/ en Sat, 14 Jun 2025 13:42:51 -0500 Fri, 13 Jun 25 00:22:36 -0500 /cybersecurity <p>AHA can help hospitals and health systems prepare for and mitigate cyber threats with John Riggi, a recognized expert, as a powerful resource.</p> Thu, 01 Feb 2024 09:32:19 -0600 Cybersecurity /cybersecurity-government-intelligence-reports/2022-12-13-tlp-white-nsa-apt5-citrix-adc-threat-hunting-guidance-december-2022 <h2>Executive summary</h2><p>APT5 has demonstrated capabilities against Citrix® Application Delivery Controller™ (ADC™) deployments (“Citrix ADCs”). Targeting Citrix ADCs can facilitate illegitimate access to targeted organizations by bypassing normal authentication controls. As such, NSA, in collaboration with partners, has developed this threat hunting guidance to provide steps organizations can take to look for possible artifacts of this type of activity. Please note that this guidance does not represent all techniques, tactics, or procedures (TTPs) the actors may use when targeting these environments. This activity has been attributed to APT5, also known as UNC2630 and MANGANESE.</p><h2>Introduction</h2><p>NSA recommends organizations hosting Citrix ADC environments take the following steps as part of their investigation. Treat these detection mechanisms as independent ways of identifying potentially malicious activity on impacted systems. Artifacts may vary based on the environment and the stage of that activity. As such, NSA recommends investigating any positive result even if other detections return no findings.</p> Tue, 13 Dec 2022 11:06:06 -0600 Cybersecurity /center/cybersecurity-and-risk-advisory-services/preferred-cybersecurity/bringing-value/ep10_identity_first_security Fri, 13 Jun 2025 00:22:36 -0500 Cybersecurity <div class="container row"><div class="row"><div class="col-md-8"><p><strong>Today’s Headlines:   </strong></p><p><strong>Leading Story</strong></p><ul><li>Critical Salesforce Vulnerability Exposes Global Users to SOQL Injection Attacks</li></ul><p><strong>Data Breaches & Data Leaks </strong></p><ul><li>Drivers’ Data Compromised in TxDOT Data Breach of Nearly 300,000 Crash Reports</li><li>Arkana Ransomware Group Allegedly Claims Breach of Ticketmaster Databases</li></ul><p><strong>Cyber Crimes & Incidents</strong></p><ul><li>Grocery Wholesale Giant United Natural Foods Hit by Cyberattack</li><li>Malicious Browser Extensions Infect Over 700 Users Across Latin America Since Early 2025</li></ul><p><strong>Vulnerabilities & Exploits</strong>  </p><ul><li>Multiple QNAP Flaws Allow Remote Attackers to Hijack User Accounts</li></ul><p><strong>Trends & Reports</strong></p><ul><li>Global Cyberattacks Rise Sharply, Supply Chains Most Vulnerable</li><li>Second Quarter Phishing Report: The Latest Scams Exploiting Human Trust</li></ul><p><strong>Privacy, Legal & Regulatory</strong></p><ul><li>Australian Threat Actor Sentenced In May, Arrested by HSI Denver Faces Deportation</li></ul><p><strong>Upcoming Health-ISAC Events</strong></p><ul><li>Global Monthly Threat Brief<ul><li>Americas - June 24, 2025, 12:00-01:00 PM ET</li><li>European – June 25, 2025, 03:00-04:00 PM CET</li></ul></li></ul><p>View the detailed report below. </p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Tue, 10 Jun 2025 08:32:02 -0500 Cybersecurity <div class="container row"><div class="row"><div class="col-md-8"><p>The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross-referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspectives of victims and ongoing discussions occurring in those forums.</p><p>View the detailed report below.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Tue, 10 Jun 2025 08:24:28 -0500 Cybersecurity <div class="container row"><div class="row"><div class="col-md-8"><p>The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross-referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspectives of victims and ongoing discussions occurring in those forums.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div><p> </p> Mon, 09 Jun 2025 11:53:00 -0500 Cybersecurity <div class="container row"><div class="row"><div class="col-md-8"><p><strong>Today’s Headlines: </strong></p><p><strong>Leading Story</strong></p><ul><li>Honeywell Community Intelligence Reveals Ransomware Surge in Manufacturing, Healthcare; Rising Attacks in Agriculture and Food Sectors</li></ul><p><strong>Data Breaches & Data Leaks  </strong></p><ul><li>Largest Data Leak Ever Exposes Over 4 Billion User Records</li><li>Lee Enterprises Says 40,000 Hit by Ransomware-Caused Data Breach </li></ul><p><strong>Cyber Crimes & Incidents</strong></p><ul><li>Paste.ee Turned Cyber Weapon: XWorm and AsyncRAT Delivered by Malicious Actors </li></ul><p><strong>Vulnerabilities & Exploits  </strong></p><ul><li>Critical RCE Flaw Found in HPE Insight Remote Support Tool</li><li>CISA Warns of Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code </li></ul><p><strong>Trends & Reports</strong></p><ul><li>830 Organizations Breached via Glitch-Hosted Phishing Attack Using Telegram & Fake CAPTCHAs</li><li>Honeywell Community Intelligence Reveals Ransomware Surge in Manufacturing, Healthcare; Rising Attacks in Agriculture and Food Sectors </li></ul><p><strong>Privacy, Legal & Regulatory</strong></p><ul><li>US Offering $10 Million Reward for RedLine Malware Developer</li><li>Oklahoma Expands its Security Breach Notification Law </li></ul><p><strong>Upcoming Health-ISAC Events</strong></p><ul><li>Global Monthly Threat Brief<ul><li>Americas - June 24, 2025, 12:00-01:00 PM ET</li><li>European – June 25, 2025, 03:00-04:00 PM CET</li></ul></li></ul></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Mon, 09 Jun 2025 11:33:28 -0500 Cybersecurity /h-isac-white-reports/2025-06-06-h-isac-tlp-white-hacking-healthcare-weekly-blog-june-6-2025 <div class="container row"><div class="row"><div class="col-md-8"><p>This week, Health-ISAC®'s Hacking Healthcare® examines where things stand several months into the Trump Administration's term regarding healthcare and cybersecurity. This edition of Hacking Healthcare will recap some of the significant developments from the beginning of Trump’s term to Thursday’s confirmation hearings, and then will assess what we might expect to see happen next.</p><p>View the detailed report below.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Fri, 06 Jun 2025 15:15:37 -0500 Cybersecurity <div class="container row"><div class="row"><div class="col-md-8"><p><strong>Leading Story</strong></p><ul><li>Threat Actors Leak 86 Million AT&T Records with Decrypted SSNs </li></ul><p><strong>Data Breaches & Data Leaks  </strong></p><ul><li>Odoo Employee Database Allegedly Exposed and Put Up For Sale on Dark Web </li></ul><p><strong>Cyber Crimes & Incidents</strong></p><ul><li>Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App</li><li>TA397 Threat Actors Exploit Scheduled Tasks to Deploy Malware on Targeted Systems </li></ul><p><strong>Vulnerabilities & Exploits  </strong></p><ul><li>Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI</li><li>Critical Dell PowerScale Vulnerability Allows Attackers Unauthorized Access to Filesystem </li></ul><p><strong>Trends & Reports</strong></p><ul><li>Exploitation Trends Underscore the Need for Layered Cybersecurity</li><li>FBI Aware of 900 Organizations Hit by Play Ransomware </li></ul><p><strong>Privacy, Legal & Regulatory</strong></p><ul><li>California Man Pleads Guilty to Accessing Disney Employee’s Computer</li><li>Men Who Breached Law Enforcement Database for Doxing Sentenced to Prison (TD)</li></ul><p>Upcoming Health-ISAC Events</p><ul><li>Global Monthly Threat Brief<ul><li>Americas - June 24, 2025, 12:00-01:00 PM ET</li><li>European – June 25, 2025, 03:00-04:00 PM CET</li></ul></li></ul></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Fri, 06 Jun 2025 08:05:32 -0500 Cybersecurity /news/headline/2025-06-05-agencies-issue-advisory-updated-tactics-play-ransomware-group <p>The FBI, Cybersecurity and Infrastructure Security Agency and Australian Cyber Security Centre June 4 released an <a href="https://www.cisa.gov/sites/default/files/2025-06/aa23-352a-stopransomware-play-ransomware_2.pdf" target="_blank">advisory</a> on updated actions and tactics used by the Play ransomware group. The group, active since 2022, has impacted a wide range of businesses and critical infrastructure in North America, South America and Europe. As of May, the FBI was aware of about 900 victims allegedly exploited by the group’s efforts.</p><p>The threat actors are presumed to be a closed group, designed to “guarantee the secrecy of deals,” according to a statement on the group’s data leak website. They employ a double-extortion model that encrypts systems after exfiltrating data. Their ransom notes do not include an initial ransom demand or payment instructions. Instead, victims are instructed to contact the threat actors via email.</p><p>“Play ransomware was among the most active cyberthreat groups in 2024,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “This report highlights their evolving tactics, and health care cybersecurity teams should be aware of the changes.  As threat actors shift tactics, it is critical that network defenders keep pace. The double-layered extortion model and encryption of systems, as well as theft of data, pose a serious potential risk to hospitals and the delivery of health care.”</p><p>For more information on this or other cyber and risk issues, contact Gee at <a href="mailto:sgee@aha.org" target="_blank">sgee@aha.org</a>. For the latest cyber and risk resources and threat intelligence, visit <a href="/cybersecurity" target="_blank">aha.org/cybersecurity</a>.</p> Thu, 05 Jun 2025 15:04:55 -0500 Cybersecurity