A first-half study of the US healthcare sector revealed a cyber salvo against the industry.

The report from threat intel firm Cyble, which highlighted healthcare-specific cyberthreat activity from January to June of 2024, found:

• 121 ransomware attacks
• 18 verified data breaches

“The recent trend where we are seeing large number of attacks directly on these hospitals, healthcare providers, just shows the increasing desperation within the cybercriminal ecosystem, to basically target any organization for maximum monetary benefit,” Kaustubh Medhe, VP of research and cyber threat intelligence at Cyble, told IT Brew.

The FBI’s investigation of internet crime incidents last year also demonstrated a heavy targeting of hospitals. The agency’s 2023 Internet Crime Report found that its Internet Crime Complaint Center received 249 queries from ransomware-affected healthcare orgs—surpassing all critical infrastructure sectors, including critical manufacturing (which received 218 complaints) and government facilities (156 complaints).

Read the rest here.—BH

And we mean that literally since Gartner just recognized Lumos as a Visionary in the first-ever Gartner Magic Quadrant for SaaS Management Platforms (SMP).

Pretty big deal, right? Well, the deal gets even bigger when you realize that Lumos just launched their SaaS Management offering two short years ago. Talk about rapid growth.

And they’re not done yet. Lumos has a vision for the future, one in which they unlock customer potential to adopt the right application with the right access. With Lumos’s Unified Access Platform, companies can:

• Discover all apps, including shadow IT, in use across all environments.
• Enhance employee experience with automated software access.
• Reduce software spend wastage.

Lumos is on a mission to bring IT and security teams together and to empower organizations to unlock employee potential with safe digital technology usage.

See the vision.

The June 19 cyberattack on CDK Global, a tech company that provides services to auto dealers, is estimated to have cost dealerships more than $1 billion—but that financial hit to its clients wasn’t enough for CDK to feel the need to file with the SEC under its ambiguous new rules for reporting hacks..

“A reasonable investor would want to know about it because of the nature of the attention it has gotten and the tail that will happen because of that attention,” former CISA official Bob Kolasky told CyberScoop. “It creates a ton of uncertainty about the kind of scrutiny that’s going to follow from this.”

No deeds. In a statement on July 3, a day after “substantially all” affected dealerships were back online, CDK parent Brookfield Business Partners announced that it didn’t “expect this incident to have a material impact” on the company. Meanwhile, CyberScoop reported, “numerous auto dealers [notified] the Securities and Exchange Commission that the breach had harmed their operations.” While CDK is a private company, Brookfield is publicly traded, making disclosure rules more complicated, RSA Conference Chairman Hugh Thompson told IT Brew.

“What the CDK case has shown us is that interpretations vary wildly,” Thompson said. “Now, there [are] important distinctions between some of the auto dealers who are directly publicly traded companies, and thus fall immediately under this disclosure law—so they’re compelled when they believe that materiality has been reached, they have four days to disclose. Then you’ve got CDK; that’s a little bit more complicated.”

Read more here.—EH

Don’t get caught snoozin’. Attackers shouldn’t have an information advantage. That’s why you need Flare’s Threat Exposure Management solution. This lifesaver proactively detects, prioritizes, and mitigates threats across the clear + dark web and illicit Telegram channels on a 24/7 basis. Forget about catching glitches in your good times. Start a free trial.

Days after the IT outage shut down systems around the world, affecting banks, airlines, and other organizations, CrowdStrike—the company whose update was behind the disruption—has issued guidance explaining what happened.

In a content update for Windows systems users employing the company’s Falcon defense platform, CrowdStrike detailed how its Rapid Response Content tool pushes updates to users multiple times a day. On July 19, a bad update went out to Channel File 291.

“Due to a bug in the Content Validator, one of the two Template Instances passed validation despite containing problematic content data,” CrowdStrike noted, adding that it “resulted in an out-of-bounds memory read triggering an exception. This unexpected exception could not be gracefully handled, resulting in a Windows operating system crash.”

Root causes. Thomas Haver, a software developer and technologist, told IT Brew the problems for CrowdStrike likely go deeper than just getting people back online. CrowdStrike would have needed to prove it had controls in place before issuing updates.

Keep reading here.—EH