A recent report from Sophos has highlighted significant updates to the Poortry/BurntCigar toolkit, a tool used by ransomware groups to compromise endpoint protection software. Originally identified for terminating endpoint detection and response (EDR) processes, the toolkit now has the capability to completely wipe EDR software from systems. The toolkit uses a malicious kernel driver and loader, heavily obfuscated to evade detection, and it has been utilized by ransomware gangs such as Cuba, BlackCat, and LockBit. Following Microsoft's closure of a loophole allowing custom kernel-level driver signing, developers have adapted by using methods like Signature Timestamp Forging and obtaining valid leaked certificates. These adaptations have enabled the toolkit to function akin to a rootkit, enhancing its evasion capabilities and making it a more formidable threat to IT defenses.

Tool used by ransomware groups now seen killing EDR: Report CSO Online

In his article, Jon Oltsik outlines "5 Best Practices for Running a Successful Threat-Informed Defense in Cybersecurity," emphasizing the importance of tailoring cybersecurity strategies to specific threats. He discusses the need for establishing a threat intelligence lifecycle, using threat intelligence for exposure management, driving detection engineering, promoting threat hunting, and pursuing continuous testing. These practices involve continuous improvement and alignment of resources to manage vulnerabilities effectively, write and refine detection rules, automate compromise detection, and conduct ongoing testing to identify gaps in defenses. Oltsik highlights that while challenging, adopting a threat-informed defense can lead to improved security efficacy and organizational efficiency.

5 best practices for running a successful threat-informed defense in cybersecurity publication

Academic health systems in the U.S. are increasingly acquiring rural and community hospitals to address financial challenges and maintain care access. Strategic partnerships offer smaller organizations sustainability while benefiting academic systems’ goals. MyMichigan Health, for example, recently acquired three hospitals from Ascension. CEO Lydia Watson emphasizes cultural alignment and strategic growth over scale, considering factors like clinical quality, financial stability, community benefits, and leadership fit. UCSF Health similarly acquired two hospitals from Dignity Health for $100 million, with CEO Suresh Gunasekaran highlighting vision alignment, academic mission, and workforce commitment as crucial factors in partnerships. Both health systems focus on strategic acquisitions to enhance care quality and community services.

The right time to grow, per 2 CEOs Becker's Hospital Review

The article discusses the mixed reactions of healthcare professionals towards the integration of artificial intelligence (AI) in healthcare, with some showing eagerness while others express hesitation. Sarah M. Worthy, CEO of DoorSpace, highlights that while AI may not soon replace clinicians, it should be used to assist healthcare workers by reducing administrative burdens, thus enhancing productivity and reducing costs. Worthy emphasizes the need for ethical AI with proper safeguards and suggests focusing AI applications on operational improvements rather than direct patient care. She also highlights successful AI uses in radiology and as a scribing tool in clinical settings, suggesting that AI can enhance, but not replace, the roles of medical professionals.

Slow down AI adoption, one tech CEO cautions Healthcare IT News