Aggregator

Major cybersecurity breaches continue to plague the US healthcare industry, and on December 27, 2024, the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) to amend the HIPAA Security Rule, titled "The HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information". Comments were requested and over 4000 were received before the comment period ended on March 7 2025. This blog summarizes what the comments covered - and what comes next.

The post HIPAA Security Rule Amendment: Key Public Comments and Next Steps appeared first on Security Boulevard.

What Do You Mean, Hospital-Targeting Sociopath Ransomware Wielders Continue to Lie?
A ransomware group reusing the Babuk ransomware brand claims to have stolen data from the likes of Amazon, Delta and US Bank. Just one problem: Security experts found a startling overlap between its claimed victims and previous attacks scored by the likes of Clop, LockBit and RansomHub.

Supposed Taiwanese State Hackers Unmasked by China's Ministry of State Security
Nothing beats messing with your adversaries' heads than taking a page from their psychological operations playbook. Witness China's Ministry of State Security unmasking four Taiwanese government hackers in a move borrowed from the U.S. government's playbook.

Google Aims to Match Microsoft Defender With $32B Buy of Wiz's Cloud Security Tech
Google's plan to buy cloud security firm Wiz for $32 billion highlights its drive to compete with Microsoft Defender and expand multi-cloud protection, and will put pressure on AWS to respond. Forrester Analyst Andras Cser says Wiz will likely remain independent for now, easing integration hurdles.

Open Power AI Consortium Members Include Nvidia and Microsoft
Tech giants and utility providers on Thursday formed an alliance to harness artificial intelligence for a more resilient power grid. More than two dozen organizations are participating in the Open Power AI Consortium led by the Electric Power Research Institute.

Researcher Found Unsecured Database Server Containing 1,864 GB of OrthoMinds' Data
An orthodontic practice software vendor is notifying an undisclosed number of patients that their data was exposed to the internet for 10 days last November. The security researcher who discovered the data leak said the incident appears to have lasted longer and affected more than 200,000 patients.

UAT-5918 Breaches Taiwan's Critical Sectors Using N-Day Flaws for Cyberespionage
Hackers with ties to China-based hacking groups including Volt Typhoon are breaching Taiwan's critical infrastructure by exploiting unpatched web and application servers as entry points for a cyberespionage campaign. Cisco Talos threat hunters identified the new threat actor as UAT-5918.

Could Your Legacy IAM Be The Achilles Heel of Your Cybersecurity? When security breaches and data leaks proliferate, organizations grapple with the rising challenge of protecting their digital assets. This is particularly true for organizations with legacy Identity and Access Management (IAM) systems. While these systems have served us well in the past, could they […]

The post How can legacy IAM systems be updated to support NHIs? appeared first on Entro.

The post How can legacy IAM systems be updated to support NHIs? appeared first on Security Boulevard.

How Vital is the Role of Non-Human Identities in Identity and Access Management (IAM)? Have you ever wondered how digital machinery and applications gain access to our systems? The answer lies in Non-Human Identities (NHIs), a critical, yet often overlooked aspect of Identity and Access Management (IAM). But how significant is the role of NHIs […]

The post What role do NHIs play in modern identity and access management? appeared first on Entro.

The post What role do NHIs play in modern identity and access management? appeared first on Security Boulevard.

Is Your IAM System Adequately Protecting Non-Human Identities? Non-Human Identities (NHIs) are one such intricacy that has increasingly made its way into IAM (Identity Access Management) systems. However, the question remains: How do we ensure secure authentication for NHIs in an IAM system? Peeling Back the Layers of NHI NHIs, essentially, are machine identities used […]

The post How do I ensure secure authentication for NHIs in an IAM system? appeared first on Entro.

The post How do I ensure secure authentication for NHIs in an IAM system? appeared first on Security Boulevard.

A vulnerability was found in Concept Intermedia SAM CMS up to 3.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-3801. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in OpenPLC up to 9cd8f1b. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Profile Picture Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-37741. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Floating Social Buttons Plugin up to 1.5 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-6405. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in scidsg hushline. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-38521. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Events Manager Plugin up to 6.4.8 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-5889. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Goya Plugin up to 1.0.8.7 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2023-4017. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in ABO.CMS up to 5.9.3. This affects an unknown part of the component TinyMCE Module. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2021-37787. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Meta Platforms below up to 0.8.x and classified as critical. This issue affects some unknown processing of the file /var/log/below. The manipulation leads to symlink following. The identification of this vulnerability is CVE-2025-27591. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apache Felix HTTP Webconsole Plugin up to 1.2.0. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-27867. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.