/ en Fri, 25 Apr 2025 13:41:43 -0500 Fri, 25 Apr 25 10:35:29 -0500 /cybersecurity <p>AHA can help hospitals and health systems prepare for and mitigate cyber threats with John Riggi, a recognized expert, as a powerful resource.</p> Thu, 01 Feb 2024 09:32:19 -0600 Cybersecurity /cybersecurity-government-intelligence-reports/2022-12-13-tlp-white-nsa-apt5-citrix-adc-threat-hunting-guidance-december-2022 <h2>Executive summary</h2><p>APT5 has demonstrated capabilities against Citrix® Application Delivery Controller™ (ADC™) deployments (“Citrix ADCs”). Targeting Citrix ADCs can facilitate illegitimate access to targeted organizations by bypassing normal authentication controls. As such, NSA, in collaboration with partners, has developed this threat hunting guidance to provide steps organizations can take to look for possible artifacts of this type of activity. Please note that this guidance does not represent all techniques, tactics, or procedures (TTPs) the actors may use when targeting these environments. This activity has been attributed to APT5, also known as UNC2630 and MANGANESE.</p><h2>Introduction</h2><p>NSA recommends organizations hosting Citrix ADC environments take the following steps as part of their investigation. Treat these detection mechanisms as independent ways of identifying potentially malicious activity on impacted systems. Artifacts may vary based on the environment and the stage of that activity. As such, NSA recommends investigating any positive result even if other detections return no findings.</p> Tue, 13 Dec 2022 11:06:06 -0600 Cybersecurity <div class="container row"><div class="row"><div class="col-md-8"><p><strong>Today’s Headlines:</strong></p><p><strong>Leading Story </strong></p><ul><li>Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely</li></ul><p><strong>Data Breaches & Data Leaks  </strong></p><ul><li>Cyberattacks Hit Health Sector Firms, Exposing Data of Over 236,000 People</li></ul><p><strong>Cyber Crimes & Incidents </strong></p><ul><li>Threat Actors Leverage TAG-124 Infrastructure to Deliver Malicious Payloads</li></ul><p><strong>Vulnerabilities & Exploits  </strong></p><ul><li>NVIDIA NeMo Vulnerability Enables Remote Exploits</li></ul><p><strong>Trends & Reports </strong></p><ul><li>AI-Powered Polymorphic Phishing Is Changing The Threat Landscape</li></ul><p><strong>Privacy, Legal & Regulatory </strong></p><ul><li>Georgia, New York Residents Sue Over Cleveland, Tennessee, Debt Collections Agency Data Breach</li></ul><p><strong>Upcoming Health-ISAC Events </strong></p><ul><li>Global Monthly Threat Brief  <br>o    Americas – April 29, 2025, 12:00-01:00 PM ET<br>o    European – April 30, 2025, 03:00-04:00 PM CET<br> </li></ul></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Fri, 25 Apr 2025 10:35:29 -0500 Cybersecurity <div class="container row"><div class="row"><div class="col-md-8"><p>The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross-referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspectives of victims and ongoing discussions occurring in those forums.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Fri, 25 Apr 2025 09:57:54 -0500 Cybersecurity <div class="container row"><div class="row"><div class="col-md-8"><p>The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross-referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspectives of victims and ongoing discussions occurring in those forums.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Wed, 23 Apr 2025 08:22:25 -0500 Cybersecurity <div class="container row"><div class="row"><div class="col-md-8"><p>Today’s Headlines:</p><p>Leading Story <br>•    State-Sponsored Threat Actors Embrace ClickFix Social Engineering Tactic<br><br>Data Breaches & Data Leaks  <br>•    Events Giant Legends International Breached<br><br>Cyber Crimes & Incidents <br>•    Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader<br><br>Vulnerabilities & Exploits  <br>•    Critical AnythingLLM Vulnerability Exposes Systems to Remote Code Execution<br>•    Asus Warns of Critical Auth Bypass Flaw in Routers Using AiCloud<br><br>Trends & Reports <br>•    Defending Against Web API Exploitation With Modern Detection Strategies<br><br>Privacy, Legal & Regulatory <br>•    Threat Actor Accused of Breaching U.S. and Israeli Firms, Selling Argentine