The question answers itself, but the head of Russia’s National Guard asked it anyway: if the West knew what Prigozhin had in mind, shouldn’t they have warned President Putin? (No, General Zolotov, no way.) Read More
The CyberWire
The all in one place for non-profit security aid.
The question answers itself, but the head of Russia’s National Guard asked it anyway: if the West knew what Prigozhin had in mind, shouldn’t they have warned President Putin? (No, General Zolotov, no way.) Read More
The CyberWire
Cisco Duo for Windows Logon and RDP Let Attacker Bypass Authentication
[[{“value”:”
A critical vulnerability, CVE-2024-20301 has been identified in Cisco Duo Authentication for Windows Logon and Remote Desktop Protocol (RDP), posing a security risk to affected systems.
This flaw could allow an authenticated, local attacker to bypass secondary authentication mechanisms and gain unauthorized access to Windows devices.
The vulnerability stems from a failure to invalidate locally created trusted sessions after a device reboot, enabling attackers with primary user credentials to exploit this weakness successfully.
The vulnerability impacts Cisco Duo Authentication for Windows Logon and RDP versions 4.2.0 through 4.2.2. Systems running earlier versions than 4.2.0 or the latest patched version, 4.3.0, are not vulnerable to this exploit.
The risk associated with this vulnerability is exceptionally high due to the potential for attackers to gain access to sensitive information and systems without valid permissions, posing a significant threat to organizational security and data integrity.
In response to the discovery of this vulnerability, Cisco has released software updates to address the issue, with no workarounds available.
The company advises customers to regularly consult the Cisco Security Advisories page for advisories on Cisco products to determine exposure and complete upgrade solutions.
Document
Integrate ANY.RUN in your company for Effective Malware Analysis
Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers
Malware analysis can be fast and simple. Just let us show you the way to:
Interact with malware safely
Set up virtual machine in Linux and all Windows OS versions
Work in a team
Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox: ..
Customers must ensure that their devices have sufficient memory and that the new release will support current hardware and software configurations.
Contacting the Cisco Technical Assistance Center (TAC) or contracted maintenance providers is recommended for any uncertainties.
Cisco has provided detailed information on the fixed software releases for affected versions:
Versions earlier than 4.2.0: Not vulnerable.
Versions 4.2.0 through 4.2.2: Customers are advised to migrate to a fixed release.
Version 4.3.0: Not vulnerable.
This information is critical for administrators to ensure that their systems are updated to the latest, secure versions, mitigating the risk posed by this vulnerability.
Administrators are urged to update affected systems to the latest software release as soon as possible. Additionally, Cisco Duo recommends rotating the registry key on affected devices as an immediate security measure.
This can be accomplished by navigating to the protected application in the Duo Admin Panel and clicking “Reset Secret Key.”
For more detailed instructions on this process, Cisco provides resources on resetting the secret key for a Duo-Protected Application or Directory Sync.
The discovery of this vulnerability in Cisco Duo Authentication for Windows Logon and RDP underscores the importance of maintaining up-to-date software and adhering to best security practices.
By promptly applying the provided software updates and following Cisco’s recommendations, administrators can protect their systems from potential exploitation and ensure the security of their organization’s data and resources.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Cisco Duo for Windows Logon and RDP Let Attacker Bypass Authentication appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Caesars Entertainment Hacked: Over 6TB of Data Stolen
Caesars Entertainment Inc. has reportedly paid a substantial sum to hackers who infiltrated the company’s systems and threatened to release sensitive data.
This breach follows closely on the heels of another cyberattack on MGM Resorts International.
Caesars Entertainment has not officially commented on the situation, but after Bloomberg News initially reported the cyberattack, the company disclosed it in a regulatory filing.
This revelation had a minimal impact on the company’s stock, with shares remaining relatively unchanged.
The hacking group responsible for this attack is allegedly known as Scattered Spider or UNC 3944.
They are recognized for their expertise in social engineering tactics to gain access to corporate networks.
Document
FREE Webinar
Attend the Live DDoS Website & API Attack Simulation webinar to gain knowledge on various types of attacks and how to prevent them.
In Caesars’ case, the hackers first breached an external IT vendor before infiltrating the company’s network.
