Kaspersky researchers noticed a rather clever way threat actors are deceiving users in China into downloading a malicious Tor browser installer that can be used to track the history and location of its victims.

The activity appears to have been done for espionage purposes and Mandiant believes it has a “nexus to China,” an assessment that was made with only low confidence.

NIH says it relies on grantees to protect health information, intellectual property, but OIG says data could be at risk without program controls.

The FBI has observed a rise in threat actors compromising user credentials of healthcare payment processors to redirect payments from their victims to bank accounts in their control, according to a private industry notification.

Study by Proofpoint and Ponemon Institute finds 89% of the healthcare organizations surveyed experienced 43 attacks in the past 12 months – almost one attack per week.

Days after Google announced an open source bug bounty program, Legit Security reported supply chain attack vulnerabilities in open-source projects from Google and Apache.

The Open Source Vulnerability Rewards Program (OSS VRP) aims to improve cybersecurity for Google users and open-source consumers worldwide.

Healthcare and tech have made strides in patient care over the last two decades, shifting care from within the four walls of a hospital to remote-care settings. But many vendors, including some of the the most dominant players in the tech space, have a revolving door of healthcare leaders. Others hop in, then hop out again. SC Media examines what makes the union so difficult to get right.

Following reports accusing Facebook of scraping health data with its Pixel tracking tool, Novant Health is informing 1.3 million patients of an “unintended” disclosure caused by a misconfigured pixel.

Society at large is getting more vulnerable and less capable of safely navigating the complex cybersecurity landscape, said former CISA Director Chris Krebs at the Black Hat hacker conference in Las Vegas.