CyberSecurity Updates

20 Mar

A prescription for privacy protection: Exercise caution when using a mobile health app

Information

Privacy Given the unhealthy data-collection habits of some mHealth apps, you’re well advised to tread carefully when choosing with whom you share some of your most sensitive data Phil Muncaster 19 Mar 2024  •  , 5 min. read In today’s digital economy there’s an app for just about everything. One area that’s booming more than most is healthcare. From period and fertility trackers to mental health and mindfulness, there are mobile health (mHealth) applications available…

Read More
19 Mar

CISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber Activity

Attacks, Insights, Malware

Today, CISA, the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and other U.S. and international partners are issuing a joint fact sheet, People’s Republic of China State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders. Partners of this publication include:  U.S. Department of Energy (DOE)  U.S. Environmental Protection Agency (EPA)  U.S. Transportation Security Administration (TSA)  U.S. Department of Treasury   Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC)  Canadian Centre for Cyber Security (CCCS)…

Read More
18 Mar

Repository for Software Attestation and Artifacts Now Live

Attacks, Insights, Malware

Software producers who partner with the federal government can now upload their Secure Software Development Attestation Forms to CISA’s Repository for Software Attestation and Artifacts. Software producers that provide the government software can fill out the form to attest to implementation of specific security practices. CISA and the Office of Management and Budget (OMB) released the form on March 11, 2024, following extensive stakeholder and industry engagement. See the recent blog post from Federal CISO…

Read More
17 Mar

Healthcare still a prime target for cybercrime gangs – Week in security with Tony Anscombe

Information

Video Healthcare organizations remain firmly in attackers’ crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in the US in 2023 15 Mar 2024 More than 20 percent of ransomware attacks that hit critical infrastructure organizations in the United States in 2023 were aimed at the healthcare sector, according to the 2023 Internet Crime Report of the FBI’s (Internet Crime Complaint Center (IC3). More specifically, IC3 received 1,193 reports of…

Read More
16 Mar

Threat intelligence explained | Unlocked 403: A cybersecurity podcast

Information

Video We break down the fundamentals of threat intelligence and its role in anticipating and countering emerging threats Alžbeta Kovaľová 14 Mar 2024 The threat landscape is becoming ever more complex and perilous by the day. Adversaries, ranging from state-aligned advanced persistent threats (APTs) to opportunistic cybercriminals, are well-funded, adaptable and relentless, targeting various chinks in organizations’ cyber armors and often catching organizations off guard. Against this backdrop, cyber treat intelligence is becoming increasingly more…

Read More
14 Mar

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

Information, Insights

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years. Onerep’s “Protect” service starts at $8.33 per month for individuals and $15/mo for families, and promises to remove your personal information…

Read More
14 Mar

How to share sensitive files securely online

Information

How To Here are a few tips for secure file transfers and what else to consider when sharing sensitive documents so that your data remains safe Phil Muncaster 13 Mar 2024  •  , 4 min. read Our lives are increasingly lived in the digital world. And while this comes with a host of benefits, it also exposes us to the threat of data theft. Whether it’s sensitive personal, medical or financial information, anything the bad…

Read More
14 Mar

Cisco Releases Security Updates for IOS XR Software

Attacks, Insights, Malware

Cisco released security updates to address vulnerabilities in Cisco IOS XR software. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device.  CISA encourages users and administrators to review the following advisories and apply the necessary updates:  Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability  Cisco IOS XR Software SSH Privilege Escalation Vulnerability Cisco IOS XR Software Layer 2 Services…

Read More
13 Mar

Election cybersecurity: Protecting the ballot box and building trust in election integrity

Information

Critical Infrastructure What cyberthreats could wreak havoc on elections this year and how worried should we as voters be about the integrity of our voting systems? Phil Muncaster 12 Mar 2024  •  , 4 min. read This year, billions of people will go to the polls to decide their next political leaders. From India to the US, the outcomes of these and other elections could shape geopolitics for the coming years. With so much at…

Read More
12 Mar

Patch Tuesday, March 2024 Edition

Information, Insights

Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple’s new macOS Sonoma addresses at least 68 security weaknesses, and its latest updates for iOS fixes two zero-day flaws. Last week, Apple pushed out an urgent software update to its flagship iOS platform, warning that there were at least two zero-day exploits for vulnerabilities being…

Read More