Author: Josh Breaker Rolfe

Ransomware attacks on the healthcare sector surged in 2024, analysis from SafetyDetectives reveals. The year has already seen 264 attacks on healthcare providers by September, nearly surpassing the 268 attacks recorded for all of 2023. Escalating Cyber Threats SafetyDetectives argues that the growing number of ransomware groups and variants in 2024 contributed to the increasing number of attacks on the healthcare sector. In 2023, 68 active groups were responsible for nearly 4,841 attacks globally. This year, 87 groups averaged 394 monthly attacks. The report also reveals that cybercriminals are changing tactics: cybersecurity experts discovered 177 new ransomware variants between April…

A malicious package on the Python Package Index (PyPi) has been quietly exfiltrating Amazon Web Service credentials from developers for over three years, a new report from cybersecurity researchers at Socket has revealed. The package “fabrice” is a typosquat of the popular Python library “fabric” used for executing remote shell commands. It has been downloaded more than 37,000 times and, despite detection, remains available on PyPi. For Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, the long-term nature of the campaign suggests a calculated approach by advanced threat actors. “This approach aligns with a trend where attackers prioritize persistent access over…

Despite the recent takedown of the RedLine malware variant and a crackdown on “problematic” Telegram content, the credential abuse market is as vibrant as ever. This was revealed by new research from ReliaQuest. According to the company, cybercriminals appear undeterred by Telegram CEO Pavel Drurov’s recent arrest, promise to remove problematic content, and announcement of a more proactive approach to complying with government requests. Bad actors have long used Telegram, an end-to-end encrypted online messaging service, as a marketplace for selling stolen credentials. Despite Drurov’s promise to share user information with law enforcement, they continue to do so. ReliaQuest’s researchers observed…

Software supply chain company JFrog revealed on Monday that it had discovered 22 software vulnerabilities across 15 machine learning-related open-source software projects. The results, presented in JFrog’s latest ML Bug Bonanza blog, shed light on the security challenges organizations face as they accelerate AI and ML adoption and highlight the need for more robust protections. The blog post showcases the ten most severe server-side vulnerabilities and the techniques attackers are using to exploit them. According to the blog, those vulnerabilities would allow attackers to: “These vulnerabilities allow attackers to hijack important servers in the organization such as ML model registries,…

A staggering 70% of exploited vulnerabilities in 2023 were leveraged as zero days, meaning threat actors exploited the flaws in attacks before the impacted vendors knew of the bug’s existence or had been able to patch them. In addition, the average Time-to-Exploit (TTE) fell from 32 to just five days. These were two of the findings of new research that also revealed a shift in ratios between n-day (vulnerabilities first exploited after patches are available) and zero-day vulnerabilities in the past few years. Throughout 2021 and 2022, analysts observed a 38/62 split between n-day and zero-day vulnerabilities. By 2023, the…

A staggering 44% of CISOs were unable to detect a data breach in the last 12 months using existing security tools. Moreover, nearly three-quarters (70%) of CISOs feel their current security tools are ineffective at detecting breaches due to limited visibility. These were two of the findings of a recent report from Gigamon that surveyed more than 1000 global security and IT leaders. Modern cybersecurity is about differentiating between acceptable and unacceptable risk,” says Chaim Mazal, CSO at Gigamon. “Our research shows where CISOs are drawing that line, highlighting the critical importance of visibility into all data-in-motion to secure complex hybrid…

The Court of Justice for the European Union (CJEU) has ruled that Meta Platforms, the owner of Facebook, must minimize the amount of people’s data it uses for personalized advertising. “An online social network such as Facebook cannot use all the personal data obtained for the purposes of targeted advertising, without restriction as to time and without distinction as to type of data,” the CJEU said in a ruling last Friday. The ruling comes in response to a complaint made by privacy campaigner Max Schrems, who said he was targeted with adverts aimed at gay people despite never sharing information…

Ten years ago, ransomware actors mainly worked alone or in small groups, targeting home computer users through spam emails to encrypt personal files and demand relatively small amounts of cryptocurrency for their safe return. Today, many ransomware gangs operate like legitimate businesses, boasting hundreds of staff, targeting some of the world’s largest organizations, and collecting millions of dollars in ransom payments. However, some ransomware attackers are beginning to focus on individual users. This is a growing trend. A recent report from Chainalysis found that payments to ransomware gangs under $1000 increased significantly throughout 2022/23, with gangs like Dharma and Djvu…

Interoperability is the lifeblood of the modern healthcare sector. Effective patient care relies on the ability of disparate healthcare systems, devices, and applications to seamlessly access, exchange, and ultimately use data; without interoperability, this would not be possible. A failure of interoperability in a healthcare environment can have enormous consequences, ranging from the financial – such as increased healthcare costs – to the existential – including medication errors that put lives at risk. The Importance of Interoperability in Healthcare Before the introduction of electronic health records (EHR), the healthcare sector was, in many ways, unrecognizable from the one we know…

The past decade has been incredibly important for Security Operations Centers (SOCs). Technological advances, changes in attitudes, and a rapidly evolving threat landscape have completely transformed how SOCs operate, helped analysts and managers overcome many challenges, and kept attackers at bay. Let’s look at how. Automation and Orchestration The first transformative SOC development in the past decade came in the early 2010s when automation and orchestration technologies were integrated. This development coincided with a sharp increase in cyberattack volume and sophistication, prompting cybersecurity professionals to seek a more efficient and proactive approach to security incident management. By integrating automation and…