In this week’s Cyber Security Brief, we discuss the various cyber security concerns facing the healthcare sector. Ransomware attacks are now one of the biggest challenges facing organizations in the healthcare industry, while data breaches also remain a major concern. Meanwhile, developments in medtech and the increased connectivity of hospitals and other healthcare organizations pose new challenges for practitioners and patients. We discuss the main threats facing the sector, and the steps you can take to keep your organization safe.
In this week’s edition of the Cyber Security Brief, Brigid O’Gorman, Candid Wueest and Dick O’Brien discuss the U.S. Department of Defense’s new cyber security framework for its contractors, how easy it was for a performance artist in Germany to cause a fake traffic jam on Google Maps, and the way the coronavirus outbreak is being exploited by cyber scammers. Also this week, Google halves its Chrome patch gap, Microsoft Teams gets knocked offline, and how bugs in Microsoft Azure could have allowed cloud servers to be hacked.
In this week’s Cyber Security Brief, Candid Wueest and Brigid O’Gorman bring you a round-up of the biggest cyber security news stories of the last week. We discuss the Shlayer malware, the publication of exploits for a vulnerability in Windows Remote Desktop Gateway, and how attackers may be able to eavesdrop on your conference calls. Also this week, there were a whole slew of news stories about ransomware, so we discuss some of those as well.
On this week’s Cyber Security Brief, we discuss a timely issue – the importance of patching software vulnerabilities and the necessity for organizations to have good patch management. We decided to cover this topic as it is something that has been much in the news recently: CVE-2020-0601, a vulnerability in Microsoft’s Windows CryptoAPI, that was reported to the software giant by the NSA and was described as “severe” by the security agency, has made many headlines in the last week. Vulnerabilities in software from Citrix, and in Pulse Secure VPN servers, which were first revealed in December and April 2019, respectively, were also in the news in the last week or so. The vulnerabilities in the Pulse VPN servers were patched back in April - but despite this they are suspected of having been exploited in several cyber attacks since then, demonstrating that patches are not always being applied in a timely fashion. We discuss why that might be, and a variety of other issues, in this podcast.
On this week’s Cyber Security Brief, we discuss “living off the land”, where attackers use legitimate tools on your device or network for malicious purposes. Dick O’Brien is joined by Candid Wueest, who wrote a whitepaper on this very topic just before the holidays, to discuss the tools that are most commonly exploited by attackers using living off the land techniques, the prevalence of this kind of activity, and what organizations can do to protect themselves. As well as this, we give an overview of CVE-2020-0601, the vulnerability in the Windows CryptoAPI that was patched by Microsoft on Tuesday.