Hack on a Services Firm's Vendor Affects 271,000 Patients
Source: Data Breach Today
Breach Is Latest in Long List of Complex Vendor Incidents. An Oklahoma-based provider of administrative and technology services to healthcare organizations is notifying more than 271,000 individuals that their personal information may have been compromised in a hacking incident involving a third-party data storage vendor.
Clop ransomware group targeting provider-patient trust by infecting medical images
Source: SC Media
The healthcare sector has long been warned they’re not keeping pace with evolving threats, creating an untenable situation resulting in serious impacts. New insights from Hold Security shows Clop ransomware actors are upping the ante, targeting the trusted relationships between providers and patients to deliver their payload.
Fortnite Maker Epic Pays $520M to Settle FTC Allegations
Source: Data Breach Today
Epic Games Settles Accusations It Violated Children's Privacy and Duped Users. The software developer behind tween-favorite video game Fortnite will pay more than half a billion dollars to U.S. federal regulators to settle allegations it violated children's privacy law and duped users and parents into funding unauthorized in-game charges.
Microsoft Vulnerability Upgraded to Critical Due to RCE Risk
Source: Data Breach Today
Code Execution Bug Has Broader Scope Than Flaw Exploited by EternalBlue, IBM Says. Microsoft upgraded a vulnerability first discovered in September to "critical" after IBM Security researchers discovered attackers could exploit the flaw to remotely execute code.
DNS Is Conduit Into Air-Gapped Networks, Say Researchers
Source: Data Breach Today
Attackers Use DNS Tunneling as Command-and-Control Channel, Says Pentera. Air gapping is a tried-and-true strategy for protecting operational technologies that run factories, power plants and a wide range of industrial systems, but even air-gapped networks need domain name resolution. Poorly configured domain name system settings are a potential weakness attackers can exploit to target these critical assets, even if they're supposed to be kept securely apart from the internet.
Comments