Cyber Security Informer

A week in security (April 15 – April 21)

Malwarebytes

APRIL 22, 2024

Last week on Malwarebytes Labs: Law enforcement reels in phishing-as-a-service whopper Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million Cannabis investment scam JuicyFields ends in 9 arrests Should you share your location with your partner? Giant Tiger breach sees 2.8 Giant Tiger breach sees 2.8

Backups

Backups Scams Ransomware Encryption

Introducing Security Advisor Site Scores for OneView: Easy assessment of client security for MSPs

Malwarebytes

NOVEMBER 8, 2023

As Security Advisor for OneView further develops, it will empower MSP Admin users to closely monitor the overall health of their customer base, efficiently address issues, automate & scale actions, and facilitate seamless communication within our product. For now, let’s explore the Security Advisor Site Scores available today.

DNS

DNS Cyber threats Risk

Quick Threat Model Links October 2019

Adam Shostack

OCTOBER 9, 2019

Continuum has a blog and a spreadsheet on threat modeling lambdas (as a category, not specific to Amazon Lambda), and also a post on threat modeling with CAPEC. Omada Health has released an interesting threat model (“INCLUDES NO DIRT”) for medical device modeling. Trail of Bits released a threat model for Kubernetes.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Surgeries Are Being Cancelled Across Melbourne Due to a Cyber ‘Incident’

Heimadal Security

MARCH 18, 2021

Eastern Health is one of Melbourne’s largest metropolitan public health services and operates the Angliss, Box Hill, Healesville, and Maroondah hospitals, among other important health facilities.

Cybersecurity

On Surveillance in the Workplace

Schneier on Security

MARCH 12, 2019

Touted as useful management tools, they can augment biased and discriminatory practices in workplace evaluations and segment workforces into risk categories based on patterns of behavior. Remote monitoring and time-tracking used to manage workers and measure performance remotely.

Surveillance

Surveillance Data collection Technology Risk

Data Privacy in the United States: A Recap of 2023 Developments

Centraleyes

FEBRUARY 1, 2024

California – A 352: Health Information Enacted to safeguard health information, California’s A 352 targets businesses storing or maintaining medical information. This legislation falls within the Comprehensive category. This legislation falls under the Comprehensive category.

Data privacy

Data privacy Consumer Protection Media Data collection

The Healthcare Breach Report: Hacking and IT Incidents on the Rise

CyberSecurity Insiders

FEBRUARY 21, 2021

The vast majority of healthcare organizations utilize and store highly sensitive data, such as protected health information (PHI) and personal data such Social Security numbers, personal financial data , and more. Read more here: www.bitglass.com.

Healthcare

Healthcare Hacking Cybersecurity Cyber Attacks

News alert: Reken raises $10M from Greycroft to protect against generative AI-enabled fraud

The Last Watchdog

JANUARY 31, 2024

About Reken: Reken is building a new category of AI products and platform to protect against generative AI threats. About Shuman Ghosemajumder: Shuman Ghosemajumder is co-founder and CEO of Reken, an AI & cybersecurity company building a new category of products and platform to protect against generative AI threats.

Artificial Intelligence

Artificial Intelligence Education Cybercrime Social Engineering

DoD Adds Two More (ISC)² Certifications to Requirements for Cybersecurity Staff

CyberSecurity Insiders

JUNE 30, 2021

This means that the entire roster of (ISC)² certifications are now required for different security workforce categories within the Department, depending on the functional area the role covers. The HCISPP has been approved for the following categories: Information Assurance Manager Level 1 (IAM 1). IAM Level II (IAM II).

Cybersecurity

Cybersecurity Healthcare Engineering Government

Report Shows Major Security Holes in Banking Apps

Adam Levin

APRIL 10, 2019

The analysis was conducted by the Aite Group, which looked at mobile apps in eight categories: retail banking, credit cards, mobile payment, healthcare savings, retail finance, health insurance, auto insurance and cryptocurrency.

