US Health Dept warns hospitals of hackers targeting IT help desks

April 6, 2024 at 12:04PM The U.S. Department of Health and Human Services warns of hackers using social engineering to target IT help desks in the Healthcare and Public Health sector. They gain access by enrolling their own MFA devices and using AI voice cloning. Similar tactics are used by the Scattered Spider threat group. … Read more

CISA and OpenSSF Release Framework for Package Repository Security

February 12, 2024 at 06:27AM The U.S. CISA and OpenSSF are collaborating to establish the Principles for Package Repository Security, a framework aiming to enhance security in open-source software ecosystems. It outlines four security maturity levels and emphasizes the importance of continual security improvements. This development addresses growing security concerns related to open-source software in … Read more

US Health Dept urges hospitals to patch critical Citrix Bleed bug

December 2, 2023 at 11:54AM The HHS alerted U.S. healthcare organizations to patch the ‘Citrix Bleed’ vulnerability (CVE-2023-4966), as it’s actively exploited by ransomware gangs, bypassing security controls. Citrix and federal agencies urged immediate action. Despite a fix released in October, over 10,000 servers remain at risk, threatening the Health sector. Meeting Takeaways: 1. **Urgent … Read more