Strengthening cyber resilience: Introducing Internal Attack Surface Management (IASM) for Sophos Managed Risk
Enhanced vulnerability management delivered as a managed service.
Similar Posts
Computers containing thousands of patients’ records stolen from Belfast hospital
Bys sDeborah McAleese reports: Twenty-eight computers containing the records of thousands of patients have been stolen from a Belfast Hospital, UTV can reveal. The computers were being used to train staff on the new encompass system, a digital healthcare record that is being rolled out across all health trusts. Belfast Health Trust said the missing appliances…
China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure
Bys sA threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based on tactical overlaps with other campaigns mounted…
Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack
Bys sCybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system’s primary disk and render it unbootable. The names of the packages are listed below – github[.]com/truthfulpharm/prototransform github[.]com/blankloggia/go-mcp github[.]com/steelpoor/tlsproxy “Despite appearing legitimate,
$19M in Settlements Underscore Cybersecurity Risks for TPAs and Insurers
Bys sSteven L. Imber, Justin T. Liby, Jennifer L. Osborn, Zachary R. Dyer, and Pavel (Pasha) A. Sternberg of Polsinelli PC write: In two separate but related actions, third party administrators (TPAs) and their insurance business partners agreed to substantial settlements to resolve allegations that they failed to adequately safeguard sensitive data from cyberattacks. In the……
RIBridges firewall worked. But forensic report says hundreds of alarms went unnoticed by Deloitte.
Bys sAlexander Castro reports: A cybercriminal group breached the state’s public benefits portal last July, lingered inside the network’s backend for five months, and triggered hundreds of firewall alerts when it transferred gigabytes of Rhode Islanders’ data to its own servers in November. But RIBridges system vendor and manager Deloitte, a multinational firm valued at $67.2 billion last…
Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders
Bys sCybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that’s designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens. The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency…