SolarWinds CEO Sudhakar Ramakrishna attends a Senate Intelligence Committee hearing on Capitol Hill on Feb. 23, 2021, in Washington. A new zero-day affecting SolarWinds’ Serv-U software has seen “limited and targeted” exploitation by a threat group based in China, Microsoft warned. (Photo by Demetrius Freeman-Pool/Getty Images) Microsoft said it discovered a damaging zero-day vulnerability affecting SolarWinds software, and they have evidence a hacking group tied to China has been actively exploiting it in the wild. The flaw, which Microsoft said it discovered in Microsoft 365 Defender telemet ..read more

Sculpture “Life in the Community” in located at the exterior of the Health Care Financing Administration, the CMS enforcement arm. (Credit: Carol M. Highsmith/Library of Congress via Wikimedia Commons) On July 1, the Centers for Medicare and Medicaid Services began the enforcement of its Interoperability and Patient Access final rule, designed to fuel data sharing between providers and to support patients’ rights to access their protected health information, relying heavily on the use of application programming interfaces (API). The 21st Century Cures Act outlined the requirements of the inter ..read more

FBI’s cyber division personnel in front of a computer screen. New research finds that ransomware atracks have grabbed the attention of leaders across business sectors. (FBI) A new Cybereason survey found that more than four out of five respondents from various business sectors – some  81% – said they are “highly” or “very concerned” about the risk of ransomware attacks. The survey’s authors said the response underscores what a pervasive threat ransomware has become and that the security industry must respond with urgency to address the dramatic increase in ransomware cases. The Cybereason ..read more

Strata Identity’s Maverics Identity Discovery aims to automate the process of auditing and cataloging of legacy identity systems. (Photo by Sean Gallup/Getty Images) Strata Identity on Wednesday launched Maverics Identity Discovery, a free software tool that automates the manual process of auditing and cataloging on-premises identity environments. In a press release, Strata claims that the tool reduces cloud migration project times from months to hours. The release of the Maverics cloud migration tool looks to solve a very specific problem for security teams: According to recent Strata researc ..read more

The Amazon Web Services (AWS) office in Houston, Texas. (Tony Webster from Minneapolis, Minnesota, United States, CC BY 2.0 https://creativecommons.org/licenses/by/2.0, via Wikimedia Commons) Amazon Web Services this week launched a new free online training series on Twitch that aims to build up the skills of cloud developers. The new series, the AWS Power Hour: Architecting, kicked off on Monday, July 12 and will run for six weeks. According to an AWS blog, the developer training is part of AWS’s commitment to offer free skills training to 29 million learners globally by 2025 throug ..read more

Today’s columnist, Daniel Cidon of NextGate, hopes that Congress can keep moving forward and work with the private sector to establish a national patient identification (NPI) number. MarkFischer CreativeCommons CC BY-SA 2.0 For nearly three decades, the Internet has done more than just connect us with new people in faraway places. It has also changed how we connect with our own shifting identities. In most cases, our phones and laptops now hold significantly more sensitive information about us than our bi-fold wallets or family filing cabinets. The keys to our financial lives, professional liv ..read more

A spoofed Paypal webpage. (Image from Digital Shadows report.) New research has shed some light on just how constantly corporate brands are bombarded by fraudulent attempts to impersonate their website domains. In its new “Impersonating Domains Report,” researchers at Digital Shadows found that over a four-month span this year, its business clients on average witnessed 90 different fraudulent domains impersonating their websites and brands. That extrapolates to almost 1,100 imitated domains per year. The reason: it’s simple and cheap to set up a fake website, and so cybercriminals can sta ..read more

The FBI’s Cyber Division leads the nation’s efforts to investigate and prosecute internet crimes. The bureau noted in its annual IC3 report that ransomware is uniquely underreported (FBI) The FBI notes in its annual IC3 report that ransomware is uniquely underreported, and its statistics can’t really be trusted. Various blockchain analysis groups have the means to compile ransomware statistics, but only for a price. That is unfortunate, as the information would be invaluable as researchers hope to get a handle on the scope of ransomware and what could be done to prevent further outbreaks. A ne ..read more

The Microsoft logo is illuminated on a wall during a Microsoft launch event in New York City. Microsoft released fixes for 117 vulnerabilities (Photo by Drew Angerer/Getty Images) Microsoft on Tuesday picked up the pace on patching for July and released fixes for 117 vulnerabilities, four of which are being actively exploited in the wild.   July represents a dramatic shift from the relatively light releases security researchers have seen over previous months, highlighting an uptick in zero-day exploits and the urgency needed to keep pace with a growing list of threats, said Justin Kn ..read more

A Guess retail store. (N509FZ, CC BY-SA 4.0 https://creativecommons.org/licenses/by-sa/4.0, via Wikimedia Commons) Following news that noted fashion brand Guess suffered a data breach in which personal information may have been stolen, cybersecurity experts on Tuesday said that retailers should take this case as motivation to lock down their cyber defenses. News of the breach was first reported by BleepingComputer on Monday, though DataBreaches.net had previously reported that the DarkSide ransomware group had listed Guess on their data leak site in April. It’s certainly possible that the repo ..read more