Morgan & Morgan sues Tampa General Hospital over data breach. 1.2 million patients' data was stolen. Hospital failed to secure data and delayed notifying victims. Lawsuit seeks damages and accountability. Hashtags: #DataBreach #TampaGeneralHospital #Lawsuit

Infosecurity Magazine

Morgan & Morgan Sues Tampa General Hospital Over Data Breach

Plaintiffs claim hospital didn

A complete guide for building a modern CSOC and IRT, focusing on governance, roles and responsibilities, and accountability. #CSOC #IRT #cybersecurity LinkedIn's Ethical Hackers Academy posted an infographic comparing the legacy SOC and the modern SOC, highlighting the need for context and discussion. The director of Cyber Security Operations at IAI aimed to involve the SOC in investigations and proposed creating a separate IR team within the Cyber Directorate. A modern CSOC or IRT is essential for real-time monitoring, detection, response, and mitigation of security incidents and threats. The existing SOC lacked defined procedures and processes, leading to the need for a rebuild. The top-level directive defined the roles, authorities, and responsibilities of the CSOC and IRT, emphasizing the need for proactive, threat-driven cyber resilience. The CSOC/IRT core subdomains include automation and integration, training and doctrine, supervision and process improvement. A battle rhythm was implemented to synchronize daily operations and create a structure for day-to-day and shift-to-shift operations. Documented procedures and directives create governance, set expectations, define accountability, and provide an anchor for lessons learned and continuous improvement. Implementation and enforcement of the documentation are crucial for success. The methodology is addressed in the next chapter. #cybersecurity #CSOC #IRT

Cyber Security News

Building a Modern CSOC/IRT - Part I: Governance, Roles & Responsibilities and Accountability

A modern CSOC (Cybersecurity Operations Center) or IRT (Incident Response Team) is integral to any organization's cybersecurity setup.

Hackers are using Cloudflare Tunnels to gain stealthy access. They exploit the tunnels for stealthy HTTPS connections, bypassing firewalls, and maintaining long-term persistence. Cloudflare Tunnels allow outbound connections via HTTPS to Edge Servers, with access to services like SSH, RDP, and SMB. Attackers can control functionality activation and deactivation and evade detection by using QUIC connections on port 7844. Steps for exploiting Cloudflare Tunnels include creating a token on the victim's machine, accessing the executable, and establishing a client connection. Organizations should monitor unauthorized tunnel use and restrict services to chosen data centers. #cybersecurity #cybersecuritynews

Cyber Security News

Hackers Abuse Cloudflare Tunnels Feature to Gain Stealthy Persistent Access

Threat actors leveraged Cloudflare Tunnels through malicious PyPI packages for data theft and remote device access.

CISA Announces Cyber Security Strategy Plan for 2024-2026. The plan focuses on collaboration, innovation, and accountability. CISA aims to strengthen cybersecurity and infrastructure protection against hackers. The plan includes goals to address immediate threats, harden security, and drive security in products. The objective is to create a collaborative defense model that distributes risk and ensures security and resilience. The plan aims to safeguard cyberspace for all Americans and optimize cyber defense operations. #Cybersecurity #CISA #SecurityStrategy

Cyber Security News

CISA Announces Cyber Security Strategy Plan for 2024 to 2026

The Cybersecurity and Infrastructure Security Agency (CISA) is responsible for strengthening cybersecurity and infrastructure protection.

Two-thirds of UK websites vulnerable to bad bots. Majority of UK websites unable to block simple bot attacks, exposing businesses to fraud and account compromise. Only 8% of websites successfully blocked all bot requests. E-commerce and classified ads sectors performed the worst, while gambling sites were best defended. Malicious bots make up around 30% of internet traffic and cost organizations billions of dollars annually. UK firms must take action to protect against this growing threat. #UKwebsites #badbots #fraud #accountcompromise #cybersecurity

Infosecurity Magazine

Two-Thirds of UK Sites Vulnerable to Bad Bots

Those selling goods and classified ads are particularly exposed

North Korean hackers have compromised a Russian missile maker's IT network. Leaked emails helped researchers identify the cyber-espionage campaign. The attackers deployed a Windows backdoor called "OpenCarrot." The backdoor enables full compromise of infected machines and network-wide compromise. North Korea's cyber-espionage activities are believed to support its nuclear and missile program. #NorthKorea #cyberespionage #OpenCarrot #RussianMissileMaker

