Google is nearing a $23 billion acquisition deal for Wiz, a cybersecurity startup. This move signifies Google's intention to expand its cybersecurity capabilities and highlights the growing emphasis on protecting digital assets amid increasing threats. The acquisition aligns with the tech giant's strategic focus on enhancing security measures for its cloud services and enterprise clients.

Google Near $23 Billion Deal for Cybersecurity Startup Wiz Wall Street Journal

AT&T reported a cyberattack on its Snowflake environment that compromised data of nearly all of its wireless customers, affecting approximately 110 million individuals. The breach included records of customers' calls and text messages over a six-month period ending October 31, 2022, and January 2, 2023, but did not expose the content of the communications or personal identifiers. However, it did include phone numbers, interaction counts, and call durations. The incident was part of a broader wave of attacks on Snowflake customers, exploiting stolen credentials from infostealer malware. AT&T detected the breach on April 19 and acted swiftly, involving cybersecurity experts and cooperating with law enforcement. The company has enhanced its cybersecurity measures and will notify affected customers, while the FBI and DOJ granted delays in disclosure due to national security concerns.

Massive Snowflake-linked attack exposes data on nearly 110M AT&T customers Cybersecurity Dive

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a report highlighting significant shortcomings in cybersecurity practices within a U.S. civilian executive branch agency. The report follows a 2023 red-teaming exercise where CISA employed tactics resembling those of nation-state threat actors and successfully compromised the agency's network, gaining access through a known Solaris vulnerability and phished Windows credentials. The red team remained undetected for a significant period, even managing to eavesdrop on the blue team's communications. Key recommendations from CISA include streamlining incident response, avoiding dependence on known indicators of compromise, and enhancing log monitoring and analysis for better attack comprehension and defense.

CISA sees red over government cybersecurity exercise scmagazine

**Healthcare Breaches and New Guidance**

The healthcare industry continues to face significant challenges in managing cyber risks, as evidenced by recent data breaches such as the unprecedented cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group. Despite existing regulatory frameworks like HIPAA and ample guidance from entities like HHS-OCR and NIST, healthcare organizations struggle to mitigate cyber threats due to factors such as misdelivery of information, misuse of privileges, and rapidly evolving technology landscapes. Recent guidance, including NIST's updated Resource Guide and HHS's cybersecurity strategy, aims to improve the sector's cybersecurity posture, but concerns remain about the adequacy and implementation of these measures in effectively managing cybersecurity risks.

Healthcare Breaches and New Guidance - The CPA Journal The CPA Journal

Google is nearing a $23 billion acquisition deal for Wiz, a cybersecurity startup. This move signifies Google's intention to expand its cybersecurity capabilities and highlights the growing emphasis on protecting digital assets amid increasing threats. The acquisition aligns with the tech giant's strategic focus on enhancing security measures for its cloud services and enterprise clients.

Google Near $23 Billion Deal for Cybersecurity Startup Wiz Wall Street Journal

AT&T reported a cyberattack on its Snowflake environment that compromised data of nearly all of its wireless customers, affecting approximately 110 million individuals. The breach included records of customers' calls and text messages over a six-month period ending October 31, 2022, and January 2, 2023, but did not expose the content of the communications or personal identifiers. However, it did include phone numbers, interaction counts, and call durations. The incident was part of a broader wave of attacks on Snowflake customers, exploiting stolen credentials from infostealer malware. AT&T detected the breach on April 19 and acted swiftly, involving cybersecurity experts and cooperating with law enforcement. The company has enhanced its cybersecurity measures and will notify affected customers, while the FBI and DOJ granted delays in disclosure due to national security concerns.

Massive Snowflake-linked attack exposes data on nearly 110M AT&T customers Cybersecurity Dive

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a report highlighting significant shortcomings in cybersecurity practices within a U.S. civilian executive branch agency. The report follows a 2023 red-teaming exercise where CISA employed tactics resembling those of nation-state threat actors and successfully compromised the agency's network, gaining access through a known Solaris vulnerability and phished Windows credentials. The red team remained undetected for a significant period, even managing to eavesdrop on the blue team's communications. Key recommendations from CISA include streamlining incident response, avoiding dependence on known indicators of compromise, and enhancing log monitoring and analysis for better attack comprehension and defense.

CISA sees red over government cybersecurity exercise scmagazine

**Healthcare Breaches and New Guidance**

The healthcare industry continues to face significant challenges in managing cyber risks, as evidenced by recent data breaches such as the unprecedented cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group. Despite existing regulatory frameworks like HIPAA and ample guidance from entities like HHS-OCR and NIST, healthcare organizations struggle to mitigate cyber threats due to factors such as misdelivery of information, misuse of privileges, and rapidly evolving technology landscapes. Recent guidance, including NIST's updated Resource Guide and HHS's cybersecurity strategy, aims to improve the sector's cybersecurity posture, but concerns remain about the adequacy and implementation of these measures in effectively managing cybersecurity risks.

Healthcare Breaches and New Guidance - The CPA Journal The CPA Journal