top of page
Untitled design.png

Weekly INK

Each week we compile an advisory on the latest threats, trends and newsworthy topics from the cyber security industry affecting small and medium enterprises. Join our subscribers below and help us prevent cybersecurity breaches.

watermark4.png

Issue #25 - December 19, 2022

Hack on a Services Firm's Vendor Affects 271,000 Patients

Source: Data Breach Today

Breach Is Latest in Long List of Complex Vendor Incidents. An Oklahoma-based provider of administrative and technology services to healthcare organizations is notifying more than 271,000 individuals that their personal information may have been compromised in a hacking incident involving a third-party data storage vendor.




Clop ransomware group targeting provider-patient trust by infecting medical images

Source: SC Media

The healthcare sector has long been warned they’re not keeping pace with evolving threats, creating an untenable situation resulting in serious impacts. New insights from Hold Security shows Clop ransomware actors are upping the ante, targeting the trusted relationships between providers and patients to deliver their payload.




Fortnite Maker Epic Pays $520M to Settle FTC Allegations

Source: Data Breach Today

Epic Games Settles Accusations It Violated Children's Privacy and Duped Users. The software developer behind tween-favorite video game Fortnite will pay more than half a billion dollars to U.S. federal regulators to settle allegations it violated children's privacy law and duped users and parents into funding unauthorized in-game charges.




Microsoft Vulnerability Upgraded to Critical Due to RCE Risk

Source: Data Breach Today

Code Execution Bug Has Broader Scope Than Flaw Exploited by EternalBlue, IBM Says. Microsoft upgraded a vulnerability first discovered in September to "critical" after IBM Security researchers discovered attackers could exploit the flaw to remotely execute code.




DNS Is Conduit Into Air-Gapped Networks, Say Researchers

Source: Data Breach Today

Attackers Use DNS Tunneling as Command-and-Control Channel, Says Pentera. Air gapping is a tried-and-true strategy for protecting operational technologies that run factories, power plants and a wide range of industrial systems, but even air-gapped networks need domain name resolution. Poorly configured domain name system settings are a potential weakness attackers can exploit to target these critical assets, even if they're supposed to be kept securely apart from the internet.



81 views

Help us Prevent Breaches.

We will never share or sell your information. Unsubscribe at any time.

Email: *

Received.

bottom of page