Banking

Banking Retail Insurance Mobile

The Healthcare Breach Report: Hacking and IT Incidents on the Rise

CyberSecurity Insiders

APRIL 12, 2021

The vast majority of healthcare organizations utilize and store highly sensitive data, such as protected health information (PHI) and personal data such Social Security numbers, personal financial data , and more. The post The Healthcare Breach Report: Hacking and IT Incidents on the Rise appeared first on Cybersecurity Insiders.

Healthcare

Healthcare Hacking Cybersecurity

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

Thales Cloud Protection & Licensing

DECEMBER 11, 2023

ML builds on different types of models for different purposes, for example categorization to determine a document category or Named Entity Recognition (NER) to identify sensitive data across diverse locations. Figure 2 shows the category distribution by business department for all documents in a selected data store.

Unstructured Data

Unstructured Data Data privacy Healthcare Banking

HIPAA Compliance for Healthcare Apps

Security Boulevard

NOVEMBER 2, 2021

According to the Office of the National Health Coordinator for Health Information Technology (ONC) , 1 in 8 Americans tracked a health metric using some form of technology in 2013. As healthcare providers increased their use of technology during the COVID pandemic, securing health applications is more important than ever.

Healthcare

Healthcare Insurance Technology Software

Data Privacy: Why It Matters To The Rest Of Us

Thales Cloud Protection & Licensing

JANUARY 21, 2024

However, we also tacitly acknowledge that the data we provide is also useful for everything in our lives, from our location to our spending patterns and even our health. This also emphasizes why observances like Data Privacy Week are so important.

Data privacy

Data privacy Artificial Intelligence Data breaches Advertising

Judge rules it’s fine for car makers to intercept your text messages

Malwarebytes

NOVEMBER 9, 2023

According to the Mozilla research, popular global brands including BMW, Ford, Toyota, Tesla, Kia, and Subaru: “Can collect deeply personal data such as sexual activity, immigration status, race, facial expressions, weight, health and genetic information, and where you drive.

Manufacturing

Manufacturing Identity Theft Mobile Advertising

Data Matters: The ABCs of a Data Classification Policy to Protect Organizational Data

CyberSecurity Insiders

AUGUST 13, 2022

In a sense, a data classification policy is a kind of map or floor plan of your organization’s procedures, responsibilities and categories relating to data security. The main function of having these main categories is to avoid wasting time and resources on safeguarding data that is not particularly sensitive.

Marketing

Marketing eCommerce Risk Financial Services

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 25, 2022

is actively exploited in attacks in the wild, it resides in the health check RPM of Cisco IOS XR Software. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. The Cisco IOS XR flaw (CVE-2022-20821, CVSS score: 6.5, To nominate, please visit:?.

Software

Software Hacking Cybersecurity Risk

Hive ransomware gang hit Costa Rica public health service

Security Affairs

MAY 31, 2022

Costa Rican Social Security Fund, Costa Rica ‘s public health service, was hit by a Hive ransomware attack. Costa Rican Social Security Fund, Costa Rica ‘s public health service (aka CCCS), was hit today by a Hive ransomware attack, BleepingComputer reported. The attack occurred early this morning, Tuesday, May 31, 2022.

Ransomware

Ransomware Government Telecommunications Hacking

Several apps on the Play Store used to spread Joker, Facestealer and Coper malware

Security Affairs

JULY 19, 2022

These apps were downloaded a total of over 300k times belonging to the following common categories: Communication (47.1%) Health Personalization (5.9%) Photography Tools (39.2%). “The tools and communication were among the most targeted categories covering the majority of the Joker-infected apps.

Malware

Malware Spyware Banking Mobile

Ransomware review: December 2023

Malwarebytes

DECEMBER 13, 2023

According to the findings released by the Department of Health and Human Services last month, there has been a 278% increase in ransomware attacks on health sector over the past four years. Ransomware attacks on healthcare, 03/22 to 011/23 An attack on Ardent Health Services last month stands as a devastating reification of the trend.

