Aggregator

IT Services Vendor Is Sending Individual Letters to Victims on a Rolling Basis
Millions of Americans will soon receive a breach notification letter from Change Healthcare, which said on Monday that it has started the process of notifying victims of the massive cyberattack and data theft incident first detected more than five months ago.

Leading Cybersecurity, Technology Companies 'Gravely Concerned' Over Cyber Treaty
Leading cybersecurity and technology firms in the West feel "abandoned" by the United States and Europe as talks for a United Nations cybercrime treaty near their end. Member nations resumed cybercrime treaty negotiations on Monday in New York.

Peter McKay on Improving Developer Practices, Integrating Security and Cutting Risk
Snyk CEO Peter McKay discusses lessons from the recent CrowdStrike outage, emphasizing the importance of robust development practices, effective communication and the integration of quality and security in modern software development. He also highlights Snyk's role in advancing developer security.

Threat Actors Profit From GitHub's Inauthentic Accounts Network
Hackers apparently stymied by improved network detection of malware are turning to fake GitHub repositories to host malicious links and archives embedded with viruses. A threat actor dubbed "Stargazer Goblin" is a step beyond hackers who merely use GitHub repositories to host malicious code.

Median Ransomware Attack Recovery Cost for Critical Infrastructure Is 4X Higher
Ransomware remains a major threat to energy, oil/gas and utilities organizations of all sizes around the globe. Our 2024 state of ransomware report reveals that the median recovery costs for two critical infrastructure sectors - energy and water - quadrupled to $3 million over the past year.

Microsoft's Tool Requires Physical Access, a 'Time-Consuming and Laborious Task'
Microsoft's statement that a faulty CrowdStrike update affected less than 1% of active Windows systems doesn't tell the full story, since large organizations in critical sectors make up a disproportionate part of the user base, as the outages in healthcare, transportation and banking demonstrate.

Tips on Managing Public Relations in the Face of a Cyber Incident
Cybersecurity incidents are not just technical problems. They are also major public relations challenges. Effective IT and cybersecurity leadership during a crisis can significantly affect your company's reputation, stakeholder trust and overall recovery - and have a big impact on your career.

The deployment of an asset management platform is helping Main Line Health gain deeper visibility and better security over the 100,000-plus medical devices and IoT gear used throughout the group's multiple hospitals and medical facilities, said CISO Aaron Weismann, who discusses the implementation.

Healthcare groups should consider several key points about a recent Texas federal court ruling and its impact on the use of online tracker technology on the healthcare websites of HIPAA-regulated organizations, said privacy attorney Iliana Peters of the law firm Polsinelli.

The interconnectedness of medical devices, which generate data that can be distributed to multiple systems that are often managed by different policies, presents privacy concerns that device manufacturers must address, said Adam Hesse, CEO of Full Spectrum.

The FDIC is clarifying its policy and supervisory approach related to facilitating payment processing services directly, or indirectly through a third party, for merchant customers engaged in higher-risk activities.

The FFIEC on Oct. 7 issued a joint statement concerning Microsoft's discontinuation of support for its Windows XP operating system as of April 8, 2014.

Five federal regulatory agencies encourage financial institutions to work with customers affected by the federal government shutdown.