In the cybersecurity world, testing for the existence of exploitable vulnerabilities isn’t always an exact science. Checking for open ports (CIS Control 9 - Limitation and Control of Network Ports, Protocols and Services) sounds simple enough, but the reality is a long way off.

Nearly all organizations, regardless of size, struggle with configuration management and change control. The need to review and approve changes in advance of making them, to formulate impact analysis, testing procedures and contingency plans all serves to slow things down. It’s no wonder most IT professionals acknowledge the potential benefits of Change Control, but simply do nothing about it.

New research from Forescout found that healthcare organizations are increasingly at risk from legacy platforms, device complexity, and the use of frequently exploited protocols. Forescout analyzed 75 healthcare deployments running over 1.5 million devices across 10,000 VLANs (virtual local area networks).

Equifax has incurred losses of over $1.35bn so far following the devasting 2017 data breach involving the breach of 145 million customers personal financial data. In the attack, hackers exploited a known security vulnerability that Equifax had left unpatched and compromised the personal and financial details of more than half of all Americans and millions on UK consumers. The known Apache Struts 2 flaw which caused this breach was left unpatched for over 2 months after a patch was issued.

It’s been two years since the initial WannaCry ransomware outbreak, but researchers are warning that hundreds of thousands of incidents are still being detected globally. New research from Malwarebytes claims more than 4,826,682 WannaCry detections have been identified since its first outbreak in May 2017. These detections have decreased substantially since first wreaking havoc, but have far from disappeared.

Canada's fourth largest mobile network operator, Freedom Mobile, announced this week that they have suffered a data breach through a third party service provider. vpnMentor disclosed on Tuesday that its researchers had identified an unprotected database containing information on Freedom Mobile customers, including email addresses, phone numbers, addresses, birth dates, IP addresses, credit scores, unencrypted payment card data with CVV codes, and account details.

MegaCortex is described by security researchers as a new, highly targeted ransomware variant that contains numerous references to the '90s cult film The Matrix. The ransomware was first discovered at the beginning of 2019 but of the 76 reported attacks, 47 took place last week across the US, Italy, Canada, France, the Netherlands, and Ireland.