Ransomware

Ransomware Healthcare Encryption Backups

A question of privacy: can I ask my employees vaccination status?

BH Consulting

MAY 18, 2021

Vaccination status is the employee’s health status and as such is private to them. The vaccination status therefore falls under what is considered special category data like any other of your employees’ health data. Given the vaccination status is special category data, you must also identify a lawful basis in Article 9.

Risk

Risk Government

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Relatedly, PIPL outlines some categories of sensitive information that do not receive additional protection under GDPR. Health data and patient data in the U.S. Some areas of PIPL, however, go beyond GDPR standards. For instance, the list of data rights enjoyed by individuals differs slightly between the two frameworks.

Data privacy

Data privacy Encryption Data breaches Insurance

Health care’s security challenges spurred by constrained resources, limited staffing

SC Magazine

JUNE 24, 2021

The health care sector has a clear target on its back, but after a year of battling the pandemic, constrained resources and reduced staffing numbers are making it difficult for providers to keep pace with the threat landscape. A report in 2019 from The Healthcare and Public Health Sector Coordinating Council (HSCC) showed similar statistics.

Healthcare

Healthcare CISO Cybersecurity Marketing

7 Step Data Loss Prevention Checklist for 2021

CyberSecurity Insiders

FEBRUARY 9, 2021

For companies worldwide, it has become essential to safeguard sensitive information such as Personally Identifiable Information (PII), Protected Health Information (PHI), and customer financial information. These categories of sensitive information are protected by regulations such as the GDPR, CCPA, HIPAA, and PCI DSS.

Unstructured Data

Unstructured Data Risk Education Marketing

Section 889: the US Regulation that extends far beyond the US

IT Security Guru

SEPTEMBER 17, 2021

There are five specific companies that fall under the category of ‘Prohibited Technology’. fall under this category?as This includes contractors for the National Institutes of Health (NIH), the?Defense?Health Health Administration (DHA) and the Department of Veterans Affairs (VA).?To government and industry. .

Telecommunications

Telecommunications Surveillance Government Manufacturing

The Dangers of QR Codes

Approachable Cyber Threats

NOVEMBER 29, 2021

Category Awareness Risk Level. And during the COVID-19 pandemic, QR codes have never been more popular - from restaurants, to the news, to even your health records “OK, but I see them everywhere. What’s a QR code?” Why are they dangerous?” QR codes could be great.

Mobile

Mobile Risk Cybersecurity Technology

Retailers are Potentially Losing out on Profit Protecting Against Fraud…New Report Provides Insight

CyberSecurity Insiders

OCTOBER 20, 2021

Forter recently released its Annual eCommerce Revenue Optimization (AERO) reports for the food and beverage , apparel and accessories , home and garden , and beauty and health industries which showcase the opportunity cost of falsely declining eCommerce transactions from new customers. Beauty and Health: 3%. Beauty and Health.

Retail

Retail eCommerce Software Cybersecurity

Security Affairs newsletter Round 368 by Pierluigi Paganini

Security Affairs

JUNE 5, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Spyware

Spyware Firmware Ransomware Scams

Meal delivery service PurFoods announces major data breach

Malwarebytes

AUGUST 28, 2023

From its site: We work with over 500 health plans, managed care organisations, governments, and agencies to provide access to meals for people covered under Medicare and Medicaid, as well as the opportunity for individuals to order meals on their own.

Data breaches

Data breaches Ransomware Identity Theft Backups

DOD ADDS TWO MORE (ISC)² CERTIFICATIONS TO REQUIREMENTS FOR CYBERSECURITY STAFF

CyberSecurity Insiders

JULY 2, 2021

This means that the entire roster of (ISC)² certifications are now required for different security workforce categories within the Department, depending on the functional area the role covers. The HCISPP has been approved for the following categories: Information Assurance Manager Level 1 (IAM 1). IAM Level II (IAM II).