The timeline of the attack indicates that Caesars was targeted as early as August 27. Notably, members of this hacking group are believed to be relatively young, with some individuals as young as 19 years old, residing in the US and the UK.
The attackers managed to steal sensitive data from Caesars’ loyalty program members, including driver’s licenses and social security numbers, as confirmed by the company in their regulatory filing.
Typically, hacking groups demand cryptocurrency as ransom in exchange for stolen data.
Some employ ransomware tactics to lock up computer files, offering decryption keys only upon payment.
In recent cases, hackers have chosen to steal data and demand payment, threatening to publish the information if their demands are unmet.
Caesars has stated that they’ve taken measures to ensure unauthorized actors delete the stolen data, though they cannot guarantee this outcome.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
The post Caesars Entertainment Hacked: Over 6TB of Data Stolen appeared first on Cyber Security News.
Cyber Security News
10 Best Network Security Providers for Healthcare Industry in 2024
The exponential growth of Electronic Health records (EHRs), telemedicine, and interconnected medical devices creates a complex healthcare ecosystem demanding robust network security.
The landscape necessitates comprehensive solutions safeguarding sensitive patient data from evolving cyber threats.
Network security providers specializing in healthcare offer a multi-layered approach, including intrusion detection and prevention systems (IDS/IPS), data encryption at rest and in transit, secure access control mechanisms, and vulnerability management programs.
By leveraging advanced threat intelligence and adhering to industry-specific regulations like HIPAA, these providers empower healthcare organizations to build a secure digital environment, prioritizing patient privacy, operational continuity, and regulatory compliance.
Network Security Musts: The 7-Point Checklist – Download Free – E-Book
The healthcare industry’s dependence on electronic health records (EHRs) and interconnected medical devices creates a digital landscape ripe for cyberattacks.
Network security safeguards this sensitive ecosystem by employing firewalls and intrusion detection systems to thwart unauthorized access.
Encryption scrambles data in transit and at rest, rendering it useless even if intercepted. Multi-factor authentication strengthens login protocols, and robust access controls dictate which users can access specific data.
Regular security patches address software vulnerabilities, and vigilant network segmentation limits the blast radius of a potential breach.
By implementing these measures, healthcare organizations can ensure patient data privacy, prevent disruptions to critical medical devices, and maintain the integrity of life-saving services.
Healthcare organizations can fortify their network defenses by implementing a multi-layered approach, beginning with role-based access controls (RBAC) that strictly limit user permissions to sensitive data.
Network segmentation can further isolate critical systems, while firewalls and intrusion detection and prevention systems (IDS/IPS) actively block and monitor malicious traffic.
Data encryption, both at rest and in transit, safeguards patient information even during a breach.
Healthcare institutions must prioritize endpoint security by enforcing strong password policies with multi-factor authentication (MFA) and deploying endpoint detection and response (EDR) solutions to identify and contain threats on individual devices.
Regular vulnerability assessments and penetration testing pinpoint weaknesses in the network, allowing for timely remediation and a constantly evolving security posture.
Perimeter 81: You can satisfy HIPAA regulations and protect PHI with Perimeter 81’s cloud, on-site, and in-transit security.
Palo Alto Networks: Palo Alto Networks offers healthcare-specific cybersecurity solutions for network security, data protection, and compliance with HIPAA, PCI DSS, and GDPR standards.
Fortinet: Fortinet utilizes tools like FortiDeceptor to deceive and eliminate threats early in the attack chain various technologies and strategies to secure healthcare networks, data, and devices.
Network Security Providers for Healthcare IndustryFeaturesStandout FeaturePricing1. Perimeter 811. Single Sign-On (SSO) facilitates access across multiple applications using one login.
2. Zero Trust Network Access secures user access based on continuous verification.
3. DNS filtering prevents access to harmful sites to minimize risks.
4. Secure Web Gateway provides web filtering to block malicious websites.Achieve Total Protected Healthcare Information Security30 Days Free Trail
2. Palo Alto Networks1. High-performance firewalls are tailored for complex healthcare networks.
2. Segmented network access provides detailed control over network access and data flow.
3. Multi-factor authentication strengthens access control with additional security layers.
4. Endpoint security protects endpoints with advanced threat detection and response.Zero Trust Security controls and verifies all user and device access.
30 Days Free Trail
3. Fortinet1. High-performance firewalls are tailored for complex healthcare networks.
2. Segmented network access provides detailed control over network access and data flow.
3. Multi-Factor authentication strengthens access control with additional security layers.
4. Endpoint security protects endpoints with advanced threat detection and response.Intrusion prevention actively blocks threats before they reach network devices.
Free demo/ trail for 15 days4. Cisco1. Secure SD-Access provides scalable network access control and segmentation.
2. Endpoint and Malware Protection offers robust defenses against a variety of threats.
3. Cloud-Delivered Firewall ensures secure
4. Internet access and application usage.
5. Incident response features strong capabilities for detecting and responding to threats.The Zero Trust Framework implements stringent access controls across all network resources.
free5. Trend MicroComprehensive Security offers robust protection across IT, OT, and CT environments.
Real-Time Analytics and Threat Intelligence provide proactive threat mitigation.
Automation and Scalability features minimize manual tasks and allow adaptation to changing needs.
User-Friendly Interface simplifies the navigation and utilization of security features.Centralized Management allows management of security policies and monitoring threats from a single console.
30 Days Free Trail
6. ImprivataDigital Identity Solutions streamline clinical experiences and protect sensitive data.
Multifactor Authentication enhances security across healthcare systems.
Privileged Access Management (PAM) secures and manages access for high-level user accounts.
Compliance with major standards such as HIPAA, NIST, and SOC compliance ensures adherence to regulations.Single Sign-On (SSO) simplifies access to clinical systems and applications.
30 Days Free Trail
7. CyberArkSecures privileged access vulnerabilities to protect critical healthcare information.
Adaptable security solutions do not disrupt ongoing business operations.
Enhances IT productivity by focusing on strategic tasks.
Supports compliance and strengthens overall cybersecurity posture.Automation capabilities prevent human error in IT operations.
free demo8. ZscalerZero Trust Exchange prevents cyber threats by securely connecting users, devices, and applications.
Secure Access to Public and Private Apps ensures safe and fast connectivity.
Real-time Threat Prevention and Intelligence offer protection against emerging threats.
Simplified IT Operations reduce complexity with cloud-native solutions.Multi-Tenant Cloud Architecture provides scalable and integrated security as a service.
30 Days Free demo
9. CrowdStrikeThreat Intelligence offers insights into adversaries’ tactics, techniques, and procedures.
Next-Generation Antivirus protects against all types of malware with machine learning.
Managed Threat Hunting identifies and mitigates threats in real time.
Incident Response and Proactive Services help prepare and respond to critical security incidents.Cloud-Native Endpoint Protection provides advanced defense mechanisms for healthcare systems.
free10. SymantecAdvanced Threat Protection detects and blocks sophisticated attacks.
Cloud Security ensures the security of cloud applications and services.
Data Loss Prevention helps prevent sensitive data from leaving the organization.
Web and Network Security features protect against web-based and network-based threats.Endpoint Protection safeguards devices against malware and other threats.
30 Days Free demo
Perimeter 81
Palo Alto Networks
Fortinet
Cisco
Trend Micro
Imprivata
CyberArk
Zscaler
CrowdStrike
Symantec
Perimeter 81
Perimeter 81 offers a cloud-based secure access service edge (SASE) platform that integrates networking and security tools to assist healthcare providers in complying with HIPAA, GDPR, SOC 2, and other regulations.
It offers a comprehensive security solution through a centralized management portal. It provides a comprehensive cloud usage visibility solution that evaluates potential risks and safeguards sensitive health information (PHI).
It also enforces data access and transmission control policies to prevent unauthorized access and data loss.
Encrypting data at rest and in transit eliminates the need for breach notification in case of a breach.
Additionally, it offers a hardware-free cloud VPN for secure remote access, intrusion monitoring for data protection, centralized management for network control, and data tracking and recovery for complete data protection.
Why do we Recommend It?