Infosecurity Magazine

North Korean Hackers Compromise Russian Missile Maker

NPO Mashinostroyeniya is under sanctions for supporting Kremlin war machine

A Security Operations Center (SOC) is a central unit within an organization responsible for managing and monitoring cybersecurity operations. It combines security alerts with network logs to anticipate, analyze, and respond to security incidents. The SOC consists of roles such as SOC Manager, Security Analyst, Incident Responder, Threat Hunter, Vulnerability Analyst, Forensic Analyst, and Compliance Analyst. Key components of a SOC include people, processes, technology, data, and facilities. The SOC performs functions such as monitoring, incident detection and analysis, incident response, threat hunting, vulnerability management, security information and event management (SIEM), threat intelligence, reporting and communication. Having a SOC provides improved security posture, reduced risk, faster incident response, better visibility, compliance, cost savings, and proactive threat hunting. Challenges in establishing and maintaining a SOC include resource limitations, alert fatigue, security threat complexity, system integration, training, and compliance. Despite the challenges, a well-established and effectively managed SOC can help an organization maintain a strong security posture and protect itself from security risks. #securityoperationscenter #SOC #cybersecurity #cyberthreats #incidentresponse #threatintelligence #vulnerabilitymanagement #compliance #riskmanagement

Cyber Security News

What is a Security Operations Center (SOC)? A Detailed Overview

In this article, we will explore the concept of a SOC in greater detail, including its functions, benefits, and key components.

Acoustic attack records laptop keystrokes with nearby phone. Hashtags: #AcousticAttack #DataSecurity #CyberSecurity #KeystrokeRecording.

Cyber Security News

New Acoustic Attack Records Laptop Keystrokes With Nearby Phone

The constant deep-learning advancements, and online services are actively escalating the threat of acoustic attacks on keyboards.

Microsoft's signing key was stolen by Chinese hackers who used forged authentication tokens to access user email using a stolen Microsoft Azure consumer signing key. The incident highlights negligent security practices and vulnerabilities in key validity checks. Furthermore, the key was stored in software instead of the system's Hardware Security Module (HSM), indicating a serious breach of security practice. The attack may be connected to the SolarWinds breach, and the long-term consequences of such attacks are being underestimated. Source code theft from infrastructure providers is becoming a preferred method for sophisticated threat actors. #authentication #backdoors #China #cybersecurity #hacking #keys #Microsoft

Schneier on Security

Microsoft Signing Key Stolen by Chinese - Schneier on Security

A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used forged authentication tokens to access use...

Summary: A new vulnerability has been discovered in PaperCut MF/NG print management software, allowing for unauthenticated remote code execution. The flaw can be exploited to read or write arbitrary files. PaperCut has released a patch for the vulnerability. Hashtags: #PaperCut #vulnerability #remoteCodeExecution Note: The text provided includes a lot of irrelevant information and repetition. I have extracted the relevant information for the summary and hashtags.

SecurityWeek

New PaperCut Vulnerability Allows Remote Code Execution

A new vulnerability in the PaperCut MF/NG print management software can be exploited for unauthenticated, remote code execution.

North Korean hackers target Russian missile developer. Cybersecurity firm discovers evidence of North Korean threat actors targeting Russian missile maker NPO Mashinostroyeniya. Leaked emails were intercepted, and data was stolen. The attack was linked to two North Korean hacker groups, ScarCruft and Lazarus. The breach likely began in late 2021 and was discovered in May 2022 #NorthKorea #Russia #CyberSecurity #Hacking

SecurityWeek

North Korean Hackers Targeted Russian Missile Developer

A sanctioned Russian missile maker appears to have been targeted by two important North Korean hacking groups.

Resilience Cyber Insurance Solutions raised $100 million in funding for global expansion of their cyber risk platform. The platform helps policyholders assess their cyber risk and prioritize security measures. The funding round was led by Intact Ventures and included participation from Lightspeed Venture Partners, General Catalyst, and Founders Fund. Resilience has raised over $225 million in prior funding and serves clients in multiple countries. The company offers insurance coverage and security services through its network. #CyberInsurance #CyberRiskPlatform #FundingRound #CybersecurityExpansion

SecurityWeek

Cyberinsurance Firm Resilience Raises $100 Million to Expand Its Cyber Risk Platform

Resilience Cyber Insurance Solutions has raised $100 million through a Series D funding round to support global expansion

