More than 1.5 million patient health records were breached in March, a sharp rise from January and February, according to a report by the Protenus "Breach Barometer." There were 39 data breaches in March -- either reported to the Department of Health and Human Services (HHS) or disclosed on social media or through other sources -- up from 31 each month in January and February. A total of 388,000 patient records were breached in January, and 206,000...
Read moreDetailsWhile 53% of security professionals report increased pressure in trying to secure their organization, there has been a shift in the source of this stress, according to Trustwave. Security is now becoming more personal, with 24% of respondents citing pressure exerted by oneself as the second-biggest human pressure pusher, up 13% from the previous year. View full story ORIGINAL SOURCE: Help Net Security
Read moreDetailsAfter suffering a DNS outage earlier on Thursday, Melbourne IT has said all impact has been mitigated. Australian domain name registrar Melbourne IT and its subsidiaries Netregistry and TPP Wholesale have recovered from a major outage experienced earlier on Thursday that affected DNS servers. As a result of the outage, many customer sites were unavailable. Melbourne IT posted an update at 1:30pm AEST advising that all DNS impact had been mitigated. "Both national and international...
Read moreDetailsSAP has rushed out a patch for its TREX search engine, after security researchers found bugs in a 2015 patch. TREX is a search engine used in several SAP products, including its HANA database and its venerable NetWeaver application and integration platform. According to ERPScan, SAP thought it had patched the code injection vulnerability in December 2015. View full story ORIGINAL SOURCE: The Register
Read moreDetailsAn app that lets Aga cooker owners remotely control their ovens could be hijacked by hackers, a cybersecurity researcher has claimed. Ken Munro of Pen Test Partners was thinking of upgrading his Aga when he found vulnerabilities in the apps used to control the newest models. It means ovens could be turned on or off, though not in a way that makes the cookers dangerous. Aga has said it has contacted the third party that...
Read moreDetailsResearchers who track nation-state groups say open-source hacking tools increasingly are becoming part of the APT attack arsenal. Nation-state hacking teams increasingly are employing open-source software tools in their cyber espionage and other attack campaigns. For some of these threat groups, it's a cost-saving move and a more efficient early-stage attack method. Using the same hacking tools used by security researchers and penetration testers to root out security weaknesses and exploit holes in enterprise networks...
Read moreDetailsThe center will be headquartered in Finland next to neighboring Russia, which stands accused of launching so-called "hybrid" attacks, such as the spreading of fake news. The West has a plan to counter Russia's aggressive "fake news" engine. Several EU and NATO nations, including the US and the UK, have signed up to establish a center in Helsinki, Finland to counter cyberattacks and other emerging threats, such as the spreading of disinformation and propaganda. France,...
Read moreDetailsSome GTA Online fans on PC and last-gen consoles are being hit with a new exploit that hackers are using to steal millions of in-game dollars from unsuspecting players. While hacking GTA Online is nothing new, this new “trick” has some longtime fans vowing to stay offline until it’s fixed. Forum posts, Tweets, and videos are reporting that, over the last few days, hackers have gained the ability to steal vast sums of money from...
Read moreDetailsWhile security researchers and companies go through the collection of hacking tools contained in the data dump that the Shadow Brokers failed to sell, Symantec has tied hacking tools from WikiLeaks’ Vault 7 documents to “Longhorn,” a cyber espionage group whose activity they have been following for years. The encrypted file containing the data was already available for download, but the group has now released the key required to decrypt it. For those of you who lost...
Read moreDetailsAn infosec educator from the United States Military Academy at West Point have taken a look at Netflix's HTTPS implementation, and reckons all he needs to know what programs you like is a bit of passive traffic capture. The problem, writes Michael Kranch (with collaborator Andrew Reed), is information in TCP/IP headers are enough to leak content information. View full story ORIGINAL SOURCE: The Register
Read moreDetails