attempts and hides non-default authentication methods. The attackers leverage stolen credentials to bypass multi-factor authentication and redirect victims to what appear to be legitimate Microsoft 365 or Outlook error pages. As of December 2024, the campaign continues to operate with consistent infrastructure and evasion tactics. ## Recommendations - Invest in advanced anti-phishing solutions that monitor incoming emails and visited websites. [Microsoft Defender for Office 365](https://learn.microsoft.com/microsoft-365/security/defender/microsoft-365-security-center-mdo) merges incident and alert management across email, devices, and identities, centralizing investigations for email-based threats. Organizations can also leverage web browsers that automatically [identify and block](https://learn.microsoft.com/deployedge/microsoft-edge-security-smartscreen) malicious websites, including those used in this phishing campaign. - [Require multifactor authentication (MFA).](https://learn.microsoft.com/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication)While AiTM phishing attempts to circumvent MFA, implementation of MFA remains an essential pillar in identity security and is highly effective at stopping a variety of threats. - Leverage more secure implementations such as FIDO Tokens, or [Microsoft Authenticator](https://www.microsoft.com/security/mobile-authenticator-app) with passkey. Avoid telephony-based MFA methods to avoid risks associated with SIM-jacking. - For more granular control, enable conditional access policies. [Conditional access](https://learn.microsoft.com/entra/identity/conditional-access/overview) policies evaluate sign-in requests using additional identity driven signals like user or group membership, IP location information, and device status, among others, and are enforced for suspicious sign-ins. Organizations can protect themselves from attacks that leverage stolen credentials by enabling policies such as compliant devices or trusted IP address requirements. - Implement [continuous access evaluation](https://learn.microsoft.com/entra/identity/conditional-access/concept-continuous-access-evaluation). - Turn on [Safe Links](https://learn.microsoft.com/defender-office-365/safe-links-about) and [Safe Attachments](https://learn.microsoft.com/defender-office-365/safe-attachments-about) for Office 365. - Enable [Zero-hour auto purge (ZAP)](https://learn.microsoft.com/defender-office-365/zero-hour-auto-purge) in Office 365 to quarantine sent mail in response to newly acquired threat intelligence and retroactively neutralize malicious phishing, spam, or malware messages that have already been delivered to mailboxes. - Run endpoint detection and response [(EDR) in block mode](https://l | Spam Malware Tool Threat Mobile Medical | ★★★ | |
|
2024-12-20 17:19:56 | Romanian Netwalker ransomware affiliate sentenced to 20 years in US prison (lien direct) | Daniel Christian Hulea admitted to earning up to $21.5 million from attacks carried out by Netwalker, a group known for targeting the healthcare sector during the COVID-19 pandemic.
Daniel Christian Hulea admitted to earning up to $21.5 million from attacks carried out by Netwalker, a group known for targeting the healthcare sector during the COVID-19 pandemic. |
Ransomware Legislation Medical | ★★★ | |
|
2024-12-20 08:59:48 | HC3 reveals credential harvesting threat targeting healthcare sector, provides mitigation strategies to reduce risk (lien direct) | The Health Sector Cybersecurity Coordination Center (HC3) of the U.S. Department of Health & Human Services (HHS) disclosed...
The Health Sector Cybersecurity Coordination Center (HC3) of the U.S. Department of Health & Human Services (HHS) disclosed... |
Threat Medical | ★★★ | |
|
2024-12-20 07:05:33 | Ascension: Health data of 5.6 million stolen in ransomware attack (lien direct) | Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation. [...]
Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation. [...] |
Ransomware Medical | ★★★ | |
 |
2024-12-18 16:00:00 | Global Medical Device Company Deploys FortiSASE to 7,000 Users (lien direct) | Read how a medical products and technologies company is leveraging FortiSASE to strengthen security for its remote workforce while improving operational efficiency.
