CyberSecurity Blog

ICYMI: Healthcare entities are “stressed,” in the words of SailPoint’s Rob Sebaugh, and identity security in particular has taken a steep toll. But modernization, led by AI-driven identity security, can help reduce risk and even enable new levels of clinician autonomy.http://dlvr.it/StCFj9

‘IT Complications’ at Prospect Medical Holdings Shut Down Ambulances, Appointments A ransomware attack has forced a California-based hospital chain to divert ambulances from its emergency rooms and cancel appointments for services. The group of 17 hospitals, 166 outpatient clinics and various doctor practices is still recovering after an IT systems shutdown.http://dlvr.it/StChbR

Unified Extensible Firmware Interface Should Be More Secure, Says Agency The U.S. government is urging computer manufacturers to improve the security of firmware architecture that boots up devices after a powerful bootkit sparked concerns over permanent malware infections. Among its recommendations are that all UEFI developers implement dedicated PKI for updates.http://dlvr.it/StCYY6

Healthcare entities are “stressed,” in the words of SailPoint’s Rob Sebaugh, and identity security in particular has taken a steep toll. But modernization, led by AI-driven identity security, can help reduce risk and even enable new levels of clinician autonomy.http://dlvr.it/StCFj9

ICYMI: Mobile Device Management Are ‘Attractive Targets,’ Warns Joint Advisory With Norway A hacking campaign that exploited Ivanti mobile device manager to target the Norwegian government began in April and possible earlier, say cybersecurity agencies from the U.S. and Norway. Mobile device management systems are “attractive targets for threat actors,” the alert warns.http://dlvr.it/St9RqY

ICYMI: Despite Scant Details on Hacks, Law Firms Poised to Pounce on Norton, Fairfax Oral Public details have been scant so far from two medical care providers about recent major hacks that compromised the personal information of an unconfirmed number of patients. But that hasn’t stopped the push by class action attorneys, who are already…
Read more

ICYMI: Amit Yoran Says Microsoft Left Critical Azure Vulnerability Unpatched for 4 Months Tenable CEO Amit Yoran once again accused Microsoft of irresponsible security practices, this time for letting a critical Azure vulnerability stay unpatched for four months. Tenable told Microsoft about a flaw in an Azure service that would allow an unauthenticated attacker to…
Read more

ICYMI: Solution Architecture Director Andrew Hoyt Shares Expel’s Q1 2023 Threat Report According to Expel’s Q1 2023 Quarterly Threat Report, criminals are exploiting 1- to 2-year-old vulnerabilities. This suggests organizations don’t know which vulnerabilities pose the biggest threats to their environments, said Andrew Hoyt, Expel’s director of solution architecture.http://dlvr.it/St8rCT

Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research. At issue is a mobile malware obfuscation method identified by…
Read more

Mobile Device Management Are ‘Attractive Targets,’ Warns Joint Advisory With Norway A hacking campaign that exploited Ivanti mobile device manager to target the Norwegian government began in April and possible earlier, say cybersecurity agencies from the U.S. and Norway. Mobile device management systems are “attractive targets for threat actors,” the alert warns.http://dlvr.it/St6pj1