Massive Data Breach Hits French Healthcare: Over 33 Million Affected

In what is being described as France’s largest ever cyberattack, the personal information of over 33 million individuals has been compromised. This breach targeted two French service providers, Viamedis and Almerys, responsible for processing healthcare payments on behalf of medical insurance companies. The incident has not only raised serious concerns about data security but also … Read more

Incident Response Playbook: our guidelines for 2024

Incident response playbooks establish standardized procedures for dealing with IT security incidents. These procedures detail explicit actions that an organization should undertake in preparation for, response to, and recovery from these specific incident types. In 2024, the realm of IT security faces increasingly complex threats, making a well-crafted Incident Response Playbook more crucial than ever. … Read more

2024 Cybersecurity threats and trends to watch!

As we step into 2024, the world of cybersecurity is preparing for new challenges and opportunities. Professionals and academics in the field are keeping a vigilant eye on emerging threats that will face the cybersecurity landscape. Let’s draw a quick overview of the key cybersecurity threats and trends in 2024! Rise of IoT security concerns … Read more

Unauthorized Use of Software and Cloud Services is a Major Security Risk

Many businesses concentrate on technical measures to protect them against cyberattacks. They invest in firewalls, multifactor authentication, advanced email security solutions, and web filters to block attacks at source, yet often neglect the human factor and do not provide adequate security awareness training to their employees. According to the Verizon Data Breach Investigations report, the … Read more

Advisories on Critical ownCloud Vulnerabilities, Critical FortiSIEM Vulnerability and Emotet Malware Threat

HC3 Alerts HPH Sector Regarding Critical FortiSIEM Vulnerability and Ongoing Emotet Malware Threat The Health Sector Cybersecurity Coordination Center (HC3) has alerted healthcare companies that utilize Fortinet’s FortiSIEM platform to fix a critical vulnerability that is probably exploited by malicious actors and has released a threat summary on Emotet malware. FortiSIEM Command Injection Vulnerability – … Read more

Malvertising Campaign Leads to Cactus Ransomware Attack

There are many ways that cybercriminals gain access to business networks, including phishing attacks and exploiting unpatched vulnerabilities. Many businesses now provide security awareness training to employees to improve phishing awareness, but it is also important to teach the workforce about attacks via the Internet from general web browsing, such as malvertising. Malvertising is the … Read more

Warning Against LokiBot Malware and Increasing Remote Access Software Threats

HHS Publishes Alert Against LokiBot Malware The Health Sector Cybersecurity Coordination Center (hC3) has publicized an Analyst Note regarding LokiBot – one of the most common and persistent malware variants. LokiBot, also known as Loki PWS, has been employed in attacks on some industries in the last eight years, which include critical infrastructure organizations; nevertheless, … Read more

Advisory on Snatch Ransomware and the Lazarus Group

Feds Release Snatch Ransomware Alert After an Attack on Hospital The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint security alert regarding Snatch ransomware. The Snatch ransomware group carried out an attack on a hospital in Maine and has professed to attack the Florida Department … Read more

Facebook Messenger Used in Large-Scale Phishing Campaign Targeting Businesses

Now that Microsoft has improved protection against malicious macros by blocking them in Internet-delivered files by default, cybercriminals have had to explore other methods of distributing links to malicious websites hosting malware. There has been an increase in the use of malvertising to target web users and trick them into downloading malicious files, and SMS … Read more

Vulnerabilities Found in 1,900 Citrix NetScaler Devices and Limited Use of Generative AI by Malicious Actors

Malicious Actors Still Limit the Use of Generative AI It is feared that malicious actors will take advantage of generative AI to support their malicious pursuits; nevertheless, the use of generative AI by malicious actors seems to be minimal, definitely for attack campaigns. Mandiant states that it is monitoring the interest of threat actors in … Read more

