A new partnership aims to help healthcare IT vendors and services firms improve their overall risk and security profile and provide greater transparency to thousands of healthcare providers. As part of the partnership, KLAS, which has conducted deep research and analysis on more than 900 healthcare IT products and services, will introduce a new Cybersecurity Readiness Assessment.
Iranian cyber threat actors have been continuously improving their offensive cyber capabilities. They continue to engage in more conventional offensive cyber activities ranging from website defacement, distributed denial of service (DDoS) attacks, and theft of personally identifiable information (PII), to more advanced activities—including social media-driven influence operations, destructive malware, and, potentially, cyber-enabled kinetic attacks, warns the Cybersecurity and Infrastructure Security Agency (CISA).
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) will be releasing a document that provides a roadmap to threat mitigation of Position, Navigation, and Timing (PNT) services, a national critical function powering many of the critical infrastructure sectors that enable modern society. The conformance framework was developed with input from industry stakeholders and will help critical infrastructure owners and operators make risk-informed decisions when deciding what PNT equipment to deploy. It provides distinct levels of resilience so end users can choose equipment that’s appropriate for their needs, based on criticality and risk tolerance.
IBM X-Force has released a report on malicious cyber actors targeting the COVID-19 cold chain—an integral part of delivering and storing a vaccine at safe temperatures. Impersonating a biomedical company, cyber actors are sending phishing and spearphishing emails to executives and global organizations involved in vaccine storage and transport to harvest account credentials. The emails have been posed as requests for quotations for participation in a vaccine program.
This holiday season, more consumers than ever will be shopping digitally - and cybercriminals are already capitalizing on the opportunity. Greg Foss, Senior Cybersecurity Strategist at VMware Carbon Black, looked through the dark web to find that: There’s a continued rise in e-skimming attacks in the retail sector, where attackers inject JavaScript into website payment processing pages in order to siphon credit cards and account credentials from customers.
The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC), a community for sharing sector-specific cybersecurity information and intelligence, announced it latest board members and officers.
The findings of Johnson Controls' annual Energy Efficiency Indicator survey finds that more than half of organizations plan to increase investment in energy efficiency, renewable energy and smart building technology next year, comparable with investment trends after the 2010 recession.
The National Center for Missing & Exploited Children (NCMEC) was looking for a critical communications solution to serve as its primary mass notification system for its AMBER Alerts.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed persistent continued cyber intrusions by advanced persistent threat (APT) actors targeting U.S. think tanks. This malicious activity is often, but not exclusively, directed at individuals and organizations that focus on international affairs or national security policy. The following guidance may assist U.S. think tanks in developing network defense procedures to prevent or rapidly detect these attacks.
ESET researchers discovered a previously undocumented backdoor and document stealer used for cyber-espionage. ESET has been able to attribute the program, dubbed Crutch by its developers, to the infamous Turla APT group. It was in use from 2015 until at least early 2020. ESET has seen Crutch on the network of a Ministry of Foreign Affairs in a country of the European Union, suggesting that this malware family is only used against very specific targets. These tools were designed to exfiltrate sensitive documents and other files to Dropbox accounts controlled by Turla operators.
RSS
