Resources

Resources

Russian Sandworm Hacking Team Expands Reach

Posted by on May 14, 2024 in Banking, Blog | 0 comments

Russian Cyber Sabotage Unit Sandworm Adopting Advanced Techniques Mandiant newly designated the Russian military intelligence hacking team known as Sandworm as APT44. Russia’s preeminent cyber sabotage unit presents “one of the widest and high severity cyber threats globally” due to its advanced capabilities and successes in disrupting global critical infrastructure sectors, a new report warns. Sandworm is the cyberwarfare division of Russia’s military intelligence service. It’s a “flexible instrument of power...

read more

HHS OCR Plans to Resurrect Random HIPAA Audits

Posted by on May 14, 2024 in Blog, Healthcare | 0 comments

As U.S. federal regulators fine-tune a strategy to push the healthcare sector into strengthening its cybersecurity posture, they are revisiting a HIPAA compliance audit program that’s been dormant since 2017. A new round of HIPAA audits for regulated entities is in the works. The Department of Health and Human Services recently published a notice saying that its Office for Civil Rights would be pulling the trigger soon on a study to assess its HIPAA compliance audit program, last used in 2017. HHS OCR officials on Wednesday confirmed that...

read more

Banking Trojan Harvests Facial Biometrics for AI Deepfakes

Posted by on May 14, 2024 in Banking, Blog | 0 comments

GoldPickaxe Malware Can Record User’s Face, Gather Video Used in Deepfake Crimes A Chinese-speaking cybercrime group, identified as GoldFactory, is expanding the functionality and reach of its advanced banking Trojans. These Trojans are now collecting and stealing biometric data. Cybersecurity firm Group-IB recently released a report saying that GoldFactory has developed a new Trojan, dubbed GoldPickaxe, that comes in Android and iOS variants designed to harvest personal information, including biometric face profiles, from mobile devices....

read more

HHS Details New Cyber Performance Goals for Health Sector

Posted by on May 14, 2024 in Blog, Healthcare | 0 comments

‘Essential’ and ‘Enhanced’ Best Practices Will Influence Upcoming Rule-Making The Department of Health and Human Services has released guidance that spells out voluntary cybersecurity performance goals for the healthcare sector. The new 13-page Cybersecurity Performance Goals document, recently released by HHS’ Administration for Strategic Preparedness and Response, details both essential goals “to outline minimum foundational practices” for cybersecurity performance and enhanced goals “to...

read more

2023 Saw a Number of High-Profile Breaches

Posted by on January 11, 2024 in Banking, Blog, Healthcare | 0 comments

We hope that you had a successful 2023. Looking back, 2023 saw a number of high-profile breaches as criminals and nation-state-supported hackers both created new methods of attacking and took advantage of existing vulnerabilities. Looking to 2024, here are a few things that we think are worth keeping an eye on moving forward. Phishing NOW WITH AI Phishing continues to be a persistent and lucrative attack vector for criminals and state- sanctioned hackers. The rise in generative AI makes it easier and cheaper to iterate messages and tactics in...

read more

Okta Says Hacker Stole Every Customer Support User’s Details

Posted by on December 1, 2023 in Banking, Blog | 0 comments

Beware of Phishing and Social Engineering Attacks Targeting Passwords, Vendor Warns Okta, the identity and authentication giant, said the attacker behind its September data breach stole more information than it first discovered. That includes details for all users of its primary customer support system. They first publicly confirmed the breach on Nov. 3, warning that attackers had gained access to its customer support management system and stolen sensitive information uploaded by 134 customers. An updated data breach notification released...

read more

Feds Levy First-Ever HIPAA Fine for Ransomware Data Breach

Posted by on November 28, 2023 in Blog, Healthcare | 0 comments

Massachusetts Management Firm to Pay $100,000, Monitor HIPAA Compliance for 3 Years A Massachusetts-based medical management firm holds the dubious honor of being the first ransomware victim fined for a data breach by the Department of Health and Human Services. Doctor Management Group agreed to a $100,000 financial settlement and three years of HIPAA compliance monitoring and corrective actions following an investigation into a 2019 ransomware breach affecting nearly 206,700 individuals. The Department of Health and Human Services’...

read more

Phishing Accounts for More than Half of Cybercrime

Posted by on October 31, 2023 in Banking, Blog, General, Healthcare | 0 comments

Cybercrime is an ever-evolving field. Technology evolves to allow new tactics or new scales for criminals, as well as giving firms new tools to combat fraud and theft. Due to the fact that it’s ever-evolving, sometimes it can be difficult to see vast changes that occur over time. Over the last 5 years, there have been significant changes to the landscape of cybercrime. Not just in the increases in scale but also significant changes in the types of crime committed. This chart from Statista makes clear just how much has changed since 2017....

read more

MOVEit Health Data Breach Tally Keeps Growing

Posted by on October 31, 2023 in Blog, Healthcare | 0 comments

More Hacks Compromising Protected Health Info Being Reported to Regulators Healthcare organizations are adding millions to the tally of individuals affected by the Memorial Day weekend hack of the MOVEit file transfer application by Russian-speaking hackers. In recent days, the U.S. Department of Health and Human Services’ Office for Civil Rights has posted several more reports submitted by entities involving MOVEit breaches. An estimated 748 organizations have been affected by MOVEit hacks instigated by the Clop criminal group, which...

read more

Will FedNow Truly Rewire the US Payments Landscape?

Posted by on October 31, 2023 in Banking, Blog | 0 comments

Fraud, Security, Implementation Hurdles With Fast Payment Program The new FedNow service has been hyped as a way to revolutionize the U.S. approach to payments, thanks to the Federal Reserve’s perception as a stable payments network provider and its access to a built-in customer base of thousands of national, regional and community financial institutions. The large volume of banks with access to an instant payments network may lead to a significant acceleration in faster payment adoption. Challenges Ahead? Large-scale adoption of FedNow...

read more