Simplifies secure network, cloud, and application access for the modern and mobile workforce
HIPAA-compliant and offers features such as 2FA, easy scalability, cost-effectiveness, and ease of use
Helps healthcare providers meet compliance requirements by providing IT teams with a powerful array of unified networking and cybersecurity tools
Uses a multi-layer approach to protect patient data
Offers a single portal for administration
Pros:
Streamlines meeting HIPAA and other regulations.
Provides insights into cloud usage for better security.
Encrypts data and enforces access controls.
Cons:
It may not eliminate breach notification requirements.
Scaling costs for more extensive networks.
Palo Alto Networks
Palo Alto Networks offers a unified cybersecurity platform for healthcare organizations by integrating network security, cloud security, and security operations to address the industry’s unique challenges.
Allows healthcare providers to securely leverage cloud-based solutions, data analytics, and AI/ML for improved patient care and data sharing.
The platform strengthens regulatory compliance and secures remote workforces and telemedicine practices through automation and consistent security controls.
By consolidating security tools and automating threat analysis, healthcare organizations can reduce management complexity and costs while enhancing their overall cybersecurity posture.
It enables them to deliver efficient and secure patient care anywhere within the evolving healthcare landscape.
Pros:
Integrates different security solutions into one platform for easier management and reduced complexity.
Offers features like threat analysis, automation, and consistent security controls to strengthen healthcare cybersecurity.
It enables secure use of the cloud, data analytics, and AI/ML for better patient care and data sharing.
Reduces security sprawl and saves money by unifying security management.
Adapts to the evolving healthcare landscape and growing number of connected devices.
Cons:
It might be complex to set up and require expertise to manage the platform effectively.
The cost of the platform itself might be a consideration for smaller healthcare organizations.
Why do we recommend it?
Protects patient data and stays ahead of threats.
Delivers value-based care with secure clouds, data analytics, and AI/ML.
Improves security for the remote workforce and telemedicine patients.
Unifies network and cloud security policy and management.
It helps manage technology risks and elevates cyber resilience for patient safety and privacy.
Fortinet
Pros:
It combines various security functions into a single system, simplifying management.
Integrates security with physical security systems for better overall protection.
Offers SD-WAN and secure networking solutions specifically for branch offices.
Delivers strong performance even with data encryption.
Cons:
It may be expensive, depending on the healthcare organization’s budget.
The Fortinet Security Fabric is a comprehensive cybersecurity solution for the healthcare industry.
Effectively tackles the obstacles of digital transformation by offering comprehensive security solutions for networks, data, and devices.
Offers features such as intelligent segmentation, Network Access Control (NAC), endpoint protection, and Identity and Access Management (IAM) to secure Internet of Medical Things (IoMT) devices and users.
Integrates physical security functions with cybersecurity solutions, providing a comprehensive view of security posture.
It also addresses low latency and high-performance processing needs for encrypted traffic, which helps healthcare organizations comply with regulations and improve operational efficiency.
Why do we recommend it?
Integrates security and networking functions
Secures internet-of-medical-things (IoMT) devices
Complies with regulations
Responds to cyber threats
Delivers high-performance processing
Secures branch locations
Cisco
Cisco offers healthcare providers a suite of technologies to improve patient care, staff workflows, and efficiency.
Their solutions include secure networking for connecting patients, providers, and staff and collaboration tools for remote care delivery.
Security is a significant focus, with Cisco providing threat assessment and security resilience strategies.
By enabling a hybrid work model, Cisco’s technology helps alleviate clinician burnout and improve the staff experience.
With extensive experience in the healthcare industry, it is a trusted partner for hospitals and clinics worldwide.
Why do we recommend it?
It offers solutions to connect patients, providers, and staff.
Security solutions to protect patient information.
Help healthcare organizations improve patient care.
The clinician’s experience can be improved with Cisco’s solutions.
Data-driven care decisions can be made.
Pros:
Improves workflows throughout healthcare organizations.
Enables secure connections between providers, patients, and staff.
Cons:
It requires building a strategy for security resilience.
It is complex to implement and manage, requiring skilled IT staff, which can burden smaller healthcare organizations with limited IT resources.
It is expensive, with licensing fees and potentially high implementation costs, which is a barrier for budget-conscious healthcare providers.
While it offers solutions for IoT security, its core strength lies in traditional IT security.
Trend Micro offers security solutions for healthcare organizations facing increasing cyber threats.