Read how a medical products and technologies company is leveraging FortiSASE to strengthen security for its remote workforce while improving operational efficiency. |
Medical | ★★ | |
|
2024-12-17 20:53:13 | Nebraska AG sues Change Healthcare, UnitedHealth for data theft after ransomware attack (lien direct) | The 29-page filing alleges violations of Nebraska\'s consumer protection and data security laws and says Change Healthcare - which is owned by UnitedHealth Group (UHG) - failed to implement proper security measures that exacerbated the data breach, disrupting critical healthcare services across the state.
The 29-page filing alleges violations of Nebraska\'s consumer protection and data security laws and says Change Healthcare - which is owned by UnitedHealth Group (UHG) - failed to implement proper security measures that exacerbated the data breach, disrupting critical healthcare services across the state. |
Ransomware Data Breach Medical | ★★ | |
|
2024-12-17 20:03:27 | Texas Tech Fumbles Medical Data in Massive Breach (lien direct) | The cyberattack impacts at least 1.4 million patients, as tranches of highly sensitive personal, medical, and financial data fall into the hands of cyber crooks who have everything they need to carry out convincing social engineering and fraud attacks.
The cyberattack impacts at least 1.4 million patients, as tranches of highly sensitive personal, medical, and financial data fall into the hands of cyber crooks who have everything they need to carry out convincing social engineering and fraud attacks. |
Medical | ★★ | |
 |
2024-12-17 03:59:36 | London\\'s CNI is Under Threat (lien direct) | London is one of the smartest and most interconnected cities in the world. Digital infrastructure plays a role in almost every facet of society, streamlining public transport, improving healthcare provision, boosting sustainability, and more. However, this reliance on technology has left London\'s critical national infrastructure ( CNI) perilously vulnerable to digital attacks. As geopolitical relationships deteriorate and nation-state threats to critical infrastructure increase, the UK can no longer ignore this problem. The Impact of Critical National Infrastructure Failures As a sprawling...
London is one of the smartest and most interconnected cities in the world. Digital infrastructure plays a role in almost every facet of society, streamlining public transport, improving healthcare provision, boosting sustainability, and more. However, this reliance on technology has left London\'s critical national infrastructure ( CNI) perilously vulnerable to digital attacks. As geopolitical relationships deteriorate and nation-state threats to critical infrastructure increase, the UK can no longer ignore this problem. The Impact of Critical National Infrastructure Failures As a sprawling... |
Threat Medical | ★★ | |
|
2024-12-16 12:28:35 | ConnectOnCall breach exposes health data of over 910,000 patients (lien direct) | Healthcare software as a service (SaaS) company Phreesia is notifying over 910,000 people that their personal and health data was exposed in a May breach of its subsidiary ConnectOnCall. [...]
Healthcare software as a service (SaaS) company Phreesia is notifying over 910,000 people that their personal and health data was exposed in a May breach of its subsidiary ConnectOnCall. [...] |
Medical | ★★ | |
 |
2024-12-13 21:44:39 | Canadian Eyecare Firm Care1 Exposes 2.2TB of Patient Records (lien direct) | Another day, another healthcare database misconfiguration exposing sensitive patient information.
