Chinese threat actors are continuing to persist after exploiting the recent Ivanti Connect Secure VPN vulnerability even after factory resets, system upgrades and patches. The threat actor, UNC5325, is adept at "living off the land" techniques, warned threat intelligence firm Mandiant.
Healthcare industry groups are urging their members to take certain precautionary actions in the wake of the attack last week on Change Healthcare, a unit of Optum. The advisories come as some researchers say the incident appears to involve exploitation of flaws in ConnectWise's ScreenConnect tool.
Pharmacies at U.S. military hospitals and clinics worldwide are among the entities affected by the cyberattack on Optum's Change Healthcare this week, which has forced the IT services company to take many of its applications offline. Change Healthcare disconnected its IT systems on Wednesday.
Change Healthcare - a unit of Optum that provides IT services and applications to hundreds of U.S. pharmacies, payers and healthcare providers - is dealing with a cyber incident that has forced the company to take its applications offline enterprisewide. The company said is triaging the situation.
The National Institute of Standards and Technology issued new guidelines to help software developers integrate software supply chain security into every phase of the software development life cycle as experts say organizations are seeking comprehensive guidance on how to accomplish federal mandates.
When a hospital or clinic is hit with a cyberattack, it often seems as if the electronic health record systems just can't win. Even if the EHR system is not the prime target of the attack, it's still frequently taken off line as the organization responds to the incident. What should entities do?
Bank of America is notifying more than 57,000 customers that their information, including Social Security numbers, was potentially compromised in a hacking incident last November at Atlanta, Georgia-based insurance software firm InfoSys McCamish. BoA says none of its systems were affected.
Beyond the hype, AI is transforming cybersecurity by automating threat detection, streamlining incident response and predicting attacker behaviors. Organizations are increasingly deploying AI to protect their data, stay ahead of cybercriminals and build more resilient security systems.
In this videocast interview, Theo Zafirakos, CISO, Terranova Security, provides expert analysis of the "Securing Your Third-Party Supply Chain in 2024 Survey" results, including a deep dive into the core conclusions, including the core detriments of poor visibility of cybersecurity awareness, and how to better...
Welcome to the report summarizing the survey, "Securing Your
Third-Party Supply Chain Through Security Awareness."
In late fall 2023, Information Security Media Group partnered with Forta's Terranova Security and surveyed over 100
senior cybersecurity professionals to identify:
The top organizational challenges in...
This white paper provides step-by-step instructions for maturing your third-party risk program by implementing cybersecurity risk management.
TPRM and cybersecurity are closely related: third parties are the greatest risk to cybersecurity, and cybersecurity is the most critical third-party risk domain. By mapping...
Vendors are a fact of the modern workplace, but they can bring serious security risk to your organization. To secure your organization, it is necessary to keep tabs on the risk posed by your suppliers, third parties and vendors. Thorough due diligence can significantly minimize the chance that your organization...
This white paper covers the key TPRM metric your team needs to track its effectiveness over time, the processes for gathering these metrics and tips for building a business case for your program.
Third-party risk management (TPRM) teams often have to justify the cost of their programs to executive leadership,...
The escalating adoption of generative AI has introduced concerns regarding data privacy, fake data and bias amplification. Ashley Casovan, managing director of the IAPP AI Governance Center, discusses the need to develop governance models and standardize AI systems.
Remote desktop application provider AnyDesk acknowledged that hackers recently had gained unauthorized access to the company's production systems in a cyberattack. The firm said it has revoked all security-related certificates as a precaution and is rolling out a new code-signing certificate.