Attorneys general across 33 states have reached settlements for three health data breaches that affected nearly 2 million people, including a $1.4 million settlement for a clearinghouse that left patient data exposed for three years. The AGs accused the firms of violating state laws and HIPAA rules.
The Clop ransomware operation's recent mass zero-day exploit of Progress Software's MOVEit secure managed file transfer software followed the criminals launching similar attacks against users of Accellion FTA, SolarWinds Serv-U and Fortra GoAnywhere.
The hacker who allegedly leaked mental health records online after breaking into a Helsinki-based psychotherapy chain's patient database has been charged in Finnish court with multiple counts of extortion and leaking data. Finnish national Aleksanteri Tomminpoika Kivimäki, 26, has denied guilt.
The FBI is warning plastic surgery practices and their patients of cybercriminals targeting their sensitive health information and medical photos for extortion schemes. The alert followed recent hacking incidents at several plastic surgery practices involving data theft.
Thousands of North Korean IT workers hid their identities to earn hundreds of millions of dollars in IT contract work from overseas companies to help finance the country's weapons development program, U.S. and South Korean agencies said. Officials said to watch for workers who are camera-shy.
This week, Citrix's update was insufficient, a Navy IT manager was sentenced to prison for accessing a database, a Moldovan man pleaded not guilty to running a credentials marketplace, new details emerged on health data breaches, and a television advertising giant suffered a ransomware attack.
Filipino authorities are pushing for higher funding for the country's cybersecurity agency and other government agencies in the wake of recent cyberattacks that resulted in data breaches at multiple government agencies. Researchers say cybercriminals and nation-state actors are behind the attacks.
Cisco issued an urgent warning Monday about a critical vulnerability in one of its modular operating system's web interfaces that is designed for routers, switches and other appliances. Hackers exploited the IOS XE software UI to gain admin rights that give them full control of compromised devices.
IBM says the personal information of 631,000 people was compromised by a "technical method" that allowed unauthorized access to a third-party database used by a Johnson & Johnson patient medication support platform. IBM said the problem has been fixed, but two lawsuits have already been filed.
The number of people affected by a Tennessee cardiac care clinic hack has more than doubled to 411,000 since the healthcare group first reported the incident to regulators in July. Cybercriminal group Karakurt claimed responsibility for the attack, which has so far triggered five class action suits.
Federal authorities are warning healthcare organizations and the public health sector of threats involving NoEscape, a relatively new multi-extortion ransomware-as-a-service group believed to be a successor to the defunct Russian-speaking Avaddon gang.
Security researchers attributed a wave of targeted cyberattacks against telecommunications companies and government ministries in several Asian countries to a Chinese advanced persistence threat group named ToddyCat. The group has been expanding its cyberespionage operations in Asia since late 2022.
The zero-day campaign underpinning the May mass attack on Progress Software's MOVEit file transfer software is now the vulnerability fueling a flotilla of attorneys, the software vendor disclosed in a regulatory filing listing pending litigation and governmental investigations.
In the latest weekly update, Ari Redbord, head of legal and government affairs at TRM Labs, joined ISMG editors to discuss: how Hamas is using crypto to finance operations, the latest illicit activities by North Korean actors, and how the trial of FTX's Sam Bankman-Fried could impact the industry.
This week: Google began phasing out passwords, Microsoft to bid VBScript goodbye, payment card information exposed in Air Europa hack, Magecart attack uses sneaky 404 page tactic, U.S. voter registration data stolen from the District of Columbia, and Volex reports a hack attack.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.in, you agree to our use of cookies.