Cybersecurity

Cybersecurity Healthcare Engineering Government

A Comprehensive Overview Of Nanotechnology And Applications Of Nanotechnology

IT Security Guru

FEBRUARY 5, 2024

Nanomaterials can be divided into four main categories: nanoparticles, nano-fibers, nano-tubes, and nano-aminates. Companies are creating nano-materials that will not only enhance the flavor of food but also enhance food safety and the health benefits of food. Who is the father of nanotechnology?

Computers and Electronics

Computers and Electronics Technology Manufacturing Healthcare

Finalists: Best Customer Service

SC Magazine

MARCH 29, 2021

The companies recognized in this category provide stellar support and service that contributes to customer assurance that systems and data and ultimately their people will be properly protected. FINALIST | BEST CUSTOMER SERVICE. FINALIST | BEST CUSTOMER SERVICE.

Technology

Technology Media Information Security Software

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

Late last year, Atrium Health disclosed it lost sensitive data for some 2.65 Related: Atrium Health breach highlights third-party risks. Broken into eight categories, VRMMM covers more than 200 program elements that, in effect, forms the basis of a well-run third party risk management program.

Cyber Risk

Cyber Risk Risk Financial Services Banking

Experts warn of ransomware attacks against government organizations of small states

Security Affairs

MAY 31, 2022

A similar attack was seen in May 2021, when the gang targeted Ireland’s publicly funded health care system and demanded a ransom of USD20 million.” Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. ” reads the post published by Cyble. To nominate, please visit:?.

Government

Government Ransomware Cybercrime Banking

Enhanced Google Play Protect real-time scanning for app installs

Google Security

OCTOBER 18, 2023

Posted by Steve Kafka, Group Product Manager and Roman Kirillov, Senior Engineering Manager Mobile devices have supercharged our modern lives, helping us do everything from purchasing goods in store and paying bills online to storing financial data, health records, passwords and pictures.

Mobile

Mobile Social Engineering Malware Software

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

If you’re currently storing data on individuals that haven’t given their consent and it doesn’t fall into one of the appropriate use categories, you need to give those people the option of withdrawing their consent. You’ll need to create plans for each of your data categories to abide by relevant compliance requirements.

Data privacy

Data privacy Unstructured Data Software Government

Apple's New Advanced Security Features Protect Your Sensitive Data

SecureWorld News

DECEMBER 8, 2022

For users who enable this feature, there will be 23 data categories protected using end-to-end encryption, including passwords in iCloud Keychain, Health data, iCloud Backup, Notes, Photos, and many more.

Encryption

Encryption Passwords Architecture Backups

Data Privacy: Why It Matters To The Rest Of Us

Security Boulevard

JANUARY 21, 2024

However, we also tacitly acknowledge that the data we provide is also useful for everything in our lives, from our location to our spending patterns and even our health. This also emphasizes why observances like Data Privacy Week are so important.

Data privacy

Data privacy Artificial Intelligence Data breaches Advertising

The Top 10 Cyber Vulnerabilities for 2021

SecureWorld News

SEPTEMBER 20, 2021

With more shifts into highly configurable software, it's not surprising to see this category move up,” said OWASP. Do you remember March and April of 2020 as the national public health crisis was starting to ramp up? Insecure Deserialization from 2017 is now a part of this larger category,” said OWASP.

Software

Software Architecture Engineering Authentication

NHS is still assessing the cost of WannaCry one year later

Security Affairs

OCTOBER 13, 2018

The UK’s Department of Health and Social Care provided an update on the efforts to secure the NHS IT infrastructure, with a focus on WannaCry overall costs. The UK’s Department of Health and Social Care provided an update on the spent to secure the IT infrastructure in a report titled “ Securing cyber resilience in.

Advertising

Advertising Phishing Hacking Ransomware

Venafi Wins 2021 CyberSecurity Breakthrough Awards

CyberSecurity Insiders

OCTOBER 1, 2021

Venafi is the creator and inventor of the machine identity management category, which has a total addressable market of $8 billion. Earlier this year, the company surpassed $100 million in annual recurring revenue, cementing its place as the category leader. health insurers; the top five U.S. Australia and South Africa.

