Critical cybersecurity gaps in smart infusion pumps have put the data and care of hundreds of patients at risk, according to researchers at Unit 42 of cybersecurity firm Palo Alto Networks. They say that 75% of the 200,000 smart infusion pump networks they scanned contained known security gaps.
As Russia's invasion of Ukraine continues, what should global CISOs and security teams do to ensure that their organizations stay protected? Beyond following cybersecurity agencies' guidance, experts offer advice on how to brief the board of directors, appeal for resources, support teams and more.
This ISMG Security Report analyzes why Russia has not yet launched full-scale cyberattacks in Ukraine and the West and what we might expect to come. It also describes how organizations can bolster cyber defenses in times of crisis and outlines mistakes organizations make following a cyber incident.
Amid escalating violence in Ukraine and sanctions meant to hobble Moscow, the Senate has passed a landmark cybersecurity package that bundles three substantial measures - mandatory incident reporting for critical infrastructure, an update to federal IT security strategy, and FedRAMP authorization.
Global Insurance broker Aon has disclosed to the U.S. Securities and Exchange Commission that the company suffered a cyber incident that affected a limited number of systems. The incident was discovered on Feb. 25, and there is no indication of a breach of any corporate or customer information.
Ukrainian online newspaper Pravda has published what it says are details on 120,000 Russian soldiers, citing Ukraine's Center for Defense Strategies as the source. But chatter seen by Information Security Media Group on Telegram suggests that the source of the dataset is the hacker group ENIGMA.
Why didn't Russia unleash major cyberattacks against Ukrainian critical infrastructure ahead of its invasion troop advance? While theories abound, some experts warn that, unfortunately, this war and its cost to human life is only set to get worse.
Monongalia Health System, a West Virginia-based entity that reported a phishing breach in December, affecting nearly 399,000 individuals, this week reported a separate security incident that appears to have potentially involved ransomware. Are the incidents related?
Federal authorities are warning healthcare and public health sector entities to be proactive and vigilant to at least three main potential threat groups, as well as various wiper malware, linked with Russia's attack on Ukraine.
The federal agency enforcing HIPAA is urging covered entities and business associates to sharpen their focus on protecting their organizations against cyberattacks. The agency has also laid out a list of priorities for rule-making, enforcement and other activities in 2022.
Amid what is now a prolonged struggle in Ukraine, cybersecurity officials in the U.S. and European Union have expressed some surprise over Russia's lack of pervasive cyber strikes to date. But they warn that these actions could follow as its economy reels from sanctions.
A previously undocumented advanced persistent threat campaign named Daxin has been found. It uses a stealthy rootkit backdoor to enable remote actors to communicate with secured devices not connected directly to the internet. Researchers say Chinese attackers used it to run an espionage campaign.
The Lapsus$ ransomware group says it has released some of the data trove stolen from chipmaker Nvidia. Leaked data contains proprietary source code, drivers and documentation on Nvidia's Falcon and LHR products. Experts discuss the impact on Nvidia, the stolen data's worth and remediation measures.
As Russia continues its invasion of Ukraine, Western governments and certain hacktivists remain steadfast in opposition. On social media, international hacktivist collective Anonymous says it has successfully hacked websites of the Russian government, media and banks.
India's Data Protection Bill may be approved by Parliament in August. The country will also have new regulations to prevent companies from hiding data breach incidents. Some experts say the move is a step in the right direction and suggest CERT-In is not adequate as a law enforcement entity.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.