The Cybersecurity & Infrastructure Security Agency (CISA) recently issued another warning to “every organization” in the U.S. about cybersecurity risks during the ongoing escalation of tension between the U.S. and Russia over Ukraine.

According to the CISA Insights publication entitled “Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats,” “public and private entities in

The federal Cybersecurity and Infrastructure Security Agency (CISA) released a few cybersecurity “bad practices” this week to assist in decreasing the volume of knowable and preventable cyber mistakes. These bad practices are aimed at educating critical infrastructure owners and operators, as well as the defense industry and the organizations that support the supply

Although many thought that WannaCry was in the rear view mirror, a recent report by Artemis, based on client experience, found that health care organizations and manufacturing companies are still being hit with the ransomware that affected hundreds of thousands of machines in 2017.

According to the report, 40 percent of Artemis’ health care clients

Lazarus, the well-known hacking group responsible for the WannaCry ransomware attack from last year, as well as the attack on the Bangladesh Central Bank and Sony, is now targeting global financial firms and Bitcoin adopters with a phishing campaign dubbed “HaoBao.”

The phishing campaign was discovered by McAfee Labs in mid-January. The way it works

A new report issued by the World Economic Forum (WEF), called “Global Risks Report 2018,” lists the threat of cyber-warfare and cyber-attacks affecting the public as the world’s third greatest threat in 2018, only behind natural disasters and extreme weather.

The report notes that because of an increased global reliance on connected devices and the

The U.S. Computer Emergency Readiness Team (US-CERT)is warning companies in the U.S. about a new ransomware dubbed “Bad Rabbit.” US-CERT stated that it has received multiple reports of infections by Bad Rabbit in countries around the world.

According to security researchers, Bad Rabbit poses as an Adobe update and when the user clicks on the

On the heels of the WannaCry ransomware attack last month, a new ransomware variant, Petya, hit organizations around the world on Tuesday and stopped them in their tracks—including a major law firm. This keeps us up at night and we have empathy for our colleagues. It also has affected at least one U.S. nuclear plant’s

Following the massive WannaCry event, the mantra among security folks is push patches to vulnerabilities as soon as they are released.

US-CERT issued a warning late last week that there is a newly discovered flaw, CVE-2017-7494, that exists in Samba, which can be exploited via mass attacks. Samba provides Windows-based file and print services for

The fall-out from WannaCry continues, particularly in the healthcare sector.

There are new reports that WannaCry affected at least two hospital systems in the U.S. and encrypted medical devices (power injector systems) in the hospitals.

There are additional anecdotal reports that other medical devices were affected by WannaCry. According to medical device company spokesmen, if

In response to the WannaCry ransomware attack that infiltrated the computer systems of health care systems and other entities worldwide on or around May 12, 2017 (previously discussed here), HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) issued a series of updates to provide consumers and potentially affected organizations with information on the attack and to detail HHS’ efforts to mitigate the harmful effects of the attack on government computer systems and health care organizations.

In five successive updates issued between May 13 and May 17, ASPR provided links to the most up-to-date information from the U.S. government on cyber threats (including from the US-CERT Cyber Awareness System, the FBI, HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC)), and solicited information on new attack vectors, as well as regarding any impact the attack may have had on patient care or supply chain distribution.
Continue Reading HHS Office of the Assistant Secretary for Preparedness and Response Issues Series of Cybersecurity Updates in Response to WannaCry Attack