The wealth of sensitive personal and financial data managed by hospitals and health systems, coupled with known cybersecurity vulnerabilities, makes the healthcare sector an inviting target for cyberattacks. In the last three years, 93% of healthcare organizations have experienced a data breach, and 57% have had more than five breaches.
In recent weeks President Biden issued a statement encouraging organizations to level up their cyber defenses in what he called “a critical moment to improve domestic cybersecurity and bolster national resilience.” The following week, the federal budget proposal for FY2023 was released with a nearly $11 billion line item for cybersecurity measures.
Forescout’s Vedere Labs, in partnership with CyberMDX, have discovered a set of seven new vulnerabilities affecting PTC’s Axeda agent, which we are collectively calling Access:7. Three of the vulnerabilities were rated critical by CISA, as they could enable hackers to remotely execute malicious code and take full control of devices, access sensitive data or alter configurations in impacted devices.
Beyond the disturbing images of the invasion of Ukraine that began February 24 are the invisible cyberattacks that preceded it and continue to be waged on Ukraine by Russian state-sponsored and other threat actors, which also threaten the West. Vedere Labs, Forescout’s threat intelligence and research team, is closely monitoring the evolution of cyber activities connected to the Russian-Ukrainian conflict.
Guessing how many marbles are in a jar is either a fun carnival game (pick the average based on the wisdom of the crowd) or a math problem involving orb volume, cylinder volume and the estimated space between marbles. You can also just count the marbles. Unfortunately, when it comes to identifying the number of devices connected to your network, none of these approaches works – although quasi-manual counting remains all too common.
Almost a year since the Colonial Pipeline ransomware attack on critical infrastructure occurred, the question still looms large: not whether such an incident could happen again, but when?
On Sunday, Feb. 13, the NFL’s San Francisco 49er organization issued a statement confirming they experienced a network security incident. Shortly after the incident, BlackByte ransomware gang listed the 49ers as one of their alleged victims. The 49ers franchise didn’t confirm if ransomware was involved, but it did state that only the corporate IT network was affected. As with all breaches, one commonality eventually appears: vulnerabilities.
On Jan. 26, the Office of Management and Budget (OMB) published its widely anticipated final version of its zero trust architecture strategy, identifying top cybersecurity priorities for the federal government. This achievement raises the country’s cyber defense strategy to a level commensurate with the “increasingly sophisticated and persistent threat campaigns” it faces.