Another day, another healthcare database misconfiguration exposing sensitive patient information. |
Medical | ★★ | |
|
2024-12-12 21:33:09 | Lynx Ransomware Pouncing on Utilities (lien direct) | #### Targeted Geolocations - United States #### Targeted Industries - Energy ## Snapshot A recent report from the Center for Internet Security (CIS) highlights the growing threat of ransomware attacks targeting utility organizations, with a particular focus on the activities of the Lynx ransomware group (tracked by Microsoft as [Storm-2113](https://security.microsoft.com/intel-profiles/7d8b27d096bfce159d3602d5221a20a8c2fddc95db7401efe10f486f57c1e5d2)). ## Description Between 2022 and 2024, attacks on utilities surged due to their reliance on outdated hardware and software, making them attractive targets for groups like Lynx. The group claimed over 20 victims in the energy, oil, and gas sectors in the United States between July and November 2024. Despite its claims to be an "ethical hacking group" that avoids impacting organizations in healthcare and government, Lynx employs double extortion tactics, encrypting victims\' data and threatening to leak sensitive information unless additional ransoms are paid. The stolen data often includes trade secrets, financial records, and internal documents, causing severe reputational and operational damage. The group\'s initial compromise methods include phishing attacks to harvest credentials, followed by disabling antivirus software, deleting shadow copies, and encrypting both local files and network shares. Victims are pressured through ransom notes directing them to a Lynx-operated .onion site and public blogs where the group leaks or threatens to leak stolen data. ## Microsoft Analysis and Additional OSINT Context The threat actor that Microsoft tracks as [Storm-2113](https://security.microsoft.com/intel-profiles/7d8b27d096bfce159d3602d5221a20a8c2fddc95db7401efe10f486f57c1e5d2) is a financially motivated group known for deploying Lynx ransomware. The actor has targeted entities in multiple sectors, including manufacturing, energy, and commercial facilities, among others. Microsoft has observed Storm-2113 has obtain initial access through exploitation of publicly disclosed vulnerabilities. Post-compromise activity by the group includes the use of several remote monitoring and management (RMM) tools in intrusions for lateral movement and persistence. Storm-2113 also leverages tools like [Mimikatz](https://security.microsoft.com/intel-profiles/2dffdfcf7478886ee7de79237e5aeb52b0ab0cd350f1003a12064c7da2a4f1cb) and [Impacket](https://security.microsoft.com/intel-profiles/19a4861eb55c4c074ab0a8c6f58738d8f50dda8badf96695758399e3d826dda6) to steal credentials. ## Recommendations Microsoft recommends the following mitigations to reduce the impact of this threat. - Harden internet-facing assets and identify and secure perimeter systems that attackers might use to access the network. Public scanning interfaces, such as [Microsoft Defender External Attack Surface Management](https://www.microsoft.com/security/business/cloud-security/microsoft-defender-external-attack-surface-management), can be used to augment data. The Attack Surface Summary dashboard surfaces assets such as Exchange servers which require security updates as well as provides recommended remediation steps. - Organizations can use [Microsoft Defender Vulnerability Management](https://security.microsoft.com/vulnerabilities?ocid=magicti_ta_ta2) to assess the current status of disclosed vulnerabilities and deploy any updates that might have been missed. - As more organizations move to the cloud, it is important to continue to protect Active Directory resources through credential hardening during this transition. Threat actors are motivated by easy access and continue to look for easy paths to acquire domain administrator privileges. Microsoft provides some steps organizations can take to build credential hygiene in our [on-premises credential theft threat overview](https://security.microsoft.com/threatanalytics3/9382203e-5155-4b5e-af74-21562b1004d5/analystreport). - Enforce multifactor authentication (MFA) on all accounts, remo | Ransomware Malware Tool Vulnerability Threat Medical Cloud Commercial | ★★★ | |
|
2024-12-12 18:15:05 | Screen Actors Guild Health Plan sued after September data breach exposes healthcare info (lien direct) | SAG-AFTRA Health Plan said investigators traced the breach back to a phishing email that compromised the account. Law enforcement has been notified and the investigation is ongoing.
