New HIPAA Cybersecurity Rules Pull No Punches | CISA: Third-Party Data Breach Limited to Treasury Dept.

Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it.

Follow Dark Reading:

January 09, 2025

LATEST SECURITY NEWS & COMMENTARY New HIPAA Cybersecurity Rules Pull No Punches Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it. CISA: Third-Party Data Breach Limited to Treasury Dept. The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company, just last week. Green Bay Packers' Online Pro Shop Sacked by Payment Skimmer Cyberattackers injected the NFL Wild Card team's online Pro Shop with malicious code to steal credit-card data from 8,500 fans. FireScam Android Spyware Campaign Poses 'Significant Threat Worldwide' A fake Telegram Premium app delivers information-stealing malware, in a prime example of the rising threat of adversaries leveraging everyday applications, researchers say. Thousands of BeyondTrust Systems Remain Exposed Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say -- though it's impossible to tell how many are still vulnerable. Pentagon Adds Chinese Gaming Giant Tencent to Federal Ban The sprawling social media and gaming platform says that being considered a Chinese military business must be a mistake. Unpatched Active Directory Flaw Can Crash Any Microsoft Server Windows servers are vulnerable to a dangerous LDAP vulnerability that could be used to crash multiple servers at once and should be patched immediately. Unconventional Cyberattacks Aim to Take Over PayPal Accounts Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them. Best Practices & Risks Considerations in LCNC and RPA Automation Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits. Cybercriminals Don't Care About National Cyber Policy We can't put defense on hold until Inauguration Day. MORE NEWS / MORE COMMENTARY HOT TOPICS Why Small Businesses Can't Rely Solely on AI to Combat Threats The growing complexity of cyber threats, paired with limited resources, makes it essential for companies to adopt a more comprehensive approach that combines human vigilance with AI's capabilities. IoT's Regulatory Reckoning Is Overdue New security regulations are more than compliance hurdles — they're opportunities to build better products, restore trust, and lead the next chapter of innovation. Name That Edge Toon: Greetings and Salutations Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card. MORE PRODUCTS & RELEASES Zivver Report Reveals Critical Challenges in Email Security for 2025 Trend Micro and Intel Innovate to Weed Out Covert Threats CrowdStrike Achieves FedRAMP Authorization for New Modules MORE PRODUCTS & RELEASES EDITORS' CHOICE In Appreciation: Amit Yoran, Tenable CEO, Passes Away Cybersecurity industry visionary and renowned executive Amit Yoran has passed away after an almost one-year battle with cancer. LATEST FROM THE EDGE New Docuseries Spotlights Hackers Who Shaped Cybersecurity "Where Warlocks Stay Up Late" project speaks to hackers who have played pivotal roles in shaping the field of cybersecurity. The video interviews are complemented by an encyclopedia and an anthropological map. LATEST FROM DR TECHNOLOGY Will AI Code Generators Overcome Their Insecurities This Year? In just two years, LLMs have become standard for developers — and non-developers — to generate code, but companies still need to improve security processes to reduce software vulnerabilities. LATEST FROM DR GLOBAL EagerBee Backdoor Takes Flight Against Mideast ISPs, Government Targets The malware, operated by China-backed cyberattackers, has been significantly fortified with new evasive and post-infection capabilities. WEBINARS The Artificial Future Trend Micro Security Predictions for 2025 Preventing Attackers From Wandering Through Your Enterprise Infrastructure View More Dark Reading Webinars >> WHITE PAPERS From security alert to action: Accelerating incident response with automated investigations Solution Brief: Introducing the runZero Platform The Definitive Guide to Container Security Top 10 CI/CD Security Risks: The Technical Guide Frost Radar: Cloud Security Posture Management, 2024 6 Key Requirements of Multicloud Security The State of Cloud Native Security Report 2024 View More White Papers >> FEATURED REPORTS Threat Hunting's Evolution: From On-Premises to the Cloud How Enterprises Secure Their Applications Effective Asset Management Is Critical to Enterprise Cybersecurity View More Dark Reading Reports >>

Dark Reading Weekly -- Published By Dark Reading Operated by TechTarget, Inc. and its subsidiaries, 275 Grove Street, Newton, Massachusetts, 02466 US To opt-out of any future Dark Reading Weekly Newsletter emails, please respond here. Thoughts about this newsletter? Give us feedback. Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our Privacy Statement.

© 2025 | TechTarget, Inc. | Privacy Statement | Terms & Conditions | Contact Us