The Colorado Privacy Act (CPA) passed yesterday in the state's senate and will go into effect in July 2023 – creating an additional  regulation that organizations must comply with or face hefty fines and eroding consumer trust. 

The past year’s COVID-19 pandemic marked an unparalleled turning point that has completely changed the world as we know it. When businesses and organizations from many industries rushed to establish business continuity from home, hackers took full advantage of the remote work conditions that provided easy targets in unsecure environments. Although people are returning to the office and getting “back to normal,” the idea of evaluating the organization’s cybersecurity posture is becoming more prevalent.

Devo Technology announced the results of a report assessing the current state and pace of change with regards to enterprise cloud transformation initiatives and the ramifications on teams running a Security Operations Center (SOC).

Among highly regulated, global organizations, Panaseer has determined that the top ten most frequently used security metrics are (in order of popularity): 

Nearly half (48%) of organizations do not have a user verification policy in place for password reset calls to IT service desks, according to a new Specops Software survey, which highlights social engineering vulnerabilities among IT service help desks.

In the spirit of building a solid foundation, Zero Trust security has once again come into the forefront. Whie the concept of Zero Trust is not new, the reality is that not enough organizations have adopted those in IT and security, the concept of identity-centric protection isn’t anything new.

The US Federal Bureau of Investigation (FBI), the Dutch National Police (Politie), and the Swedish Police Authority (Polisen), in cooperation with the US Drug Enforcement Administration (DEA) and 16 other countries have carried out with the support of Europol one of the largest and most sophisticated law enforcement operations to date in the fight against encrypted criminal activities.  

The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima— continues to target the South Korean government, according to the Malwarebytes Threat Intelligence team, who is actively monitoring this actor and has been able to spot phishing websites, malicious documents, and scripts that have been used to target high profile people within the government of South Korea. The structure and TTPs used in these recent activities align with what has been reported in KISA’s report.

No health system should have to decide between improving patient care or covering the high cost of an unexpected ransomware attack. Examine the health and wellness of your IT infrastructure—just like a patient—to prevent long-term issues down the line.