Their Network Defence solutions utilize advanced malware detection, network activity monitoring, and sandbox analysis to uncover and stop targeted attacks on Electronic Protected Health Information (ePHI).
As healthcare organizations move data to the cloud, it provides security solutions for hybrid cloud environments.
The User Protection solutions offer multi-layered security for various endpoints, mobile devices, and Internet of Things (IoT) devices, while integrating Data Loss Prevention (DLP) to prevent unauthorized data exfiltration.
They also offer supplementary security solutions for healthcare organizations using Office 365 in the cloud.
Why do we recommend it?
Helps healthcare organizations address challenges faced in protecting patient data and complying with regulations.
Keeps patient data safe.
Meets compliance needs.
It is hassle-free for smaller organizations.
Pros:
Protects against various cyber threats, including ransomware
Offers layered security with advanced protection techniques
Manages security locally, remotely, or both
Designed for the future and easy to integrate across enterprise systems
Cons:
It is not ideal for small businesses in the healthcare industry, as it requires individual licenses for each device needing protection.
It scored low in offline detection tests, a concern for the healthcare industry, where some devices may not always be connected to the internet.
Imprivata
A digital identity system can significantly improve healthcare organizations by streamlining workflows and enhancing security.
It can achieve this by utilizing robust authentication methods to eliminate manual logins for mobile access (reducing 90% of steps).
The system can automatically detect unauthorized access to patient data, preventing 99% of incidents.
Improves patient privacy and regulatory compliance by safeguarding sensitive information throughout the care cycle.
Automated identity management simplifies access control for clinicians, allowing them to focus on patient care.
Overall, a digital identity system optimizes Electronic Patient Record (EPR) usage, manages third-party access risks, and improves clinical workflow efficiency.
Why do we recommend it?
Streamlines clinical workflows, allowing for faster and more efficient care.
Secures critical infrastructure, protecting patient data from cyberattacks.
Protects patient privacy by ensuring only authorized personnel have access to medical records.
Reduces manual authentication steps, saving clinicians time and reducing errors.
Automatically identifies unauthorized access to patient health information (PHI).
It can be tailored to meet the specific needs of modern identity and access management in healthcare.
Pros:
Reduces manual authentication steps for mobile workflows, freeing up clinician time.
Automatically identifies unauthorized access to patient data.
Simplifies audit recordkeeping and reporting for regulatory requirements.
Automates granting, revoking, and monitoring access to healthcare systems.
Cons:
Setting up can be complex and requires assistance from IT.
Conflict with existing software that has an auto login feature, causing inconvenience.
It does not automatically log out users when they walk away from the computer, which can be a security concern for some users.
Limited customization options may not be suitable for organizations that need a highly customized solution.
The reporting functionality in Imprivata’s Admin Console may be limited.
CyberArk
CyberArk offers healthcare organizations a comprehensive identity Security Platform that protects electronically protected health information (ePHI) and prevents ransomware attacks.
Their platform secures privileged access and user identities across complex care delivery networks, including virtual care and patient portals.
It helps healthcare organizations comply with regulations like HIPAA and ISO/IEC 27002 by reducing the burden on IT staff and enabling secure access to business applications for both human and machine identities.
The privileged access management solution helps prevent the lateral movement of ransomware and isolate compromised credentials.
We also offer customer and workforce identity solutions that leverage AI to secure access, provide a passwordless experience and secure DevOps environments without impacting agility.
Why do we recommend it?
Industry’s most complete Identity Security Platform.
Offers privileged solid access and identity security.
Protects against threats across complex integrated care delivery networks.
Help healthcare organizations meet compliance requirements.
Secure patient confidentiality.
Pros:
It stops ransomware and other threats with privileged access security and prevents lateral movement within the network.
Ensures adherence to regulations like HIPAA with documented and auditable access controls.
Reduces the burden on IT and staff by simplifying security solutions.
Secures access to business applications for both human and machine users.
Cons:
It may be expensive for smaller healthcare organizations.
Zscaler
The healthcare industry suffers the most from data breaches, with an average cost of $10.1 million per incident.
Zero Trust Architecture (ZTA) can mitigate this risk by enforcing access control and implementing multiple layers of threat prevention.