Summary: 1. The FBI is warning about financial fraud in the NFT community. 2. Criminals are posing as NFT developers and tricking users into purchasing fake NFTs. 3. They create counterfeit social media accounts and websites to deceive users. 4. Victims are directed to connect their cryptocurrency wallets, which enables the criminals to steal their funds. 5. Stolen NFTs and cryptocurrency are often routed through cryptocurrency mixers and exchanges to cover their tracks. 6. The FBI advises users to research NFT opportunities, verify social media accounts, validate website authenticity, and be skeptical of enticing rewards. 7. Suspicious NFT-related activities should be reported to the FBI's Internet Crime Complaint Center. Hashtags: #FBI #NFTfraud #financialfraud #cybercrime #cryptocurrency #securityadvisory

Infosecurity Magazine

FBI Warns Against Criminals Posing as NFT Developers

Users are tricked into connecting their cryptocurrency wallets to malicious smart contracts

Invisible ad fraud targets Korean Android users, as discovered by cybersecurity experts. Certain apps distributed through Google Play discreetly load ads when the user's device screen is turned off, violating Google Play Developer policies. The fraudulent behavior can be remotely modified and pushed using Firebase Storage or Messaging service. McAfee reported the apps to Google, and many have been removed from the Play Store. #Android #AdFraud #Cybersecurity #GooglePlay

Infosecurity Magazine

Invisible Ad Fraud Targets Korean Android Users

McAfee said the library registers device information and drains battery life and mobile data

Summary: - A cyber-attack on hospital computer systems in the United States has caused disruptions and the closure of emergency rooms in multiple states. - Prospect Medical Holdings, a California-based company, was targeted in the attack, leading to the shutdown of its systems and the initiation of an investigation with the help of cybersecurity specialists. - Primary care services remained closed as security experts assessed the damage and worked to find a resolution. - The severity of the attack has immediate and far-reaching consequences on human lives, especially during the ongoing Covid-19 pandemic. - Law enforcement agencies are collaborating with the victim entities to identify the perpetrators and secure data. Hashtags: - #CyberAttack - #HealthcareDisruption - #EmergencyRoomClosure - #ProspectMedicalHoldings - #Investigation - #Cybersecurity - #PrimaryCare - #DigitalTransformation - #PatientSafety - #LawEnforcementCollaboration

Infosecurity Magazine

US Primary Care Services Shuttered After Cyber-Attack

Prospect Medical Holdings took its systems offline on Friday and initiated an investigation

Sophisticated malware is targeting air-gapped ICS systems, compromising defense mechanisms. Researchers have discovered a second-stage malware that extracts data, develops tools, and transmits data. The malware infects removable drives and sends data to Dropbox. Security experts recommend regular security assessments, vulnerability management, robust security solutions, timely updates, and incident prevention and response training. #cyberattack #cybersecurity #malware

Cyber Security News

Researchers Uncover a New Sophisticated Malware Attacking Air-Gapped ICS Systems

ICS security teams are actively fighting against a worm that is breaching and compromising the defense mechanisms of the air-gapped systems.

Summary: Cybersecurity researchers have discovered security vulnerabilities on points.com, the backend provider for major airline and hotel rewards programs. These vulnerabilities allowed attackers to gain unauthorized access to customer accounts, steal reward points, and access sensitive customer information. The vulnerabilities have since been fixed by the points.com team. Hashtags: #Cybersecurity #Points.com #RewardPrograms #DataBreach

Cyber Security News

Rewards Platform Flaw, Let attackers Steal User’s Personal Information

An attacker would have access to sensitive customer account information, transferring points from customer accounts and gaining unauthorized access...

North Korean hackers breach leading Russian missile and military engineering company. #CyberAttack #Vulnerability #DataBreaches #NorthKorea #Hackers

Cyber Security News

North Korean Hackers Breached Leading Russian Missile & Military Engineering Company

North Korean threat actors actively grabbed the attention of security experts, revealing fruitful campaign insights over the year.

Colorado Department of Higher Education targeted in ransomware attack and data breach impacting students and teachers. #DataBreach #RansomwareAttack #Cybersecurity The attack occurred between June 11 and June 19, with cybercriminals gaining access to names, social security numbers, and education records. #Cyberattack #DataIncident Impacted individuals include students and teachers who attended public institutions in Colorado and participated in various education programs. #DataBreach #Education Those affected are being offered free credit monitoring and identity theft protection services. #IdentityTheft #CreditMonitoring Education organizations are frequently targeted by cybercriminals, prompting government alerts. #Cybersecurity #EducationSector Colorado State University was recently impacted by the Cl0p ransomware group’s MOVEit hack. #Ransomware #CybersecurityAttack

SecurityWeek

Colorado Department of Higher Education Discloses Ransomware Attack, Data Breach

Colorado Department of Higher Education targeted in a ransomware attack that resulted in a data breach impacting many students and teachers.