Two New Trends Make Early Breach Detection and Prevention a Security Imperative
Key signs to look for in today’s complex data threat landscape Introduction The most vulnerable data repositories are the ones deep in your organization’s infrastructure. Everyone assumes they are safe, but as with your home, organizations must invest in security at entry points. Otherwise, the...
10CVSS
0.4AI Score
0.975EPSS
Russian Radio Station Hacked to Broadcast Ukrainian National Anthem
By Waqas The Kommersant FM's online bulletin was suddenly interrupted to play Ukraine's anthem and anti-war songs by anti-war hackers… This is a post from HackRead.com Read the original post: Russian Radio Station Hacked to Broadcast Ukrainian National...
2.7AI Score
Zoho Password Manager Flaw Torched by Godzilla Webshell, New Data Stealer
A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far (technology,.....
10CVSS
10.5AI Score
0.975EPSS
Insider Threats: What Are They, Really?
What an insider threat really is The idea of an “insider threat” sounds like some sort of double agent hiding away in a cubicle—someone hired to steal company secrets and take you down. That sounds pretty exciting, but it’s not very accurate. When we talk about insider threats, in reality, we’re...
-0.9AI Score
China's Hacking Spree Will Have a Decades-Long Fallout
Equifax. Anthem. Marriott. OPM. The data that China has amassed about US citizens will power its intelligence activities for a...
7AI Score
U.S. Charges 4 Chinese Military Hackers Over Equifax Data Breach
The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans. In a joint press conference held today with the Attorney General...
0.4AI Score
Spear phishing 101: what you need to know
Phishing, a cyberattack method as old as viruses and Nigerian Princes, continues to be one of the most popular means of initiating a breach against individuals and organizations, even in 2020. The tactic is so effective, it has spawned a multitude of sub-methods, including smishing (phishing via...
6.5AI Score
ThreatList: Data Breaches Batter Stock Prices at Public Companies, For Months
Much has been made of the fallout that companies face after a data breach. But for public companies, shaken investor confidence adds a whole new dimension to recovery concerns. A recent study from Comparitech shows that share prices for large breached companies will hit a low point approximately...
-0.1AI Score
Podcast: Insider Attacks May Soon Cost Less Than Malware-based Equivalent
As it becomes more difficult and expensive to infiltrate environments via malware, cybercriminals may start turning in the future to a more viable and less costly alternative: Insider threats. This podcast is brought to you by Code42. Threatpost talks to Tim Brown, vice president of security at...
-0.4AI Score
Podcast: Departing Employees Could Mean Departing Data
With so many malicious adversaries trying to penetrate companies’ networks, companies are forgetting to watch out for a dangerous threat from within their own ranks – insider threats. Threatpost talks to Tim Bandos, vice president of cybersecurity at Digital Guardian, about the top types of...
-0.7AI Score
Insurance data security laws skirt political turmoil
Across the United States, a unique approach to lawmaking has proved radically successful in making data security stronger for one industry—insurance providers. The singular approach has entirely sidestepped the prolonged, political arguments that have become commonplace when trying to pass...
0.2AI Score
Bluetana App Quickly Detects Hidden Bluetooth Card Skimmers at Gas Pumps
In recent years, gas stations have become one of the favorite targets for thieves who are stealing customers' credit and debit card information by installing a Bluetooth-enabled payment card skimmers at gas stations across the nation. The media has also reported several recent crimes surrounding...
-0.4AI Score
For two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed.....
0.1AI Score
0.975EPSS
Cybercrime Gang Behind GozNym Banking Malware Dismantled
The cybercrime network behind the GozNym malware, used to siphon $100 million out of its victims, has been dismantled in a massive international investigation, according to authorities. Europol said on Thursday that they are charging 10 members of the GozNym criminal network with spreading the...
0.6AI Score
DOJ Says Chinese Hackers Attacked Anthem, but Not Why
For years, China was rumored to be behind the health insurance company's massive data breach, but now the Justice Department is noticeably silent on the hackers' motives and...
7AI Score
Chinese Hackers Behind 2015 Anthem Data Breach Indicted
Two Chinese nationals have been charged in the massive 2015 data breach of health insurer Anthem that impacted more than 78 million people. Fujie Wang, 32, and another Chinese man, who remains unnamed, were allegedly part of a China-based hacking group that was behind the breach of Indiana-based...
