The cyber attack on an Irish water treatment plant highlights the importance of strong cybersecurity measures to protect critical infrastructure. WordPress releasing a security patch shows the ongoing effort to address vulnerabilities in popular platforms to prevent potential cyber threats.
Greetings and welcome to Cyber Security Today. Monday, December 11, 2023, here we are. I'm Howard Solomon, a contributing cybersecurity reporter for TechNewsday.com and ITWorldCanada.com in the United States.
Due to the use of technology manufactured in Israel, another water treatment plant has been compromised. It took place in Erris, on Ireland's east coast, last week. After the hackers managed to bypass the system firewall and shut down a minor utility, some 180 homes were left without water for two days. I wrote about CyberAv3ngers, an Iranian hacking outfit, last week. They use technology from Israeli companies to target utilities.
December marks the second anniversary since a critical vulnerability in the widely-used Apache Log4j2 open-source library was discovered. What number of apps have been patched since then, then? Not nearly enough, Veracode researchers claim. According to their estimates, 38% of applications in use today are still open to attack. Many of them are still using unpatched versions of Log4j2, which were discontinued in August 2015. What's in the software at your company, do you know?
Following one of its owners' 2021 fallout from a phishing email, Louisiana-based Lafource Medical Group has agreed to pay US$480,000 to the US Department of Health and Human Services. It revealed certain patient health information. According to an inquiry, the organization had neither established a regular routine for reviewing IT system activity logs nor performed a security rule risk analysis before to the occurrence. The medical group agreed to take security precautions to lessen the dangers to electronic patient records in addition to the monetary settlement, as required by federal health legislation.
Eight hospitals in Kentucky and Indiana are operated by Norton Healthcare, which is alerting 2.5 million patients and past and present staff members that a ransomware assault in May may have duplicated their personal information. The hacker gained access to network storage devices.
In other news, the Department of Health and Human Services unveiled a proposed proposal this week to strengthen cybersecurity regulations for US hospitals. The government will release cybersecurity performance targets as part of the strategy, which hospitals should strive for, along with new cybersecurity standards that they must adhere to. In order to finalize the strategy, the department is soliciting feedback.
Starting this week, publicly traded firms are required by new U.S. regulations to notify the Securities and Exchange Commission of material cyber events within four business days. For concerns of public safety or national security, businesses may request a postponement. Small businesses will be granted an additional 180 days to comply.
A data breach has been reported by Atlanta-based cold storage company Americold Logistics to little over 129,000 individuals. stated that it entered their IT system in April. Names, addresses, Social Security numbers, driver's license numbers, and information on health insurance and medical records connected to the job may have been among the stolen data.
Red Roof Inns, a brand of hotels in the United States, has notified over 27,000 individuals that a ransomware attack in September may have compromised their personal information. The information might have contained PINs, passwords, security codes, and credit or debit card numbers.
Independent Living Systems is one of the most recent American companies to claim data losses related to the MOVEit file transfer program attacks. It offers persons insured by specific health insurance controlled long-term treatments and support. Just under 20,000 people have been notified that the company's MOVEit Transfer program was compromised, potentially resulting in the theft of their personal information.
WordPress has released a new security update that addresses a number of issues, including a significant vulnerability. Install this update quickly since some plugins could allow threat actors to take advantage of it. It requires that you are using version 6.4.2.
It is necessary to repair twenty-one newly discovered critical vulnerabilities in Sierra Wireless Airlink cellular routers. That's what Forescout researchers claim. Ninety percent of the routers that Forescout observes that are online do not have the 2019 fixes loaded. Ninety percent of those that reveal a particular management interface are past their prime and cannot be updated. Sierra Wireless routers require changing their default SSL certificates in addition to applying the most recent fixes. This is a technological issue as well as one involving inventory control. Why? Because if administrators are unaware of them, hardware and software cannot be patched. Additionally, they need to understand how to patch equipment like routers.
Lastly, a lot of businesses provide apps stores with conveniences to make your life easier. However, a few of those programs could prompt the download of malicious software. This is particularly crucial, according to researchers at Spin.AI, during the holidays when users can be enticed to download unreliable browser extensions for shopping, news, travel, and conversation. Apps that don't get updates often or that want a lot of rights to access your contacts list and images should raise red flags.
0 Comments