SAP Netweaver Visual Composer users are urged to patch a critical vulnerability that attackers are actively exploiting. According to ReliaQuest, which detected the vulnerability, the attacks allow full system compromise...more
If you hang out with CISOs like I do, shadow IT has always been a difficult problem. Shadow IT refers to refers to “information technology (IT) systems deployed by departments other than the central IT department, to bypass...more
New York, Texas, and Virginia are the first states to ban DeepSeek, the Chinese-owned generative artificial intelligence (AI) application, on state-owned devices and networks....more
2/14/2025
/ Artificial Intelligence ,
China ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Executive Orders ,
Information Technology ,
National Security ,
Popular ,
Privacy Laws ,
Social Media ,
Technology Sector
CyberArk, an identity security provider, has issued a new report on employee risk that is a must-read for IT Professionals and executives. The report highlights several findings that are directly related to the risks...more
According to Cyberscoop, the cyber gang Cl0p “has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software.” The gang...more
Unit 42 recently reported that it has identified “Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People’s Army, as a key player in a recent ransomware...more
11/1/2024
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
North Korea ,
Personally Identifiable Information ,
Ransomware ,
Vulnerability Assessments
Scammers are always looking for new ways to dupe victims. If you battle your weight, you think about it a lot and are always looking for easier ways to lose some pounds. There is no easy way, but we are always looking for an...more
10/24/2024
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Healthcare ,
Information Technology ,
Personally Identifiable Information ,
Phishing Scams ,
Prescription Drugs ,
Risk Management ,
Weight-Loss Products
A new US National Cybersecurity Alliance survey shows that over one-third (38%) of “employees share sensitive work information with artificial intelligence (AI) tools without their employer’s permission.” Not surprisingly,...more
Everyone thinks they can spot a phishing email. If true, we would not see so many security incidents, data breaches, and ransomware attacks. The statistics are overwhelming that phishing emails are a significant cause of data...more
8/22/2024
/ Artificial Intelligence ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Innovative Technology ,
Machine Learning ,
Personally Identifiable Information ,
Phishing Scams ,
Risk Management ,
Threat Management
Information technology professionals—beware of SharpRhino—a malware variant attributed to threat actor cybercriminals associated with Hunters International. It is being reported that Hunters International is the “10th most...more
We previously reported on the concerning mash-up of worldwide cybercriminals, known as Scattered Spider, working together to attack victims.
New reports from Microsoft and others indicate that in the second quarter of...more
7/25/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Microsoft ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
On July 17, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) issued an Alert adding three vulnerabilities to its Known Vulnerabilities Catalog. ...more
TeamViewer, which provides remote connectivity products and services, announced that it detected a cybersecurity event on its internal IT system on June 26, 2024. TeamViewer stated that it did not affect the TeamViewer...more
Intercontinental Exchange, Inc. (ICE), the owner of the New York Stock Exchange, has agreed to settle with the Securities and Exchange Commission (SEC) for $10 million over allegations that it failed to timely notify the SEC...more
5/28/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
Failure to Notify ,
Financial Markets ,
Hackers ,
Information Technology ,
NYSE ,
Securities and Exchange Commission (SEC) ,
Settlement
The Cybersecurity and Infrastructure Security Agency (CISA) and its partners recently issued helpful guidance for entities that have limited resources to address cyber threats. The guidance, entitled “Mitigating Cyber Threats...more
Additional States Implement Notice Requirements for Healthcare Transactions -
In a prior blog post, we noted the trend of states enacting legislation implementing reporting requirements for certain healthcare transactions....more
CYBERSECURITY
HC3 Warns Health Sector About Social Engineering Attacks Against IT Help Desks -
The Health Sector Cybersecurity Coordination Center (HC3) recently issued an Alert warning that “threat actors employing...more
4/12/2024
/ California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Information Technology ,
Risk Management
The Health Sector Cybersecurity Coordination Center (HC3) recently issued an Alert warning that “threat actors employing advanced social engineering tactics to target IT help desks in the health sector and gain initial access...more
CYBERSECURITY -
Ransomware Hitting U.S. Companies at Increasing Rate -
Unfortunately, according to Unit 42 of Palo Alto’s recently published “Ransomware and Extortion Report,” ransomware groups had a good year in 2022....more
Unfortunately, according to Unit 42 of Palo Alto’s recently published “Ransomware and Extortion Report,” ransomware groups had a good year in 2022. They found that threat actors are using multi-extortion tactics to get paid...more
2/8/2024
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
I hang out with a lot of Chief Information Security Officers (CISOs), so this piece is for them. Of course, it will be of interest to all security professionals struggling with assessing the risk of large multimodal models...more
OK boomers—instead of being on the end of an “OK boomer” comment, now you have some ammunition. Boomers have been reported to be less of a cybersecurity vulnerability to the workforce than Gen Z. An article by Karina Zapata...more
The holidays are upon us, including “cyber week” filled with deals for shopping for the holidays. The U.S. Public Interest Research Group (PIRG) is warning shoppers about smart toys this holiday season. In its article,...more
On October 31, 2023, the Office for Civil Rights (OCR) issued a press release announcing that it has settled with Doctors’ Management Services for $100,000 following a ransomware attack that compromised the protected health...more
11/10/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Popular ,
Ransomware ,
Settlement
On October 30, 2023, the Biden Administration issued its “Executive Order on the Safe, Secure, and Trustworthy Development and use of Artificial Intelligence.” The EO outlines how Artificial Intelligence (AI) “holds...more