Cybercriminals Targeting Consumers with Fake Blockbuster Movie Downloads

Cybercriminals are targeting consumers looking to watch some of the big summer blockbusters such as Barbie, Oppenheimer, Super Mario Bros, and Guardians of the Galaxy: Vol. 3 and have been distributing links to download sites on social media networks such as Twitter. These links are not what they seem, however. Rather than getting an illegal copy … Read more

Search Engine Ads Abused to Gain Initial Access to Business Networks

Employees are being targeted in a new malvertising campaign that uses Google and Bing Ads offering a variety of trojanized installers for software solutions such as AnyDesk, Cisco AnyConnect VPN, and WinSCP. These campaigns deliver malware that establishes initial access in enterprise networks, allowing other malicious payloads to be delivered, including ransomware. The ‘Nitrogen’ campaign … Read more

Cyberattacks at Precision Imaging Centers, Atrium Health Wake Forest Baptist, Marshall & Melhorn, and Murfreesboro Medical Clinic & SurgiCenter

Precision Imaging Centers located in Jacksonville, FL recently informed 31,010 patients with regards to a security breach that took place on or about November 2, 2022. Unauthorized persons acquired access to its system and extracted files that contain sensitive patient data. The breached data differed from one patient to another and might have involved first … Read more

Trends in Data Breaches According to the 2023 Verizon Data Breach Investigations Report

Trends in Data Breaches According to the 2023 Verizon Data Breach Investigations Report Verizon 2023 DBIR: Rising Social Engineering Attacks While Ransomware Plateaus The Verizon 2023 Data Breach Investigations Report (DBIR) was published to offer insights into the present threat landscape and trends in data breaches. This 2023, the report analyzed 16,312 security events, where … Read more

Latest News About Cyberattacks and Email Account Compromise on Healthcare Providers

Ohio Hospital Exposed Nurses and Other Staff to Workplace Violence The Occupational Safety and Health Administration (OSHA) has confirmed that a children’s hospital based in Columbus, Ohio didn’t sufficiently safeguard healthcare staff from violence in the workplace. Patients assaulted nurses and other medical specialists and their kicks, bites, punches, and other attacks resulted in the … Read more

Advice on Cybersecurity Awareness Training for Staff

Cybersecurity awareness training for staff is a vital component of any cybersecurity strategy. Businesses should not totally rely on technical defenses to protect against cyberattacks, as sooner or later a threat will successfully bypass those defenses and reach an employee. Employees need to be made aware of cyber threats, be taught how to recognize them, … Read more

Phishing Simulations: Why You Should Be Testing Your Workforce!

Phishing is the most common vector used by cybercriminals to attack businesses and attacks have grown in sophistication to the point where no single cybersecurity solution is now effective at blocking all of these threats. Cybercriminals are constantly changing their tactics, techniques, and procedures to bypass cybersecurity solutions and fool end users and businesses now … Read more

Effective Healthcare Cybersecurity Awareness Training

Healthcare cybersecurity awareness training is an essential part of HIPAA compliance. The HIPAA Security Rule calls for all HIPAA-regulated entities to “Implement a security awareness and training program for all members of its workforce (including management).” The HIPAA Security Rule implies that security awareness training should be ongoing, and the HHS’ Office for Civil Rights … Read more

Major Phishing Campaign Targets Facebook Credentials

While many phishing scams target Microsoft 365 credentials due to the usefulness of the accounts and the data they hold, social media credentials are also highly prized. If a phisher is able to steal Facebook credentials, they can gain access to valuable personal information and the accounts can be used for conducting further scams. Accounts … Read more

Arizona Veterans’ Healthcare Facility Exposed Staff to Potentially Fatal Conditions and Other Data Breaches Reported

The investigation of an Arizona Department of Veteran Affairs (VA) healthcare facility showed that workers were put at risk because they were exposed to potentially fatal hazards on steam lines. Workers were permitted to do work on the steam lines without making sure the necessary safety protocols are in place. Government agencies like the VA … Read more

