Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Healthcare services offered by the government and private agencies took a serious hit this week with breaches against Johns Hopkins, Essen Health Care, Atrium Health at Wake Forest, and the Idaho Department of Health and Welfare. Patients lost a significant amount of both personal and health information in this breach as a result. The Bank of NY Mellon was also a breach victim this week. Read below for the details.

SIEMs play a crucial role in the modern SOC: They allow you to collect, correlate and analyze log data and alerts for security and compliance. Yet, despite their value, SIEMs have struggled to keep up with today’s logging performance and scalability requirements. Given that adversaries are operating faster than ever, organizations must prioritize the capabilities that help them identify and respond to threats quickly.

Arctic Wolf’s The State of Cybersecurity: 2023 Trends report revealed a painful, yet unsurprising statistic: 68% of organizations identified staffing-related issues as their number one threat to achieving their security objectives. Breaking that down further, 32% of organizations are having difficulty with hiring and retaining staff. The remaining 36% feel their existing security team lacks the necessary expertise.

On June 23, 2023, Fortinet disclosed a critical Remote Code Execution (RCE) vulnerability (CVE-2023-33299) affecting FortiNAC, a network access control solution utilized by organizations to manage network access policies and compliance. This vulnerability is the result of the deserialization of untrusted data. Deserialization vulnerabilities such as this one are dangerous because a threat actor can insert a modified serialized object into the system which leads to unauthenticated RCE.