Cybersecurity Headlines

A record-breaking data breach at Change Healthcare has put over 100 million people at risk, marking a dark milestone in U.S. cybersecurity. Authorities are probing telecom hacks linked to Chinese state-sponsored actors, posing serious threats. Meanwhile, Delta Airlines has turned the tables and is suing CrowdStrike after a massive system outage disrupted flights worldwide. The discussion also highlights evolving cyber threats, including new crypto mining attacks and Apple's initiative to bolster community engagement in cybersecurity.

Dmitriy Sokolovskiy, Senior Vice President of Information Security at SEMrush, sheds light on critical cybersecurity concerns this week. He discusses hefty SEC fines related to SolarWinds and the urgent need for employee awareness in security practices. The conversation dives into Microsoft's recent security logs loss and the rising threats of sophisticated email spamming, enhanced by AI. Sokolovskiy also stresses the importance of thorough evaluation of mobile applications and minimizing human error, advocating for secure alternatives to traditional authentication.

Discover the rise of the Qilin ransomware variant, especially its impact on the healthcare sector. Learn about a newly flagged Microsoft SharePoint vulnerability that's got everyone talking. The episode also dives into the significant ransomware attack on Easterseals, highlighting the real threats organizations face today. Additionally, find out why boosting employee training and identity management is critical to fend off phishing attacks, plus a sneak peek into a recent hacking contest.

CISA is pushing for stricter personal data security measures, addressing the urgency of protecting sensitive information. A critical zero-day vulnerability in Fortinet's API has raised alarms due to its active exploitation. The UK is seeing a shift with Cyber Essentials certification, enhancing awareness of cyber risks among organizations. Meanwhile, ransomware threats are evolving, with stolen session cookies becoming a top entry point for attacks. Lastly, a high-profile UK court case shines a light on spyware issues, while Google improves spam defenses.

Four companies face fines for failing to disclose SolarWinds breaches. Zendesk steps in to assist the Internet Archive following a hacker attack on their email system. A serious zero-day vulnerability in Samsung processors is currently under active exploitation. Research reveals that one in five people were infected with infostealer malware last year, which can lead to ransomware attacks. Organizations equipped with visibility into stolen identity data can better guard against these escalating threats.

U.S. companies may soon face strict rules preventing the sale of sensitive data. Recent breaches include a major hack involving Cisco and a ransomware attack affecting Nidec, which exposed over 50,000 documents. Infostealer malware is rising, often leading to more dangerous ransomware attacks. Alarmingly, 75% of organizations faced ransomware incidents repeatedly last year. Plus, insights on the Chinese hacking group APT41 reveal their sophisticated tactics targeting the gambling industry. Stay alert for vulnerabilities in laptops and software, as risks are ever-present.

Microsoft recently revealed that it lost security logs for some customers, raising concerns about data protection. A significant breach at Omni Family Health has affected nearly half a million people. The Internet Archive faces breaches due to stolen access tokens. Additionally, infostealers are now a major contributor to ransomware risks, highlighting the growing threat landscape. Recent trends show North Korean IT workers leveraging deceptive tactics for cybercrime. The podcast dives deep into these critical issues affecting online security.

In this discussion, Steve Person, CISO at Cambia Health, shares his expertise on cybersecurity in the healthcare sector. He delves into the rising threats from ransomware and the need for resilience against cybercrime. The conversation highlights the innovative use of PassKeys among Amazon customers to reduce risks like phishing. Steve also addresses the alarming deepfake scams in Hong Kong and emphasizes the importance of education and community engagement in enhancing cybersecurity practices.

A major data breach at Globe Life has led to extortion demands affecting 5,000 customers. The arrest of a notorious hacker linked to high-profile cyberattacks raises eyebrows in the cybersecurity world. Meanwhile, two Sudanese brothers have been indicted for their roles in Anonymous Sudan, a group notorious for DDoS attacks, including a strike against Microsoft. The podcast also touches on stricter measures by South Korea to combat technology leaks, alongside updates on vulnerabilities in key security products.

AI models are being tested for EU compliance, revealing performance gaps among providers. Concerns arise over Intel security, with allegations of defects linked to the NSA and WeChat encryption flaws. In the realm of cyber threats, significant arrests of Russian hackers signal a new approach to cybercrime, while North Korean malware exploits ads for distribution. Transparency in software security is highlighted, along with updates on the Internet Archive's recovery from a DDoS attack.