A new report published by the software company Egress this month, Phishing Threat Trends Report, is a must-read. It outlines the proliferation of phishing toolkits on the dark web (that basically allows any Tom, Dick, and...more
October is always a busy month for cybersecurity professionals. For the past 21 years, October has been an especially busy month for me as it is Cybersecurity Awareness Month. This means lots of employee education and...more
According to the FBI, it has “seen a huge increase in the number of cases involving children and teens being threatened and coerced into sending explicit images online,” also known as sextortion....more
The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI), the National Security Agency, and other international partners, issued an Alert on September 5, 2024, warning...more
The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Department of Defense Cyber Crime Center (DC3) issued a joint alert on August 28, 2024, warning U.S.-based...more
Dragos issued its Industrial Ransomware Analysis for Q2 on August 14, 2024. The analysis shows that ransomware attacks significantly increased in Q2, with many ransomware groups disrupted by law enforcement rebranding...more
Information technology professionals—beware of SharpRhino—a malware variant attributed to threat actor cybercriminals associated with Hunters International. It is being reported that Hunters International is the “10th most...more
Security research firm Halcyon recently reported that it “encountered” a new ransomware organization dubbed Volcano Demon several times in the past few weeks....more
Verizon’s 2024 Data Breach Report, a must-read publication, was published on May 1, 2024. The report indicates that “Over the past 10 years, the use of stolen credentials has appeared in almost one-third (31%) of all...more
The Health Sector Cybersecurity Coordination Center (HC3) provides timely updates to the health care sector on cybersecurity threats and mitigation. In the last several weeks, HC3 has issued two alerts worth paying close...more
It is being reported that Black Basta (aptly named) exploited a Microsoft zero-day prior to Microsoft’s release of a patch for the vulnerability back in March....more
On June 2, 2024, cloud service provider Snowflake reported increased cyber threat activity targeting some of its customer’s accounts. Snowflake recommended that customers review unusual activity to detect and prevent...more
Since I hang out with a lot of CISOs, and understand their pain points, I urge readers to send a “thank you” and “you are the best” message to their CISO. You can’t imagine the pressure and stress they are under to try to...more
CYBERSECURITY -
CISA Issues Advisory on Black Basta Ransomware -
On May 10, 2024, CISA, along with the FBI, HHS, and MS-ISAC, issued a joint Cybersecurity Advisory relating to Black Basta ransomware affiliates “that...more
5/17/2024
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Security ,
NIST ,
Ransomware ,
Risk Mitigation
CYBERSECURITY -
Health Care Entities Continue to Get Pummeled by Cybersecurity Attacks -
The newest health care entity to be hit by a cyberattack is Ascension Health, which operates 140 hospitals and 40 assisted living...more
5/10/2024
/ Consumer Privacy Rights ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Sharing ,
Personal Data ,
Personally Identifiable Information ,
Social Media
The newest health care entity to be hit by a cyberattack is Ascension Health, which operates 140 hospitals and 40 assisted living facilities in 19 states. Ascension confirmed that it has been hit by a cybersecurity attack and...more
In response to the growing threat by pro-Russia hacktivists, on May 1, 2023, CISA and other national agency partners issued an Alert to operators of industrial control systems and small-scale operational technology systems in...more
The Cybersecurity and Infrastructure Agency (CISA) has published an Alert confirming that Cisco, a prominent technology company, has released security updates to its firewall platforms. The releases apply to Cisco’s...more
Cyber adversaries in China and Russia continue to be a formidable threat to U.S. based companies. In the past, scams might be detected because a word was misspelled or the context didn’t make sense. Now, with the help of...more
CYBERSECURITY
HC3 Warns Health Sector About Social Engineering Attacks Against IT Help Desks -
The Health Sector Cybersecurity Coordination Center (HC3) recently issued an Alert warning that “threat actors employing...more
4/12/2024
/ California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Information Technology ,
Risk Management
The Health Sector Cybersecurity Coordination Center (HC3) recently issued an Alert warning that “threat actors employing advanced social engineering tactics to target IT help desks in the health sector and gain initial access...more
Adding to the list of many other municipalities, the city of Pensacola, Florida, was hit with a cyberattack last weekend that affected services to residents, including emergency telephone assistance. Although Pensacola is...more
To help organizations protect against ransomware, CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a cybersecurity advisory warning organizations about the Phobos ransomware, and...more
In a joint release last week, the Cybersecurity and Infrastructure Security Agency (CISA) and other federal agencies issued a chilling Advisory about the ongoing attacks by Volt Typhoon on U.S. critical infrastructure. Volt...more
Mozilla recently released security updates to address known vulnerabilities in their Thunderbird and Firefox products. The Cybersecurity & Infrastructure Security Agency (CISA) is recommending that the patches be applied...more