News

A new bill with bipartisan support has been proposed by US lawmakers, with the intention of enhancing the cybersecurity of America's healthcare and public health (HPH) sector. The Healthcare Cybersecurity Act (S.3904) was proposed by US senators Jacky Rosen and Bill Cassidy on Thursday. The proposal is likely a reaction to the White House warning over the increased risk of cyberattacks hitting the US amidst the Russian invasion of Ukraine. “Health centres save lives and...

The new Trans-Atlantic Data Privacy Framework, announced over the weekend by the EU and the US, signals incoming clarification as to what data flows are allowed. The announcement comes after a European court struck down the EU-US Privacy Shield one and a half years ago. The Privacy Shield agreement, which set the terms for transatlantic transfers of personal data, was shut down by the European Court of Justice as US laws were found to not offer...

A third-party vendor of American Major League Baseball has been hit with a cyber-attack, resulting in the personal information of players and their family members being stolen. Horizon Actuarial Services LLC, a consulting firm based in Maryland, suffered a ransomware attack in November of last year. The company recently released a data incident notice, revealing that data in its Local 295 IBT Employer Group Welfare Fund and its Major League Baseball Players Benefit Plan had...

A new study from Cisco has found that a tenth of UK employees actively circumvent their organisation's security measures. The network technology company polled over 1000 UK professionals working for organisations that allow hybrid working, in order to better understand the potential security risks of the modern, flexible workplace. The research has revealed that many hybrid workers do not see cybersecurity responsibility, with many actively finding workarounds or engaging in risky behaviours such as password...

The White House is urging U.S. organizations to shore up their cybersecurity defenses after new intelligence suggests that Russia is preparing to conduct cyberattacks in the near future, BleepingComputer reported this week. With the U.S. imposing strict sanctions against Russia and aiding Ukraine in the war, the White House is expecting the Kremlin to retaliate with cyberattacks against critical infrastructure and U.S. interests. While Ukraine has been subject to many cyberattacks, there have been no...

City of London police have arrested seven individuals between the ages of 16-21 in connection with the Lapsus$ ransom attacks, according to the BBC. All of those arrested have been released under investigation. At this time, it is unclear whether the 16 year old alleged ringleader, operating out of his Mother's house, is among these. It has been revealed, however, that this individual has autism and attends a special education school in Oxford. After falling...

Multiple researchers disclosed a vulnerability this week that would allow nearby attackers to unlock and even start some Honda and Acura cars. To carry out the attack, threat actors would capture the R signals sent from a key fob to a car, then resending these signals to unlock the car and even start the engine from a short distance.  According to researchers, the vulnerability is largely unfixed, especially in more outdated models. Honda owners, however,...

Ransomware payments reached all-time highs last year, with related data leaks and ransom demands also surging, according to Palo Alto Networks. The stats were compiled from cases worked on by the security vendor's Unit 42 security consulting business. The 2022 Unit 42 Ransomware Threat Report published by Palo Alto Networks today claimed the average ransomware payment reached a record $541,010 in 2021, rising 78% year-on-year. Average ransom demands also rose by 144%, reaching an astronomical $2.2m. Its 2022...

Cybersecurity researchers investigating the ultra-prolific LAPSUS$ group have traced the attacks to a 16 year old living at his mother's house near Oxford, England. In a shocking turn of events, the four researchers investigating the attacks have said they believe the teenager is the mastermind behind the operation. LAPSUS$ has gained significant notoriety in the past month as they have hacked several organisations, including tech giants Samsung, Microsoft, NVIDIA and Okta. The 16 year old...

A medical Q&A service provider is facing criticism about its security processes after a cloud misconfiguration appeared to leak sensitive images of thousands of patients. A team at Safety Detectives reportedly discovered the Amazon S3 bucket, before tracing it to a Japanese firm called Doctors Me. There was reportedly no authentication controls in place, leaving the bucket wide open. Doctors Me offers a service enabling users to upload images of medical conditions to receive anonymous,...