A doctor at the Navy Medicine Readiness and Training Command at San Diego’s Virtual Medical Operations Center uses a robotic surgical system during a robotic-assisted gallbladder removal surgery on May 16. (Mass Communication Specialist 3rd Class Mariterese Merrique/Navy)
Instances of Log4j have drastically reduced among entities with advanced security tools like automation. But in healthcare the vulnerability has only highlighted continued resource gaps.
The Department of Justice is significantly revising how it interprets the nation’s premier hacking law, saying it will no longer bring cases against “good faith” security researchers or individuals who violate trivial or non-material parts of a company’s policies or terms of service.
The popular, headless CMS Strapi patched two vulnerabilities that allowed users with lower levels of privilege to see data only higher privileged users were cleared to see — including information allowing account takeover.
Adoption of the security standards years after voluntary federal guidelines are low, and the majority of healthcare organizations are still struggling to keep pace, a cybersecurity expert testified at a May 18 Senate hearing.
The cybersecurity agency said there is evidence that malicious hackers were able to reverse engineer an update fixing two of the vulnerabilities within 48 hours to create an exploit for unpatched systems.
A judge has dismissed a breach lawsuit against Northeast Radiology and its vendor Alliance Healthcare Services, as the patients did not provide evidence of concrete harm, as required by a June 2021 Supreme Court ruling.
CISA and OMB update Congress on how federal agencies had complied with the Biden administration’s cybersecurity executive order as well as their push to implement zero-trust architectures across agencies and departments.
The FBI, Department of Justice and Department of State joint alert notes that North Korea sometimes covers its tracks by subcontracting IT work to non-North Koreans who are none the wiser.