How the Federal Government Can Strengthen Healthcare Cybersecurity

The U.S. Senate Committee on Homeland Security and Governmental Affairs conducted a hearing to look at cybersecurity threats to the healthcare industry, what healthcare companies and the federal government are doing to overcome those risks, and know what the federal government must do to boost defenses against healthcare industry cyberattacks. Committee Chairman, Gary C. Peters … Read more

Increase in Adversary-in-the-Middle Phishing Attacks That Allow MFA to be Bypassed

Security experts have long recommended that multi-factor authentication be implemented to protect against phishing attacks and for good reason. Single-factor authentication – a password – provides a degree of protection against unauthorized account access; however, with modern GPUs, it is possible to automate brute force attempts to guess passwords and many passwords can be cracked … Read more

HPH Sector Warned Against Clop Cyberattacks and MedusaLocker Ransomware Attacks

At the beginning of February, attackers exploited a zero-day vulnerability (CVE-2023-0669) found in Fortra’s GoAnywhere MFT secure file transfer software on over 130 companies, which include a few companies in the healthcare sector, for instance, Community Health Systems (CHS) in Tennessee. That attack impacted around 1 million patients. Fortra released a notification regarding the vulnerability … Read more

6 Tips to Help You Set Up an Effective Employee Security Awareness Training Program

[et_pb_section][et_pb_row][et_pb_column type=”4_4″][et_pb_text] Security awareness training will help to make employees aware of the importance of security and cybersecurity, teach security best practices, and train employees how to identify, avoid, and report threats that they encounter; however, to get the best return on investment and make significant improvements to your organization’s security posture, there are important … Read more

Cyren Alternative for Email and Web Security

Are you looking for a Cyren alternative for email and web security? TitanHQ can offer solutions for both to ensure your business is fully protected from email and web-based threats. TitanHQ can also provide a comprehensive security awareness training platform to help you eradicate risky practices and teach employees how to identify the full range … Read more

Cyber Attacks on VMware ESXi Servers, Sharp HealthCare, Regal Medical Group, and Southeast Colorado Hospital District

The French Computer Emergency Response Team (CERT-FR) issued a warning regarding a persistent ransomware campaign attacking VMware ESXi hypervisors without patching against the critical heap-overflow vulnerability monitored as CVE-2021-21974. VMware released a patch on February 3, 2021, to resolve the vulnerability; even so, hundreds of VMware ESXi virtual machines remain vulnerable to the exploit and … Read more

Cybercriminals Turn to Malvertising for Malware Distribution Now Microsoft Blocks Macros

Now that Microsoft has started blocking macros in Office documents delivered via the Internet, distributing malware via email has become more difficult and hackers have been forced to change their tactics, techniques, and procedures. This has been seen in phishing attempts that use a broader range of file types, and malware is increasingly being delivered … Read more

Popular Password Manager Targeted in Phishing Campaign

Password managers are used by individuals and businesses to improve password security. They help individuals create complex passwords, eliminate the need to remember passwords, and provide a degree of protection against phishing attacks, but their very nature makes them a target for cybercriminals. A password manager is used to store an individual’s entire collection of … Read more

AI-Generated Phishing Investigations Show Importance of Security Awareness Training

AI-generated phishing emails could change the phishing landscape. Investigations of AI-based text-generating interfaces have shown the threat is real and demonstrate the value in security awareness training. There has been a huge buzz in recent weeks around a new chatbot developed by OpenAI. Chat Generative Pre-Trained Transformer – or ChatGPT as it is better known … Read more

2022 Phishing Trends and the Outlook for 2023

Several new phishing trends were evident in 2022 as cybercriminals changed their tactics for stealing credentials and distributing malware. The same tried and tested techniques were used in many phishing campaigns, including delivery failure notifications, fictitious charges to accounts, security alerts about suspicious account activity, and requests for collaboration on documents, but there have been … Read more

