Cybercriminals may have accessed the protected health information (PHI) of hundreds of thousands of patients of a network of community health centers based in California.  Nonprofit Community Medical Centers (CMC) primarily serve low-income patients…

The industrial cybersecurity firm released a new report, titled "Global Electrics Cyber Threat Perspective," which draws further attention to the increasingly dangerous cyber threat landscape that is being faced by the global electric utility sector. The…

Researchers at the University of Michigan have automated a technique called formal verification, which is a step towards ensuring the safety, security, and proper functioning of protocols implemented to dictate how networked services operate. The system…

Developers using the Rust programming language in a project are advised to check for differences between reviewed code and the compiled code that has been output. The Rust Security Response Working Group (WG) has brought attention to a security…

Security researchers at Symantec have discovered a new data exfiltration tool designed to accelerate information theft for ransomware groups using the BlackMatter variant.  Dubbed “Exmatter,” the tool is designed to steal specific file types from…

Researchers from the Identity Theft Resource Center (ITRC) conducted a new study and found that over half (58%) of US small businesses have suffered a security or data breach.  Of those hit by a breach, three-quarters experienced at least two, and a…

According to Europol, 12 individuals believed to be connected to ransomware attacks against over 1,800 victims in 71 countries have been arrested. The law enforcement report revealed that the actors launched ransomware strains, including LockerGoga,…

The North Korea-backed Advanced Persistent Threat (APT) group Lazarus is now using improved malware variants. Lazarus is known for conducting state-sponsored cyberespionage. The Lazarus group's latest supply chain attack campaigns have been found…

The FBI recently issued a report on the Indicators of Compromise (IOCs) for the Ranzy Locker ransomware, which has been targeting businesses in the US since late 2020. By July 2021, Ranzy Locker ransomware compromised over 30 victims in the information…

Security researchers at Website Planet have found an unsecured database leaking over 886 million sensitive patient records online.  The non-password-protected data trove was traced to healthcare AI firm Deep 6 AI, which fixed the privacy snafu…

The University of Colorado Boulder (CU Boulder)  is notifying thousands of former and current students that their personal information may have been compromised during a recent data breach.  The breach was attributed to an unpatched…

SoS Musings #54 - The Role of Psychology in Cybersecurity