1.1AI Score
U.S. Charges Chinese Hacker For 2015 Anthem Data Breach
The United States Justice Department today announced charges against a Chinese hacker and his hacking team member for their alleged role in the 2015 massive data breach at health insurance giant Anthem and three other unnamed American companies. Fujie Wang (王 福 杰) and another hacker named John...
0.9AI Score
US Congress proposes comprehensive federal data privacy legislation—finally
The United States might be the only country of its size—both in economy and population—to lack a comprehensive data privacy law protecting its citizens’ online lives. That could change this year. Never-ending cybersecurity breaches, recently-enacted international privacy laws, public outrage, and.....
6.5AI Score
Marriott Hack Reported as Chinese State-Sponsored
The New York Times and Reuters are reporting that China was behind the recent hack of Marriott Hotels. Note that this is still uncomfirmed, but interesting if it is true. Reuters: Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in...
1.2AI Score
If China Hacked Marriott, 2014 Marked a Full-on Assault
It increasingly appears that China was behind the Marriott hack, making 2014 a landmark year in cyberattacks against the...
6.9AI Score
Anthem, Apple and the Pentagon: A Data-Breach Cornucopia
Like pumpkin spice and turning leaves, data breaches have become a theme for the fall. This season is shaping up to be no exception, with Anthem, Apple and, worryingly, the Pentagon all making headlines in the last few days. It is, of course, part of the “new normal” as cyberattackers continue to.....
0.2AI Score
www22.anthem.com XSS vulnerability
Open Bug Bounty ID: OBB-641050 Description| Value ---|--- Affected Website:| www22.anthem.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
-0.1AI Score
Ticketfly, Major Concert Venues Still Offline After Hack
UPDATE Ticketfly and several major venues’ services are still offline Monday morning as they struggle to recover from a major hack that have brought down their websites and disrupted several public on-sale concert tickets. Ticket distribution service Ticketfly said in a statement that it has...
0.3AI Score
Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption....
6.5CVSS
6.9AI Score
0.001EPSS
Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption....
6.5CVSS
7AI Score
0.001EPSS
Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption....
6.5CVSS
6.4AI Score
0.001EPSS
Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS...
6.5CVSS
6.5AI Score
0.001EPSS
The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3...
8.8CVSS
8.7AI Score
0.001EPSS
OVERVIEW MedSec Holdings Ltd has identified vulnerabilities in Abbott Laboratories’ (formerly St. Jude Medical) pacemakers. Abbott has produced a firmware patch to help mitigate the identified vulnerabilities in their pacemakers that utilize radio frequency (RF) communications. A third-party...
8.8CVSS
8.1AI Score
0.001EPSS
Trend Micro at HiMSS: Protecting Healthcare Organizations with Optimized, Connected Security
Submitted by Elie Nasrallah _ , Director – Cyber Security Strategy__ _ The healthcare industry remains one of the most frequently targeted sectors in the United States. It accounted for nearly a quarter (23%) of all breaches reported in 2017, second only to the business category, in another...
6.9AI Score
Securing Healthcare Data and Applications
The healthcare industry is quickly growing as a sweet spot for hackers to steal large amounts of patient records for profit. The US Department of Health and Human Services breach tool reports over 340 data breaches in 2017 impacting more than 3 million individuals, and 176.5 million individuals...
6.7AI Score
Singapore government gets into the network defense game
There is a common assumption in the infosec community that enormous breaches like those at Equifax, Anthem, and Target are the new norm. That the next mega breach is simply a matter of time. This is because large companies loathe spending money on things that are not directly profitable like...
6.7AI Score
Phishes, pseudophishes, and bad email
Everyone knows about phishing. We’ve all heard that the solution to phishing is to educate the user as, after all, it must be the user’s fault for stupidly clicking on the thing. But what about when perverse incentives make clicking the phish seem logical? What about the enterprise...
6.5AI Score
NFL Players and Agents Targeted in Database Extortion Attempt
A misconfigured database containing records belonging to 1,133 National Football League players and their agents was exposed via an unsecured Elasticsearch server. The database belongs to the NFL Players Association and includes the home address, phone numbers and IP addresses for hundreds of...
1AI Score
0.856EPSS
FDA Recalls Nearly Half a Million Pacemakers Over Hacking Fears
Almost half a million people in the United States are highly recommended to get their pacemakers updated, as they are vulnerable to hacking. The Food and Drug Administration (FDA) has recalled 465,000 pacemakers after discovering security flaws that could allow hackers to reprogram the devices...
