Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The digital transformation of healthcare, involving patients, staff, doctors, and technology, presents significant challenges to security teams in terms of skills and capacity. This challenge can be seen in the U.S. Department of Health and Human Services' Office for Civil Rights which reported 609 data breaches with more than 500 records being compromised in 2021.

Researchers at BlueVoyant warn that attackers are increasingly adding an extra step to their phishing campaigns, impersonating third-parties to lend credibility to the scams. “Third-party phishing sites…will include some characteristics of the original flow, with an added step – the initial impersonation that establishes credibility to the end user is a service that is not connected to the targeted organization,” the researchers write.

It all started with a statement from the US Securities and Exchange Commission’s (SEC) Jaime Lizárraga. The commissioner revealed that a staggering 83% of companies suffered from multiple data breaches last year, with an average expense of $9.44 million in the United States— a dramatic increase of 600% over the past ten years.

In today's digital age, data is businesses' and individuals' lifeblood. Thus, ensuring the security of sensitive information is of paramount importance. While online cloud storage services have increased in popularity, there are times when you have no choice but to bring your own device. Backup, collaboration, compliance, etc., are some instances where you can apply physical data transportation.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Any Citrix users out there? Think you need to patch. Now….

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted to adopt new cybersecurity requirements for publicly traded companies. These regulations create new obligations for reporting material cybersecurity incidents and disclosing critical information related to cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

Trustwave SpiderLabs discovered a new version of the Rilide Stealer extension targeting Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera. This malware uses a creative way to work around the Chrome Extension Manifest V3 from Google which is aimed at blocking the installation of malicious extensions for chromium browsers.

More than 67% of internet users in the US remain blissfully unaware of online privacy and data protection regulations. At the same time, the global average cost of data breaches and cyber-attacks has increased by 15% since 2020 to $4.45 million. In fact, compromised credentials and personal information are responsible for nearly 20% of nearly 1.4 billion security incidents during this period.

We’re excited to share that Forrester has named CrowdStrike a Leader in The Forrester Wave™: External Threat Intelligence Services Providers, Q3 2023. CrowdStrike received the highest ranking of all vendors in the Current Offering category, with the highest score possible in 16 criteria, surpassing all other vendors evaluated in the report.

In geopolitical – or even gang warfare, there are usually pretty clear sides. You have two opposing groups and their allies, a dispute, and skirmishes or battles. It’s Team A versus Team B. When it comes to cyber warfare, though, people don’t really have a “face” or specific group to associate with malicious activity. How can you defend against an enemy you don’t understand? Who are these people? What do they want? Why would they come after you?