Feds Alert Healthcare, Other Sectors of Growing Hive Threats
Source: Data Breach Today
CISA, FBI and HHS Provide Lists of Latest IoCs and TTPs Identified. U.S. federal authorities are warning critical infrastructure sectors including healthcare to be on the lookout for indicators of Hive ransomware. As of this month, Hive actors - who follow a Ransomware-as-a-Service model - have hit more than 1,300 companies worldwide, collecting about $100 million in ransom payments, says a Thursday joint alert from the Cybersecurity and Infrastructure Security Agency, the FBI and the Department of Health and Human Services.
Insider threats accounted for more than a third of unauthorized access incidents in Q3
Source: SC Media
The pandemic saw a great number of employees seeking new opportunities as the workforce shifted to remote and hybrid models. The threat of insider risk, however, also increased along with the so-called “Great Resignation” of 2021 and 2022. According to a report by security risk management firm Kroll, insider threats peaked to its highest quarterly level to date in Q3 of 2022, accounting for nearly 35% of all unauthorized access threat incidents.
Many financial institutions say their own IT staffs pose the biggest risk to cloud security
Source: SC Media
Netwrix on Tuesday reported that 44% of financial institutions responding to its cloud security survey say their own IT staffs pose the biggest risk to data security in the cloud. A follow-on to a report released earlier this year, this deep dive into the financial sector also found that 32% of financial organizations experienced accidental data leakage compared to the average of 25% in other verticals.
Twitter Two-Factor Authentication Has a Vulnerability
Source: Info Risk Today
Security researchers warn that multifactor authentication on Twitter contains a vulnerability allowing potential account takeover. A researcher contacted Information Security Media Group on condition of anonymity to reveal that texting "STOP" to the Twitter verification service results in the service turning off SMS two-factor authentication.
Seven deadly sins hiding in the company’s attack surface
Source: SC Media
Much like the world has changed around us, an organization’s attack surface looks different today than it did in the past. Organizational attack surfaces were once well-defined and internally-focused on each organization’s physical network. Digital transformation, innovation, and the passing of time have changed this. Today, interactions between employees, customers, stakeholders, and the organization are taking place online via web-based SaaS apps and cloud services.