The Imperative for Robust Security Design in the Health Industry

It is imperative that healthcare and health-tech companies move beyond reactive measures and adopt a proactive stance in safeguarding sensitive patient information.


https://www.darkreading.com/cyberattacks...h-industry

FritzFrog Botnet Exploits Log4Shell on Overlooked Internal Hosts

Everyone knows to patch vulnerabilities for Internet-facing assets, but what about internal ones? One botnet is counting on your complacency.


https://www.darkreading.com/threat-intel...rnal-hosts

China Infiltrates US Critical Infrastructure in Ramp-up to Conflict

Threat actors linked to the People's Republic of China, such as Volt Typhoon, continue to "pre-position" themselves in the critical infrastructure of the United States, according to military and law enforcement officials.


https://www.darkreading.com/cyberattacks...p-conflict

Ukraine Military Targeted With Russian APT PowerShell Attack

The attack, associated with Shuckworm, employs TTPs observed in prior campaigns against the Ukrainian military, predominantly using PowerShell.


https://www.darkreading.com/cyberattacks...ell-attack

CISA Orders Ivanti VPN Appliances Disconnected: What to Do

US federal agencies have to disconnect, rebuild, and reconfigure all Ivanti Connect Secure and Policy Secure VPN appliances. This Tech Tip lists all the steps that need to happen.


https://www.darkreading.com/vulnerabilit...what-to-do

Microsoft is bringing the Linux sudo command to Windows Server


Microsoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications. [...]


https://www.bleepingcomputer.com/news/mi...ws-server/

Newest Ivanti SSRF zero-day now under mass exploitation


An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers. [...]


https://www.bleepingcomputer.com/news/se...loitation/

HPE investigates new breach after data for sale on hacking forum

Hewlett Packard Enterprise (HPE) is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information. [...]


https://www.bleepingcomputer.com/news/se...ing-forum/

Managing Identity Across Clouds Critical to Enterprise Security

Privileged access management (PAM) is notoriously difficult to deploy, and companies' increasing use of cloud has made it even more complex.


https://www.darkreading.com/identity-acc...l-security

Johnson Controls Ransomware Cleanup Costs Top $27M & Counting

JCI's latest SEC filing notes that its smart-factory installations weren't compromised, allaying physical security fears.


https://www.darkreading.com/ics-ot-secur...-costs-27m