Organizations in the healthcare and public health sector have been urged by the Cybersecurity and Infrastructure Security Agency to mitigate cybersecurity threats by strengthening account passwords and authentication methods, as well as ensuring the adoption of the latest patches and software, following the discovery of security lapses in an unnamed health entity leveraging on-prem software during a two-week penetration test, SecurityWeek reports.
Despite having adequate defenses against unauthorized initial access or phishing due to its implementation of multi-factor authentication and restricted external-facing resource access, the health organization could have its domains compromised due to misconfigurations and default passwords, according to CISA. In addition to having a web server that failed to limit the permissions of authenticated users, the organization was also discovered by CISA to have systems without SMB signing enforcement while leveraging excessive network services and a service account with more privileges than needed.
Ukraine has been targeted by Russian threat actors in the new Operation Texontodisinformation campaign that also involved spear-phishing and credential exfiltration tactics, according to The Hacker News.
Record high ransomware and data extortion incidents experienced by Western nations last year have prompted former National Security Agency Director Michael Rogers to call for a reevaluation of their cybersecurity defense strategy.