It is critical for medical device manufacturers to take a threat modeling approach early in a product's design stage, say MITRE medical device cybersecurity experts Margie Zuk and Penny Chase, co-authors of the recently released Playbook for Threat Modeling Medical Devices commissioned by the FDA.
Healthcare sector entities increasingly need to implement a zero trust approach with their security, says federal adviser Erik Decker, CISO of Intermountain Healthcare. Zero trust, he says, integrates "a lot of different architecture and systems … that have to work in concert with each other."
Hacking group MuddyWater, linked to the Iranian Ministry of Intelligence and Security, is targeting Turkey and the Arabian Peninsula to conduct espionage and intellectual property theft and to deploy ransomware and destructive malware. The campaign uses malicious documents to deploy RATs on systems.
Despite the drumbeat that began about a decade ago for healthcare entities to bolster their identity and access management, it is still an "incredibly weak" area for many, Lee Kim of HIMSS says. She discusses the effects of cyberattack trends and the Ukraine-Russia War on healthcare organizations.
Cybersecurity in Russia right now is complicated, owing to reprisals over its Ukraine invasion, leading to Russia launching its own root certificate to keep sites online; facing down "Russians only" RURansom wiper malware; and Avast being the latest business to suspend all operations in the country.
With Ukraine having called on the world to join its "IT Army" and help it hack Russia and ally Belarus, what could possibly go wrong? For starters, launching distributed denial-of-service attacks - at least from outside Ukraine - remains illegal and risks triggering an escalation by Moscow.
A right remediation process is key to responding to ransomware attacks, says Murali Urs, solution sales manager for security at ServiceNow. He discusses the challenges of data loss prevention, how DLP has evolved and how to prevent ransomware attacks.
Building an effective vulnerability management program requires assessing your inventory to identify the critical, vulnerable, external- and internal-facing applications and applying internal controls to secure them, says John Sandiford, principal security architect at Verizon.
Federal authorities are warning about seven vulnerabilities affecting a software agent used to remotely manage an array of medical devices and other connected gear. If exploited, the vulnerabilities could enable hackers to gain full control of the affected devices or alter their configurations.
Google will buy cybersecurity firm Mandiant for $5.4 billion, an acquisition Google says will give it new capabilities to respond to cybersecurity threats and bolster its cloud platform. Mandiant will be folded into Google's Cloud Platform.
As Western cybersecurity officials warn that Russia's Ukraine invasion poses an elevated cybersecurity risk to all, kudos to Cloudflare, CrowdStrike and Ping Identity for offering free endpoint security and other defenses to the healthcare sector and power sectors, for at least four months.
As Russia's ground invasion and air assault against Ukraine continues, so too do online attacks being launched against Ukrainian targets. A Ukrainian cybersecurity official says his country is fighting the first-ever "hybrid war" that bridges both the physical and online realms.
A newly revealed flaw in the Linux kernel dubbed "Dirty Pipe" could potentially allow attackers to take complete control over a device, read private messages and gain admin-level privileges. The Linux Foundation has patched the flaw.
Guidance from the Healthcare Sector Coordinating Council provides healthcare delivery organizations and vendors with recommendations for including cybersecurity in contracts pertaining to the procurement of medical device products and related services.
Russia's National Coordination Center for Computer Incidents has published a list of 17,576 IP addresses and 166 domains that it says are targeting the country's information resources via distributed denial-of-service attacks. It also published a 20-point list of remediation measures.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.