ZTA uses access control to limit access to externally managed applications and internet destinations based on user roles.
Threat prevention includes advanced threat protection, which delivers real-time protection from malicious content, and daily security updates to the Zscaler cloud to ensure comprehensive threat blockage.
Why do we recommend it?
It offers a Zero-Trust Architecture (ZTA) compliant with HIPAA regulations, which can help reduce the risk of cyberattacks by limiting access to data and applications only to authorized users.
It encrypts data at rest and in transit, which can help protect sensitive healthcare information.
Inspects traffic for malware and other threats, which can help prevent data breaches.
Provides cloud-based security, eliminating the need for on-premises security infrastructure and saving time and money.
Easy to deploy and manage, which can help reduce IT costs
Pros:
Enforces access control to patient data
Provides multiple layers of threat protection
Real-time protection from malicious Internet content
Daily updates to Zscaler cloud to protect users
Cons:
It relies on cloud security, which may not be mature in all healthcare organizations
CrowdStrike
CrowdStrike offers a cloud-native security platform (Falcon) to address the rising cyber threats in healthcare.
Falcon protects endpoints (desktops, laptops, servers, etc.) on any network and uses threat intelligence to proactively detect and respond to attacks, allowing healthcare organizations to transition to remote workforces and telemedicine securely.
It consolidates security functions across various devices and platforms (Windows, Linux, Macs, etc.), potentially reducing IT security costs by 30%.
Additionally, CrowdStrike Falcon Complete offers managed security operations (24/7) and threat hunting to identify and stop sophisticated attacks.
Falcon Discover offers comprehensive visibility and robust protection for Internet of Medical Things (IoMT) devices.
Why do we recommend it?
Protects against various cyber threats with an AI-native cybersecurity platform.
Designed to be easy to use and deploy.
Reduces IT security costs by 30%.
Protects endpoints from any location.
Provides visibility across various devices.
Offers MDR (Managed Detection and Response) for continuous threat monitoring.
Pros:
Easy and quick deployment
Unified visibility across various devices and platforms
Advanced endpoint protection with threat detection and prevention
Managed security operations and threat-hunting
Unmatched visibility for Internet of Medical Things (IoMT) devices
Cons:
Requires skilled staff to interpret results
Symantec
Symantec offers various security solutions to prevent data breaches, including Symantec Advanced Threat Protection (ATP), Symantec Endpoint Protection, and Symantec Hosted Email Security.cloud with Messaging Gateway.
ATP allows for centralized investigation and remediation of advanced threats across endpoints, networks, and email.
Symantec Endpoint Protection leverages global threat intelligence to protect against known and unknown threats on endpoints and virtual desktops.
Symantec Hosted Email Security. Cloud with Messaging Gateway utilizes threat intelligence and skeptic scanning to secure cloud-based email and block spam and phishing attacks.
It also analyzes email content to prevent data loss and encrypts emails for confidentiality.
Web Security. Cloud protects users from malicious downloads and enforces web browsing policies.
Why do we recommend it?
It can expose, prioritize, and remediate advanced threats across endpoints, networks, and email, all from a single console.
Scan for attack artifacts across the infrastructure, drill into the details of an attack, prioritize compromised systems, and quickly remediate all with a single click.
Uncover attacks that would otherwise evade detection
Pros:
Offers a single console to view and manage threats across various systems (endpoints, network, email).
Allows for quicker identification, prioritization, and remediation of threats, potentially saving time compared to traditional methods.
p+Provides a combination of Endpoint Protection, Email Security, and Web Security, offering a layered defense against various attack vectors.
Email Security features like Policy-Based Encryption and Image Control can help prevent sensitive healthcare data from leaking.
Cons:
While offering a centralized view, managing security across multiple systems can be complex for smaller IT teams.
In the rapidly evolving landscape of healthcare cybersecurity, selecting the right network security solution is paramount to safeguarding sensitive patient data and ensuring compliance with stringent regulations. Among the myriad of options available, Perimeter 81 emerges as a leading choice for healthcare organizations seeking robust, user-friendly, and comprehensive network security.
The post 10 Best Network Security Providers for Healthcare Industry in 2024 appeared first on Cyber Security News.