This guide was created by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) to outline phishing techniques malicious actors commonly use and to provide guidance for both network defenders and software manufacturers. Phishing Guidance: Stopping the Attack Cycle at Phase…
Month: October 2023
Another plastic surgery practice appears to have been hit — this time by Hunters International (5)
On October 17, the FBI issued a Public Service Announcement, Cybercriminals are Targeting Plastic Surgery Offices and Patients. Five days later, DataBreaches learned that there had been another attack on a plastic surgery practice where patient data had allegedly been stolen and is in danger of being leaked publicly. It would not be surprising if…
The digital battlefront amid Israel-Hamas war includes hospitals
i24News reports a surge in anti-Israel cyberattacks, including targeting critical entities such as hospitals: Notably, around 40 to 50 different groups have claimed responsibility for approximately 400 cyber attacks against Israeli targets. The cyber conflict has also drawn in ‘hacktivists’ from countries such as Iran and Russia. Messing notes, that in the past few days…
Top US Cyber Agency Pushing Toward First Hack Reporting Rule
Skye Witley reports: A new US notification requirement for victims of malicious hacks could push in-house counsel to disclose cyberattacks when faced with ransomware and other network compromises. Among the first-ever cyber regulations to be enforced by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the top US cyber authority, the proposed rules…
‘Data security event’ in city’s email system may have exposed health information, Philly officials say
Nick Vadala reports: A potential data breach in the City of Philadelphia’s email system earlier this year may have exposed protected health information for an unspecified number of people. Read more at The Philadelphia Inquirer. It is not clear from what the city has disclosed why it took them almost 5 months from initial discovery…
Hackers Stole Access Tokens from Okta’s Support Unit
Brian Krebs reports: Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a “very small number” of customers, however it appears the hackers responsible had access…