SAG-AFTRA Health Plan said investigators traced the breach back to a phishing email that compromised the account. Law enforcement has been notified and the investigation is ongoing. |
Data Breach Legislation Medical | ★★★ | |
|
2024-12-12 11:00:00 | Décryptage du rapport de l\'ANSSI sur la cybersécurité dans la Santé (lien direct) | Décryptage du rapport de l\'ANSSI sur la cybersécurité dans la Santé
Par Geoffroy de Lavenne, Directeur Général d\'ITS Integra
-
Points de Vue
Décryptage du rapport de l\'ANSSI sur la cybersécurité dans la Santé Par Geoffroy de Lavenne, Directeur Général d\'ITS Integra - Points de Vue |
Medical | ★★★ | |
 |
2024-12-11 12:00:00 | LevelBlue SOC Analysts See Sharp Rise in Cyber Threats: Stay Vigilant (lien direct) | This holiday season our SOC analysts have observed a sharp uptick in cyber threat activity. Specifically, they’ve seen a rise in attempted ransomware attacks, which started during the American Thanksgiving holiday period (November 25–31, 2024) and are expected to continue throughout the holiday season. We’re sharing details on the threat actors involved, their tactics, as well as recommendations to give you knowledge and tools to proactively strengthen your security against evolving threats. Key Threat Groups BlackSuit (formerly “Royal”) Known for targeting critical infrastructure sectors, including healthcare, government, and manufacturing, BlackSuit employs data exfiltration, extortion, and encryption techniques, according to a Cybersecurity and Infrastructure Security Agency (CISA) advisory. Common attack vectors include: Phishing emails and malicious websites Exploitation of unsecured virtual private networks (VPNs) lacking multi-factor authentication (MFA) Disabling antivirus software to exfiltrate data before encrypting systems Black Basta Operating as a ransomware-as-a-service (RaaS), Black Basta affiliates have targeted over 500 entities in 2024 alone in North America, Europe, and Australia, according to CISA. Key tactics: Vishing: Impersonating help desk technicians via phone to access networks Using malicious remote management tools to gain entry and escalate attacks LevelBlue Observations of Threat Actor TTPs and How to Fortify Security In recent weeks, our SOC team has observed threat actors using the following tactics to launch attacks: Tactic Recommendations Exploitation of a VPN portal that is not enforcing MFA to gain initial access Enforce MFA for VPN connections and geo-fence your VPN portal(s) Patch VPN devices. Historically we have observed these external-facing network appliances be compromised The use of vishing (impersonating a “help desk” team member) to gain initial access to end-user workstations, which then gives the attacker access to the larger network (emails and text messages are also being leveraged for credential collection and malware deployment) Two numbers LevelBlue has identified to be involved in incidents are 1-844-201-3441 and 304-718-2459 Provide employees with training and education on vishing attacks and the common lures that may be used Implement a process of verification for both help desk employees and employees being called during legitimate IT support scenarios Direct employees to report suspicious communications immediately to a supervisor and security leadership The use of Rclone, WinSCP, and other file transfer tools to exfiltrate data from environments Block the installation or execution of common attacker tools that do not have a designated function within your network, or strictly enforce the exceptions for allowing the usage Exploitation of vulnerabilities across common software/applications to escalate privileges Vulnerabilities for VMware, Microsoft Exchange, Microsoft SharePoint, and other self-hosted applications are being particularly targeted to gain administrator or even root access within environments Patch software per vendor recommendations and review your organization’s vulnerability | Ransomware Malware Tool Vulnerability Threat Patching Medical Cloud | ★★★ | |
|
2024-12-10 13:00:39 | November 2024\\'s Most Wanted Malware: Androxgh0st Leads the Pack, Targeting IoT Devices and Critical Infrastructure (lien direct) | >Check Point Software\'s latest threat index highlights the rise of Androxgh0st, a Mozi-integrated botnet, and ongoing threats from Joker and Anubis, showcasing evolving cyber criminal tactics. Check Point\'s Global Threat Index for November 2024 emphasizing the growing sophistication of cyber criminals. The report highlights the swift ascent of Androxgh0st, now integrated with the Mozi botnet, as it continues to target critical infrastructure worldwide. Critical infrastructure-spanning energy grids, transportation systems, healthcare networks, and more-remains a prime target for cybercriminals due to its indispensable role in daily life and its vulnerabilities. Disrupting these systems can lead to widespread chaos, financial losses, and […]
>Check Point Software\'s latest threat index highlights the rise of Androxgh0st, a Mozi-integrated botnet, and ongoing threats from Joker and Anubis, showcasing evolving cyber criminal tactics. Check Point\'s Global Threat Index for November 2024 emphasizing the growing sophistication of cyber criminals. The report highlights the swift ascent of Androxgh0st, now integrated with the Mozi botnet, as it continues to target critical infrastructure worldwide. Critical infrastructure-spanning energy grids, transportation systems, healthcare networks, and more-remains a prime target for cybercriminals due to its indispensable role in daily life and its vulnerabilities. Disrupting these systems can lead to widespread chaos, financial losses, and […] |
Malware Vulnerability Threat Medical | ★★★ | |
|
2024-12-09 18:53:32 | Medical device company says shipping processes disrupted by ransomware attack (lien direct) | Atlanta-based Artivion filed documents with the Securities and Exchange Commission saying that a pre-Thanksgiving ransomware attack was disrupting its delivery systems.
