Adrian Johnson
TLDR:
- Healthcare and malware are causing data breach notifications to go wild, potentially releasing hundreds of thousands of medical records.
- Chrome will no longer trust Entrust starting at version 127, impacting users’ trust in the certificate authority.
- MoveIT has a security issue that needs attention and action to prevent potential breaches.
- The Fed Reserve hack that released 33TB of data actually targeted Evolve Bank, not directly the Federal Reserve.
- An ISP in South Korea inadvertently delivered malware to over 500k subscribers, showing the ongoing challenge of preventing malware distribution.
In the latest episode of Security Weekly News, various cybersecurity topics were discussed, including healthcare data breach notifications, the impact of Chrome no longer trusting Entrust as a certificate authority, security issues with MoveIT, the Fed Reserve hack targeting Evolve Bank, and an incident where an ISP unintentionally delivered malware to subscribers.
Healthcare organizations are facing challenges with malware that may result in the release of hundreds of thousands of medical records, prompting data breach notifications to increase. In another development, Chrome users may face trust issues with Entrust as the browser will stop trusting the certificate authority starting with version 127.
MoveIT, a popular tool, has been identified to have a security issue that users need to address promptly to prevent potential breaches. Additionally, while news of a Fed Reserve hack circulated, it was later discovered that the breach actually targeted Evolve Bank, not directly the Federal Reserve.
Highlighting the importance of vetting ISPs, a South Korean internet service provider mistakenly delivered malware to over 500,000 subscribers, underscoring the ongoing challenge of preventing malware distribution through trusted entities.
The episode also featured cybersecurity expert Chris Wolski, discussing his extensive experience in building comprehensive cybersecurity strategies and leading world-class security teams across various sectors. Overall, the episode provided valuable insights into current cybersecurity threats and trends affecting organizations worldwide.
