Fri.Aug 14, 2020

article thumbnail

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

R1 RCM Inc. [ NASDAQ:RCM ], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. Formerly known as Accretive Health Inc. , Chicago-based R1 RCM brought in revenues of $1.18 billion in 2019. The company has more than 19,000 employees and contracts with at least 750 healthcare organizations nationwide.

article thumbnail

Weekly Update 204

Troy Hunt

It's an extra early one this week and on review, I do look a bit. dishevelled! I run through a whole bunch of things from this week's Twitter timeline and there's some great audience questions this week too so thanks very much everyone for the engagement. Next we'll do it at the other end of the day again and I'm sure there'll be a heap of new stuff to cover before then.

Internet 281
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Drovorub Malware

Schneier on Security

The NSA and FBI have jointly disclosed Drovorub, a Russian malware suite that targets Linux. Detailed advisory. Fact sheet. News articles. Reddit thread.

Malware 282
article thumbnail

The Dangers of Unsubscribe Links – Third Certainty #25

Adam Levin

Unsubscribe links in the footers of unwanted emails present an ideal trap for hackers. In the latest episode of Third Certainty, Adam Levin explains how to deal with unwanted and unsolicited emails without compromising cybersecurity. The post The Dangers of Unsubscribe Links – Third Certainty #25 appeared first on Adam Levin.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I'm giving a keynote address at the Cybersecurity and Data Privacy Law virtual conference on September 9, 2020. The list is maintained on this page.

article thumbnail

How cybercriminals are exploiting US unemployment benefits to make money

Tech Republic Security

Scammers use Social Security numbers and other data to create synthetic IDs to collect unemployment benefits, says IntSights.

186
186

More Trending

article thumbnail

Maze ransomware gang leaked Canon USA’s stolen files

Security Affairs

Maze ransomware operators have leaked online the unencrypted files allegedly stolen from Canon during a recent ransomware attack. According to an internal memo obtained by ZDNet last week, the recent outage suffered by Canon was caused by a ransomware attack, at the same time Maze ransomware operators were taking the credit for the incident. The memo also reveals that the company has hired an external security firm to investigate the incident.

article thumbnail

Mac Users Targeted by Spyware Spreading via Xcode Projects

Threatpost

The XCSSET suite of malware also hijacks browsers, has a ransomware module and more -- and uses a pair of zero-day exploits.

Spyware 137
article thumbnail

Research Casts Doubt on Value of Threat Intel Feeds

Dark Reading

Two commercial threat intelligence services and four open source feeds rarely provide the same information, raising questions about how security teams should gauge their utility.

141
141
article thumbnail

Instagram Retained Deleted User Data Despite GDPR Rules

Threatpost

The photo-sharing app retained people’s photos and private direct messages on its servers even after users removed them.

Media 132
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Chinese APT CactusPete targets military and financial orgs in Eastern Europe

Security Affairs

China-linked threat actor tracked as CactusPete was employing an updated backdoor in recent attacks targeting military and financial organizations in Eastern Europe. A China-linked APT group, tracked by Kaspersky as CactusPete (aka Karma Panda or Tonto Team ), was observed using an updated backdoor in recent attacks targeting military and financial organizations in Eastern Europe.

Malware 90
article thumbnail

PoC Exploit Targeting Apache Struts Surfaces on GitHub

Threatpost

Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2.

Hacking 123
article thumbnail

7 Ways to Keep Your Remote Workforce Safe

Dark Reading

These tips will help you chart a course for a security strategy that just may become part of the normal way organizations will function over the next several years.

97
article thumbnail

Critical Flaws in WordPress Quiz Plugin Allow Site Takeover

Threatpost

The recently patched flaws could be abused by an unauthenticated, remote attackers to take over vulnerable websites.

103
103
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

DHS CISA Warns of Phishing Emails Rigged with KONNI Malware

Dark Reading

Konni is a remote administration tool cyberattackers use to steal files, capture keystrokes, take screenshots, and execute malicious code.

article thumbnail

How the Feds Took Down 3 Terrorist-Financing Cyber Campaigns

SecureWorld News

They say the third time's the charm. But in the case of this recent effort by the U.S. government, the first, second, and third times were all charms. Because it just managed to disrupt three cyber campaigns that happened to be financing some of the world's most infamous terrorist organizations. U.S. government disrupts three terrorist cyber scams. According to the U.S.

article thumbnail

IcedID Shows Obfuscation Sophistication in New Campaign

Dark Reading

The malware's developers have turned to dynamic link libraries (DLLs) to hide their work.

Malware 90
article thumbnail

HIPAA Compliance Checklist

Spinone

Healthcare providers and their business associates have to comply with the HIPAA privacy rule. HIPAA requires that personal health information (PHI) is safe from unauthorized access and usage. To achieve HIPAA compliance , you have to implement appropriate safeguards to protect your patients’ data. In other words, you have to ensure that you have means to keep your system secure.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

WFH Summer 2020 Caption Contest Winners

Dark Reading

Clever wordplay on sandcastles, sandboxes, zero trust. and granular controls. And the winners are.

61
article thumbnail

Threat Report Portugal: Q2 2020

Security Affairs

The Threat Report Portugal: Q2 2020 compiles data collected on the malicious campaigns that occurred from April to Jun, Q2, of 2020. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and also has a strong contribution from the community.

article thumbnail

Friday Squid Blogging: Editing the Squid Genome

Schneier on Security

Scientists have edited the genome of the Doryteuthis pealeii squid with CRISPR. A first. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

246
246
article thumbnail

North Korea’s Lazarus compromised dozens of organizations in Israel

Security Affairs

Since January 2020, the North Korea-linked Lazarus APT has successfully compromised dozens of organizations in Israel and other countries. The Israeli defence ministry announced on Wednesday that it had foiled a cyber attack carried out by a foreign threat actor targeting the country’s defence manufacturers. According to the officials, the attack was launched by “an international cyber group called ‘ Lazarus.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.