Atlanta-based Artivion filed documents with the Securities and Exchange Commission saying that a pre-Thanksgiving ransomware attack was disrupting its delivery systems. |
Ransomware Medical | ★★ | |
|
2024-12-09 18:00:51 | Ransomware attack hits leading heart surgery device maker (lien direct) | Artivion, a leading manufacturer of heart surgery medical devices, has disclosed a November 21 ransomware attack that disrupted its operations and forced it to take some systems offline. [...]
Artivion, a leading manufacturer of heart surgery medical devices, has disclosed a November 21 ransomware attack that disrupted its operations and forced it to take some systems offline. [...] |
Ransomware Medical | ★★★★ | |
|
2024-12-09 13:49:00 | Patch or Perish: The Forgotten Virtue of Diligence in Digital Security (lien direct) | In the ever-evolving landscape of digital security, the adage "patch or perish" encapsulates a stark reality. The timely application of software patches is not just a best practice—it is a necessity. The vulnerabilities that lurk in unpatched software can serve as gateways for cybercriminals, leading to severe breaches, operational disruptions, and substantial financial losses. The imperative to keep software up-to-date has never been more pressing, yet patch management often takes a backseat in organizations. It\'s not merely a technical oversight; it\'s a question of diligence and prioritization. The virtue of diligence—the proactive, methodical maintenance of systems—has been lost amid the rapid pace of technological growth. This article takes a deeper look at why diligence in patching is a crucial, yet often overlooked, cornerstone of cybersecurity. The Imperative of Patching Software patches are more than mere updates; they are crucial security mechanisms designed to address vulnerabilities, fix bugs, and even add functionality to software. They serve as a frontline defense against a spectrum of threats that grow more sophisticated each day. Neglecting patches doesn\'t just put one system at risk; it can compromise the entire network, potentially creating a cascading effect of vulnerabilities. Cybercriminals often exploit known vulnerabilities for which patches already exist. These are known as “n-day vulnerabilities,” and their exploitation is rampant simply because organizations fail to apply fixes that are readily available. The importance of patching should be viewed not only as a matter of hygiene but also as a competitive edge. In the current threat landscape, attackers are quick, but defenders must be quicker. Consequences of Neglect The repercussions of inadequate patching are well-documented yet continue to be ignored. Unpatched systems become a fertile hunting ground for cybercriminals looking for easy prey. The result can be data breaches that compromise sensitive information, financial losses that are often uninsurable, and reputational damage that can take years to mend. Take, for example, the infamous WannaCry ransomware attack. WannaCry leveraged a known vulnerability in Microsoft Windows, a vulnerability for which a patch had been released months earlier. Due to lax patch management, over 200,000 systems in 150 countries were compromised, causing disruptions to healthcare, manufacturing, and finance industries. The cost? Billions of dollars in damages, not to mention the incalculable impact on people\'s lives due to healthcare system disruptions. These scenarios are not isolated—they illustrate the risks inherent in ignoring patching protocols. For organizations that fail to take patch management seriously, it’s not a question of "if" they will be compromised, but "when." Challenges in Patch Management Despite its importance, patch management remains fraught with challenges. It’s essential to recognize these hurdles to develop effective mitigation strategies: Resource limitations: Smaller organizations often lack the IT resources required for consistent patch management. Even larger enterprises might struggle to dedicate the necessary manpower, given the constant barrage of patches released by software vendors. System complexity: Modern IT ecosystems are incredibly complex, with a multitude of interdependent software applications and legacy systems. Applying a patch without testing could cause unforeseen issues, from compatibility problems to outright system failures. Downtime concerns: Many organization | Ransomware Tool Vulnerability Threat Patching Medical Technical | Wannacry | ★★★ |
To see everything:
Our RSS (filtrered)