Cybersecurity

Cybersecurity Digital transformation IoT Marketing

TicketClub Italy Database Offered in Dark Web

Security Affairs

JULY 21, 2021

The platform lists coupons in multiple categories including health, travel, food, services, events. Their clients include Burger King, McDonald’s, Cinecittà World, Rainbow Magicland, and many other enterprises having coupon and loyalty programs. .

Data breaches

Data breaches Mobile Retail Cyber threats

Report: Threat of Emotet and Ryuk

Security Affairs

JANUARY 31, 2020

Analyzing the general distribution of the compromised domains, grouped by category, it is possible to verify that the most affected were as follows: professional/companies (20.2%), personal (13.5%), retail (12.7%) and industry (11.9%). Social media/communication organizations, health care and non-profit organizations were less impacted.

Malware

Malware Retail Advertising Antivirus

HITRUST vs. HIPAA: Ensuring Data Security and Compliance

Centraleyes

NOVEMBER 5, 2023

HIPAA, or the Health Insurance Portability and Accountability Act of 1996, is a federal law, whereas HITRUST is a comprehensive control framework. ” HIPAA: An Overview HIPAA, short for the Health Insurance Portability and Accountability Act, is a pivotal U.S. The enforcement of HIPAA falls under the jurisdiction of the U.S.

Healthcare

Healthcare Risk Insurance Penetration Testing

A week in security (April 15 – April 21)

Introducing Security Advisor Site Scores for OneView: Easy assessment of client security for MSPs

Webinars

Trending Sources

Quick Threat Model Links October 2019

Webinars

Surgeries Are Being Cancelled Across Melbourne Due to a Cyber ‘Incident’

On Surveillance in the Workplace

Data Privacy in the United States: A Recap of 2023 Developments

The Healthcare Breach Report: Hacking and IT Incidents on the Rise

News alert: Reken raises $10M from Greycroft to protect against generative AI-enabled fraud

DoD Adds Two More (ISC)² Certifications to Requirements for Cybersecurity Staff

Report Shows Major Security Holes in Banking Apps

The Healthcare Breach Report: Hacking and IT Incidents on the Rise

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

HIPAA Compliance for Healthcare Apps

Data Privacy: Why It Matters To The Rest Of Us

Judge rules it’s fine for car makers to intercept your text messages

Data Matters: The ABCs of a Data Classification Policy to Protect Organizational Data

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

Hive ransomware gang hit Costa Rica public health service

Several apps on the Play Store used to spread Joker, Facestealer and Coper malware

Ransomware review: December 2023

A question of privacy: can I ask my employees vaccination status?

Security Compliance & Data Privacy Regulations

Health care’s security challenges spurred by constrained resources, limited staffing

7 Step Data Loss Prevention Checklist for 2021

Section 889: the US Regulation that extends far beyond the US

The Dangers of QR Codes

Retailers are Potentially Losing out on Profit Protecting Against Fraud…New Report Provides Insight

Security Affairs newsletter Round 368 by Pierluigi Paganini

Meal delivery service PurFoods announces major data breach

DOD ADDS TWO MORE (ISC)² CERTIFICATIONS TO REQUIREMENTS FOR CYBERSECURITY STAFF

A Comprehensive Overview Of Nanotechnology And Applications Of Nanotechnology

Finalists: Best Customer Service

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

Experts warn of ransomware attacks against government organizations of small states

Enhanced Google Play Protect real-time scanning for app installs

How to Comply with GDPR, PIPL, and CCPA

Apple's New Advanced Security Features Protect Your Sensitive Data

Data Privacy: Why It Matters To The Rest Of Us

The Top 10 Cyber Vulnerabilities for 2021

NHS is still assessing the cost of WannaCry one year later

Venafi Wins 2021 CyberSecurity Breakthrough Awards

TicketClub Italy Database Offered in Dark Web

Report: Threat of Emotet and Ryuk

HITRUST vs. HIPAA: Ensuring Data Security and Compliance

Stay Connected