November is coming to a close, ushering in cold weather, the Holiday season, and countless more instances of cybersecurity developments. Since hackers never take a vacation, there’s always a variety of stories highlighting the need to protect yourself and your business. Here’s a quick look at some of the most compelling examples.
Malware in Browser Update
Every few months or so, you may be prompted to download the latest version of a commonly used browser on your computer. However, some threat actors have adopted a new strategy of hiding malware within fake browser updates. This technique involves breaching legitimate but vulnerable websites and infesting them with malicious code, presenting users with deceptive browser update notifications. When a user logs on the compromised website, the attackers’ code runs alongside other site assets. The hacker’s script collects information about the user’s system, location, and browser version. If the criteria are met, it contacts an attacker-controlled domain to pull in a fake browser update page. In order to avoid falling victim to this technique, users are encouraged to differentiate between real and fake updates by observing the typical behavior of trusted websites and browsers. Any unexpected or unusual prompts, especially related to updates, should raise suspicion. That being said, making sure your browsers, or any software, is completely up to date remains essential. Regularly updating browsers is a good security practice, as any weak points in the code can be patched out.
New Cybersecurity Regulations for NY Hospitals
Recently, New York Gov. Kathy Hochul proposed a new set of cybersecurity regulations for the state’s hospitals, including a mandate that hospitals develop their own programs and response plans and appoint chief information security officers if they don’t already have one. This underlines the importance of having dedicated leadership for cybersecurity, ensuring focused efforts in protecting healthcare information. Hospitals are also required to develop comprehensive cyber incident response plans, including notification systems to alert affected parties, ensuring a coordinated and timely response to cybersecurity events. In addition to the creation of this plan, hospitals need to conduct tests of their response plans to ensure continued patient care during and after cyber incidents. If Gov. Hochul’s plan gets approved, hospitals will have one year to make appropriate changes in response to the finalized regulations; including implementing cybersecurity programs, appointing CISOs, and meeting other specified requirements. Overall, the purpose of this plan seems to emphasize the need for a proactive approach to safeguard critical networks and systems used in patient care.
Billions of Usernames and Passwords Leaked
In the middle of September, the CEO of the cybersecurity firm Security Discovery, Bob Diachenko, acknowledged a security leak that exposed countless usernames and passwords. While the affected database has now been properly secured, over 3.8 billion user records were accessible to anyone during the period while it was left online. Interestingly enough, the leaked email addresses and passwords actually originated from previous data breaches. A company called DarkBeam had collected this information to notify its customers about potential future breaches yet failed to keep their data secure. This leak emphasizes the dangers of password reuse, as cybercriminals may attempt to use the exposed usernames and passwords across various sites. If you were affected by the breach, you should absolutely change your passwords to a strong, complex alternative. Additionally, enabling multi-factor authentication (MFA) for your accounts could prevent your accounts from being hijacked.
Contact SWK Today
Like clockwork, we see constant examples of hackers successfully breaching into networks for their own personal gain. Data leaks might have become commonplace, but taking precautions, such as changing passwords and enabling MFA, can reduce the risk of accounts being taken over by hackers. To learn more about how you can protect yourself, and your business, contact SWK today and hear from our team of experts.