The UK National Cyber Security Centre (NCSC) issued an alert on October 16, 2020, to raise awareness “of a new remote code execution vulnerability (CVE – 2020 – 16952)”, which affects Microsoft’s SharePoint product. According to the alert, “successful exploitation of this vulnerability would allow an attacker to run arbitrary code and to carry out … Continue Reading
Hall County, Georgia reported on October 7, 2020, that it was the victim of a ransomware attack that disrupted some of its systems, including email and telephone services in public buildings and the sheriff’s offices. Last week, the county indicated that in addition to telephone and email services, the ransomware attack also affected the county’s … Continue Reading
You probably heard about the recent hack of Twitter accounts that took place on July 15, 2020. The hackers took over several prominent Twitter accounts, which resulted in a scam that netted over $118,000 in bitcoin for the hackers. One of the most startling things about the cyberattack was that it was led by a … Continue Reading
It has been widely reported that hackers are taking advantage of the pandemic to perpetrate scams and frauds. We have seen attacks against workers of companies through phishing emails that include an attachment or link offering information or access to specialized treatment for COVID-19 to lure people to click on them. Once they click on … Continue Reading
It is no secret that companies are experiencing an increase in security incidents following the transition from work in the office to work from home during the pandemic. There are a number of causes, including the difficulty of controlling the security of at-home technology equipment such as routers, printers, personal assistants and other IoT devices, … Continue Reading
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that it has settled potential violations of HIPAA with Athens Orthopedic Clinic PA (Athens) for $1.5 million, following an investigation of a data breach that occurred in 2016. The data breach compromised the protected health information of 208,557 individuals when … Continue Reading
Health care providers and contractors continue to be a popular target for hackers. Recently, CHSPSC LLC (CHSPSC), which provides various services to hospitals and clinics indirectly owned by Community Health Systems, Inc. of Tennessee, agreed to pay $2,300,000 to the Office for Civil Rights (OCR) in settlement of potential violations of HIPAA’s Privacy and Security … Continue Reading
The Federal Bureau of Investigations (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Flash Alert to U.S. based businesses doing business in China about a remote targeting campaign whereby the tax software that Chinese domestic banks require foreign companies to install is loaded with malware. Trustwave researchers warned in June … Continue Reading
When the National Security Agency (NSA) and the Federal Bureau of Investigations (FBI) get together to issue a joint warning, you may wish to listen up. The NSA and FBI recently alerted the defense industry through a Cybersecurity Advisory of the risk of malware attacks targeted at the defense and aerospace sectors by Russia’s General … Continue Reading
Last week, authorities from the United States, United Kingdom and Canada accused a well-known hacker group tied to the Russian government, APT29 a/k/a Cozy Bear of using malware to exploit security vulnerabilities to enable it to steal COVID-19 vaccine research from companies located in these countries working to develop a vaccine. This was after a … Continue Reading
Most employers use vendors to assist with managing various employee benefits, including payroll, health and dental benefits, pharmacy, cost-reduction strategies, retirement, analysis and wellness programs. When using these vendors, the personal information of employees is provided to the vendor in data dumps. Usually that means that the vendors receive employees’ names, addresses, dates of birth, … Continue Reading
It doesn’t matter in which state you are located, how many patients you treat, what kind of medicine you practice or how many employees you have, if you are a health care provider, you are being targeted and hackers are successful in victimizing you. That’s my take on the recent Becker’s Health IT article that … Continue Reading
We have urged readers in the past to pay attention to the pushes received from mobile phone manufacturers to update operating systems. Although the pushes claim that new features are included, there are also patches included to plug known vulnerabilities. If you keep pushing “later,” and you don’t update as soon as possible, those vulnerabilities … Continue Reading
After incidents of Zoom “bombing,” including a recent intrusion by hackers to disrupt a church service with foul content (don’t these guys have better things to do?), it has been reported that hackers are now taking advantage of the surge in the use of Zoom for videoconferencing to spoof Zoom invites to try to obtain … Continue Reading
There have been numerous examples of how hackers can get hold of sensitive and deeply personal information and use it against individuals to embarrass and extort them into sending money or compromising pictures to the hackers to prevent the information from being posted on the web. These examples include cyberbullying, online love scams, blackmail through … Continue Reading
Nintendo has shut down some NNID logins and has told Switch owners to lock down their accounts following a series of fraudulent attacks. Nintendo has confirmed that it suffered an attack by hackers who accessed some accounts and are using PayPal accounts linked to the accounts to purchase items fraudulently. According to Nintendo, approximately 160,000 … Continue Reading
The hackers behind the Sodinokibi/REvil ransomware have reportedly switched their demands for payment from Bitcoin or Ethereum to Monero cryptocurrency to try to prevent law enforcement from tracking payments. The hackers reportedly advertised the switch in a posting to an online hacker and malware forum, and admitted that the switch from Bitcoin to Monero is … Continue Reading
Evil doers know that the best time to attack is during a crisis or a time of vulnerability. As the United States, and specifically, the Department of Health and Human Services (HHS) attempts to respond to and get ahead of the COVID-19 pandemic in the U.S., hackers, likely from a foreign enemy nation state, ramped … Continue Reading
In response to the coronavirus crisis, many companies have mandated that employees work from home in order to assist in slowing the spread of the virus. With more employees working from home, and a wider network to protect, security experts are warning companies to be vigilant with security measures. In addition, it is widely reported … Continue Reading
Another city—Durham, North Carolina—has become the victim of a ransomware attack stemming from a Russian hacker group following a successful phishing scheme. After falling victim to the ransomware attack last weekend, the city shut down its network, including disabling access to the network by the Durham Police Department, the Sheriff’s Office and the communications center. … Continue Reading
Health care organizations continue to be a popular target for hackers. According to information from the U.S. Department of Health & Human Services (HHS), more than 30 reports of data breaches were filed by health care entities in the first month and a half of 2020. Although a few reported breaches involved theft or improper … Continue Reading
Confirming what we are seeing in the field, cybersecurity firm Cybersecurity Ventures has predicted that, globally, businesses in 2021 will fall victim to a ransomware attack every 11 seconds, down from every 14 seconds in 2019. That figure is based on historical cybercrime figures. It is estimated that the cost of ransomware to businesses will … Continue Reading
There’s nothing worse than paying criminals. And paying a ransom for data is just that—paying criminals for a criminal act. All you get out of the payment is access to your data. It doesn’t fix the vulnerability or the root problem. Let the record reflect that the FBI does not recommend paying ransoms to cyber … Continue Reading
After the killing of Qassem Soleimani on January 3, 2020, by the U.S. government, the cybersecurity news industry has been abuzz about whether Iran will engage in cyber terrorism, and if so, to what degree, as part of its pledge to strike back at the U.S. On January 5, Forbes reported that the first instance … Continue Reading
