More information continues to emerge about the destructive malware attack that targeted Ukrainian government systems last week. As a probe continues, numerous questions about the incident remain unanswered. But the three-stage wiper attack, disguised as ransomware, apparently hit few systems.
VPN Lab, known for its alleged wide use by ransomware threat actors, has been shut down. Fifteen servers associated with VPNLab.net were seized or disrupted based on multiple international investigations tying the VPN service provider to cybercrime operations, according to Europol.
Ransomware group ShinyHunters has published 700 GB of data stolen from Indian firm Aditya Birla Fashion and Retail on a dark web forum, says Troy Hunt of Have I Been Pwned. A source at the retailer, however, says that its threat intrusion and detection solutions have not shown signs of an attack.
Because healthcare IT environments are so complicated, it will become essential for all suppliers to provide and maintain a software bill of materials for their products to remain relevant, says Curt Miller of the Healthcare Supply Chain Association.
GAO auditors say in a new report that the federal government's response to both the SolarWinds software supply chain attack and the exploitation of Microsoft Exchange Servers in 2021 sharpened its coordination efforts, but also exposed information-sharing gaps.
In the midst of a global pandemic, the federal breach tally shows that a record number of major health data breaches were reported in the U.S. in 2021, and the overwhelming majority of them involved hacking/IT incidents. Will those trends continue in 2022?
A family medical practice is notifying nearly 200,000 individuals that their information was compromised in a 2020 ransomware attack on cloud hosting vendor Netgain Technology, an incident that also affected several of the vendor's other clients and hundreds of thousands of their patients.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of incident repose planning; the worldwide impact of the LOg4j flaw, which may lead to 2022 being the year of the SBOM; and the increasingly blurred line between conventional...
The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.
In the wake of the explosive Apache Log4j vulnerabilities, the White House hosted tech leaders and federal agencies in a summit to discuss ways to improve open-source software security. The meeting was hosted by Deputy National Security Adviser for Cyber and Emergency Technology Anne Neuberger.
Maryland officials confirm that a December cyberattack on the state's health department, which is still disrupting some services, involved ransomware - but that no ransom was paid. Also, lawsuits have been filed against a Florida specialty pharmacy in the wake of a November cyber incident.
Police in Ukraine have arrested five individuals on suspicion of using ransomware to extort more than 50 companies across the United States and Europe, as well as to provide an IP-changing service to international hackers to help them distribute malware, steal sensitive data and disrupt sites.
Healthcare and public health sector entities must heed the warnings this week by federal authorities of Russian state-sponsored cyberthreats to critical infrastructure organizations, some experts say. Why are the stakes so high?
Attackers wielding Night Sky ransomware are among the latest groups that have been attempting to exploit critical vulnerabilities in widely used Apache Log4j software. Microsoft says that among other attacks, a China-based ransomware operator has been exploiting Log4j flaws in VMware Horizon.
The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.