Ransomware Reshapes Health Care Security Landscape

From securityboulevard.com

health care CISO Talk - Healthcare and Cyber - cybersecurity - cyber threats - cyberattack

A sharp rise in ransomware is buffeting the health care sector and forcing IT security professionals to reevaluate how they tackle the threat.

More than a third of health care organizations were hit by ransomware in the last year, according to a Sophos survey of 328 representatives from the health care sector.

Of those hit by ransomware in the last year, 65% said the cybercriminals succeeded in encrypting their data in the most significant attack. Just over a third (34%) of those whose data was encrypted paid the ransom to get their data back in the most significant ransomware attack.

Read more…

Criminals are mailing hacked Ledger devices to steal cryptocurrency

From bleepingcomputer.com

Ledger

Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach that are used to steal cryptocurrency wallets.

Ledger has been a popular target by scammers lately with rising cryptocurrency prices and the popularity of hardware wallets to secure cryptofunds.

In a post on Reddit, a Ledger user shared a devious scam after receiving what looks like a Ledger Nano X device in the mail.

Read more…

Elcomsoft System Recovery Simplifies Digital Field Triage and In-Field Investigations

From blog.elcomsoft.com

Elcomsoft System Recovery is a perfect tool for digital field triage, enabling safer and more secure in-field investigations of live computers by booting from a dedicated USB media instead of using the installed OS. The recent update added a host of features to the already great tool, making it easier to examine the file system and extract passwords from the target computer.

Read more…

Researchers Uncover ‘Process Ghosting’ — A New Malware Evasion Technique

From thehackernews.com

Malware Evasion Technique

Cybersecurity researchers have disclosed a new executable image tampering attack dubbed “Process Ghosting” that could be potentially abused by an attacker to circumvent protections and stealthily run malicious code on a Windows system.

“With this technique, an attacker can write a piece of malware to disk in such a way that it’s difficult to scan or delete it — and where it then executes the deleted malware as though it were a regular file on disk,” Elastic Security researcher Gabriel Landau said. “This technique does not involve code injection, Process Hollowing, or Transactional NTFS (TxF).”

Read more…

403Fuzzer : Fuzz 403/401Ing Endpoints For Bypasses

From kalilinuxtutorials.com

403Fuzzer : Fuzz 403/401Ing Endpoints For Bypasses

403Fuzzer will check the endpoint with a couple of headers such as X-Forwarded-For

It will also apply different payloads typically used in dir traversals, path normalization etc. to each endpoint on the path.

e.g. /%2e/test/test2 /test/%2e/test2 /test;/test2/

Read more…

What’s up with WhatsApp’s cyberstalking problem?

From itproportal.com

security

Cyberstalking is the specific use of electronics (usually the internet) to control, track, and spy on another person, group of people or even companies. Whilst it may seem like a relatively recent phenomenon the term can be traced back to the nineties. Cyberstalking is hugely prevalent, with a study in the United States from 2009 showing that one in four stalking victims had also been cyberstalked as well. 

Read more…

Strengthen Your Password Policy With GDPR Compliance

From thehackernews.com

GDPR compliance

A solid password policy is the first line of defense for your corporate network. Protecting your systems from unauthorized users may sound easy on the surface, but it can actually be quite complicated. You have to balance password security with usability, while also following various regulatory requirements.

Companies in the EU must have password policies that are compliant with the General Data Protection Regulation (GDPR). Even if your company isn’t based in the EU, these requirements apply if you have employees or customers residing in the EU or customers purchasing there.

In this post, we will look at GDPR requirements for passwords and provide practical tips on how to design your password policy. Remember, even if GDPR isn’t required for you now, the fundamentals of a data protection regulation plan can help strengthen your organization’s security.

Read more…