HPH Sector Cautioned About Pro-Russian Hacktivist Group’s DDoS Attacks

The healthcare and public health (HPH) industry has been cautioned regarding the likelihood of cyberattacks conducted by a pro-Russian hacktivist gang called KillNet, after a new cyberattack on a U.S. healthcare group. KillNet started its operations during the time when Russia occupied Ukraine, from January to March 2022. From that time on, the hacktivist group … Read more

Beware of Malicious Adverts in Search Engine Listings

Phishing is one of the main ways that malicious actors distribute and install malware. Phishing emails are sent to users with attachments containing malicious code or hyperlinks are included in the emails that direct users to a website where malware is downloaded. Businesses should ensure they implement layered defenses to combat phishing, which should include … Read more

Automation Can Aid Network Defenders to Accomplish More Quickly and Be Ahead of Hackers

Automation reduces expenses and enhances productivity. It is vital in cybersecurity just like in manufacturing. A lot of labor-intensive security work may be automated to enable network defenders to accomplish more quicker, such as port scanning, monitoring, scanning vulnerability, and patching. There are different security tools that may be utilized to automate work to enable … Read more

Healthcare Sector Impending Risk Due to Cuba Ransomware Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint cybersecurity warning concerning the Cuba Ransomware and have provided information on the tactics, techniques, and procedures (TTPs) utilized by the ransomware group, together with Indicators of Compromise (IoCs) to help system defenders strengthen their defenses against ransomware … Read more

7 Tips for Improving the Effectiveness of Security Awareness Training

Businesses can significantly improve their security posture by investing in people and providing security awareness training. Many cyberattacks target employees, as they can be tricked into disclosing sensitive information or installing malware. Through training, you can eliminate risky security practices that open the door to hackers and can show employees how to recognize cyber threats … Read more

Data Exposed at Alta Forest Products, Hilario Marilao, M.D, and Three Rivers Provider Network

Alta Forest Products based in Chehalis, WA has encountered a cyberattack where the protected health information (PHI) of around 2,100 Alta Forest Products Health and Welfare Plan members was compromised. The company detected the security breach on September 1, 2022, and fast action was undertaken to protect its systems and stop continuing unauthorized access. The … Read more

Hacking Incidents and Improper Disposal Incidents Reported

Hacking Incident at Country Doctor Community Clinic, WA On October 19, 2022, Country Doctor Community Clinic based in Seattle, WA reported that attackers had acquired access to its digital system and viewed and likely acquired files comprising the protected health information of 38,751 patients. On October 6, 2022, strange activity was noticed in its computer … Read more

Wisconsin Department of Health Services, Detroit Health Department, and Smith, Gambrell & Russell, LLP Announce Data Breaches

Wisconsin Department of Health Services Reports Accidental Disclosure of PHI through Email The Wisconsin Department of Health Services (DHS) has just announced that there was an accidental disclosure of protected health information (PHI) via its email. Based on the breach notice, in April 2021, the DHS Children’s Long-Term Support Council got a presentation via email … Read more

Vishing and Smishing Attacks are Increasing: Are Your Employees Able to Identify These Scams?

Email may be the most common vector used in phishing attacks, but there has been a marked rise in other forms of phishing in 2022, such as voice phishing (vishing) and SMS phishing (smishing). Vishing Voice phishing or vishing attacks are conducted over the telephone and use similar social engineering techniques to email phishing. The … Read more

Henderson & Walton Women’s Center & Genesis Health Care Inc. Report Data Breaches

Henderson & Walton Women’s Center (HWWC) based in Birmingham, AL lately advised 34,306 patients about the potential compromise of some of their protected health information (PHI) due to a hacker getting access to an employee’s email account. HWWC stated the forensic investigation into the data breach revealed the attacker didn’t access the email server and … Read more

Phishing Simulation Mistakes to Avoid

Phishing simulations are an invaluable training tool and have been proven to help reduce the susceptibility of the workforce to phishing attacks. Phishing simulations are more than just a tool for testing whether employees have understood their training. Quizzes at the end of training sessions are good for that, but phishing simulations test whether the … Read more