7AI Score
FDA Recalls 465K Pacemakers Tied to MedSec Research
The United States Federal Drug Administration is recalling 465,000 pacemakers that attackers can gain unauthorized access to issue commands, change settings and maliciously disrupt. Affected are four models manufactured by Abbott Laboratories. According to the FDA, the recalls of affected...
0.4AI Score
0.001EPSS
Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption....
6.5AI Score
0.001EPSS
FBI Arrests Another Hacker Who Visited United States to Attend a Conference
The FBI has arrested a Chinese citizen for allegedly distributing malware used in the 2015 massive OPM breach that resulted in the theft of personal details of more than 25 Million U.S. federal employees, including 5.6 Million federal officials' fingerprints. Yu Pingan, identified by the agency...
7AI Score
Pakistani Govt Portal Hacked to Play Indian National Anthem
By Owais Sultan Nothing is surprising about Indians hacking Pakistani websites or vice This is a post from HackRead.com Read the original post: Pakistani Govt Portal Hacked to Play Indian National...
6.9AI Score
Breach at Third Party Contractor Affects 18,000 Anthem Members
A month after it agreed to settle 2015’s massive data breach, Anthem Inc., the United States’ largest healthcare company, has a new problem on its hands. The Indianapolis-based company began notifying 18,000 members affected by another unrelated data breach last week. Anthem reported the breach on....
0.6AI Score
June 27, 2017 – Morning Cyber Coffee Headlines – “Helen Keller” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee (or tea) and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! June 27, 2017 - Headlines 'Petya' ransomware attack strikes companies across...
6.6AI Score
Anthem Agrees to Settle 2015 Data Breach for $115 Million
Like many companies hit by data breaches, Anthem, the United States’ largest for-profit health care company, has been forced to watch from the sidelines while the incident plays out in court. An end finally appears to be in sight however. Late Friday the company agreed to settle a series of...
0.6AI Score
Transforming the Cyber Health of Small HCOs Across the US
When we talk about healthcare breaches, there are some big-name incidents. Yet in reality there’s a huge number of smaller providers who are in the hackers’ sights and maybe don’t have the resources or expertise to adequately defend themselves. With ransomware threatening to shut down systems and.....
7.1AI Score
Yahoo Challenged on Claims Breach Was State-Sponsored Attack
As challenges mount against Yahoo’s attribution of a massive 2014 data breach to state-sponsored hackers, CISO Bob Lord yesterday confirmed that a cache of 200 million Yahoo accounts marketed this summer in an underground forum is unrelated to the breach. Speaking at the Structure Security...
-0.3AI Score
2016 Computer Security Predictions
Well, if you thought you had it rough in 2014 because of big, bad Poodles and an irritating case of Heartbleed, things only got worse this year. Rather than intrusions permeating our IT systems and stealing our data, attacks got a bit more personal in 2015. Not only were privacy and civil...
-0.4AI Score
Highlights from the HITRUST Health Industry Third Party Assurance Summit
On June 29, 2015, the Health Information Trust Alliance (HITRUST) announced that several massive payer organizations, including Anthem, Health Care Services Corp., Highmark, Humana, and UnitedHealth Group will require their business associates to obtain CSF certification. While this is old news,...
1.6AI Score
CISA Passes Senate Without Addressing Privacy Concerns
To the consternation of many — tech companies, privacy advocates, and civil liberties groups included — members of the Senate voted overwhelmingly Tuesday to pass a version of the Cybersecurity Information Sharing Act, a bill that many opposed argue will lead to continued pervasive government...
-0.2AI Score
BSIMM6 Data Shows Poor Health Care Software Security
The folks behind the Building Security in Maturity Model (BSIMM), its sixth iteration available today, tout the project as an intersection between science and computer security. “It’s more like a science experiment that escaped the test tube,” said Gary McGraw, chief technology officer of Citigal,....
-0.1AI Score
Health Insurer Excellus Hacked; 10.5 Million Records Breached
Health Care Hacks — the choice of hackers this year! In a delayed revelation made by _Excellus BlueCross BlueShield (BCBS), _which says that about 10.5 Millions of their clients' data and information has been compromised by hackers. Excellus BCBS headquartered in Rochester, New York, provides...
7AI Score
NY Health Provider Excellus Discloses Data Breach Dating to 2013
Excellus BlueCross BlueShield, a large health care provider in New York state, says it was hit by an attack that began in 2013 and wasn’t discovered until last month, resulting in the compromise of members’ personal information, including Social Security numbers, addresses, financial and account...
2.5AI Score