Company Data Stands Trial in Azerbaijan<br> <br>Upcoming Health-ISAC Events <br>•    Global Monthly Threat Brief  <br>o    Americas – April 29, 2025, 12:00-01:00 PM ET<br>o    European – April 30, 2025, 03:00-04:00 PM CET<br> </p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Mon, 21 Apr 2025 10:17:54 -0500 Cybersecurity /h-isac-green-reports/2025-04-21-h-isac-tlp-green-ransomware-data-leak-sites-report-april-21-2025 <div class="container row"><div class="row"><div class="col-md-8"><p>The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross-referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspectives of victims and ongoing discussions occurring in those forums.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Mon, 21 Apr 2025 08:32:25 -0500 Cybersecurity <div class="container row"><div class="row"><div class="col-md-8"><p>The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross-referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspectives of victims and ongoing discussions occurring in those forums.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Fri, 18 Apr 2025 08:19:35 -0500 Cybersecurity /news/headline/2025-04-17-cisa-releases-guidance-following-reported-legacy-oracle-cloud-breach <p>The Cybersecurity and Infrastructure Security Agency April 17 released <a href="https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-releases-guidance-credential-risks-associated-potential-legacy-oracle-cloud-compromise">guidance</a> to reduce risks associated with a reported breach of Oracle cloud services. CISA said the scope and impact of the breach is unconfirmed and that credentials may be exposed that could be reused across unaffiliated systems or embedded. The guidance lists recommendations for organizations and individual users to mitigate the risk of potential compromise. <br> <br>“This alert not only contains practical guidance to mitigate the potential breach related to Oracle but also provides valuable guidance and best practices for general cloud security,” said John Riggi, AHA national advisor for cybersecurity and risk. “Generally speaking, we continue to see that most of the cyber risk exposure that hospitals and health systems face originates from insecure third-party technologies, service providers and the supply chain. It is vitally important for mission-critical third parties to share timely threat intelligence and adversary tactics with the federal government and affected clients. This is necessary to prevent potential cyberattacks, which could compromise sensitive data and risk patient safety.” <br> <br>For more information on this or other cyber and risk issues, contact Riggi at <a href="mailto:jriggi@aha.org" target="_blank">jriggi@aha.org</a>. For the latest cyber and risk resources and threat intelligence, visit <a href="/cybersecurity?utm_source=newsletter&utm_medium=email&utm_campaign=aha-today" target="_blank">aha.org/cybersecurity</a>. </p> Thu, 17 Apr 2025 14:53:41 -0500 Cybersecurity <div class="container row"><div class="row"><div class="col-md-8"><p><strong><u>Today’s Headlines:</u></strong></p><p><strong>Leading Story</strong></p><ul><li>CISA Extends Funding to Ensure No Lapse in Critical CVE Services</li></ul><p><strong>Data Breaches & Data Leaks </strong></p><ul><li>Hertz Data Breach Exposes Customer Personal Information to Threat Actors</li></ul><p><strong>Cyber Crimes & Incidents</strong></p><ul><li>Midnight Blizzard Deploys New GrapeLoader Malware in Embassy Phishing</li></ul><p><strong>Vulnerabilities & Exploits</strong>  </p><ul><li>Threat Actors Exploiting NTLM Spoofing Vulnerability in Wild to Compromise Systems</li><li>Oracle Patches 180 Vulnerabilities With April 2025 CPU</li></ul><p><strong>Trends & Reports</strong></p><ul><li>Many Mobile Apps Fail Basic Security - Posing Serious Risks to Enterprises</li><li>Over 16,000 Fortinet Devices Compromised With Symlink Backdoor</li></ul><p><strong>Privacy, Legal & Regulatory</strong></p><ul><li>Nothing to Report</li></ul><p><strong>Upcoming Health-ISAC Events</strong></p><ul><li>Global Monthly Threat Brief   <ul><li>Americas – April 29, 2025, 12:00-01:00 PM ET</li><li>European – April 30, 2025, 03:00-04:00 PM CET</li></ul></li></ul></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Thu, 17 Apr 2025 11:08:29 -0500 Cybersecurity