Source: www.databreachtoday.com – Author: 1 What are the key elements of a successful healthcare identity security program? SailPoint healthcare experts Matthew Radcliffe and Rob Sebaugh detail what else look for to accelerate your business and improve your security posture. In an interview with ISMG, the two SailPoint executives discuss: Elements of a successful identity security […]

La entrada Healthcare Identity Security: What to Expect from Your Solution – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Tel Aviv-based firm emerged from stealth with $7 million seed funding led by TLV Partners with participation from SNR and angel investors.

The post Token Security Raises $7 Million Seed Funding for Machine-First Identity Security appeared first on SecurityWeek.

New York startup Oasis Security banks $35 million in a Series A extension round led by Accel, Cyberstarts, and Sequoia Capital.

The post Oasis Security Raises $35 Million to Tackle Non-Human Identity Management appeared first on SecurityWeek.

An Iranian cyber group known as Handala has asserted the breaching of Israel's radars and taking down the Iron Dome missile defense systems.  The Handala hacker group, notorious for its targeting of Israeli interests, allegedly infiltrated Israel's radar defenses and inundated Israeli citizens with text messages, marking a large-scale cyber intrusion. The group claimed to have penetrated the radar systems, issuing a dire warning through 500,000 text messages dispatched to Israeli citizens, indicating a limited window for Israel to rectify the breached systems. [caption id="attachment_62898" align="alignnone" width="660"] Source: Falcon Feeds on X[/caption] Within this attack, the group also claimed that it hacked the Iron Dome missile defense systems. As part of the evidence of their intrusion, Handala has shared screenshots of the hacking of Israeli radars.

Handala Hacker Group Claims Large-Scale Cyberattack on Israel

[caption id="attachment_62890" align="alignnone" width="1280"] Source: YourOpinion on X[/caption] Handala's cyberattack on Israel has been multifaceted, extending beyond the cyberattacks on the radar systems and the Iron Dome missile defense systems. Rada Electronics, a defense technology firm aligned with Israel's interests, reportedly fell victim to Handala's incursion, with leaked dashboard images purportedly confirming the breach.  The Cyber Express has reached out to Rada Electronics to verify the claims of this cyberattack. However, at the time of writing this, no official statement or response has been received. Furthermore, a service provider responsible for Israeli customer alerts and Israel's Cyber Security College allegedly experienced sizable data breaches, amounting to terabytes of compromised information. [caption id="attachment_62903" align="alignnone" width="484"] Source: Source: Falcon Feeds on X[/caption] The group's expression has been brazen, with messages explicitly targeting Israeli entities affiliated with the 8200 unit, emphasizing their vulnerability despite their purported expertise in cybersecurity. Such provocations serve to intensify the ongoing cyber conflict between Iran and Israel, with Handala positioning itself as a supporter challenging Israel's digital defenses. The Handala hacker group recently came into the spotlight as it represented support for Palestine against Israel. The threatening messages to Israeli citizens further show their intent to sow discord and undermine public confidence in Israel's security. Previously, the group claimed a cyberattack on the Viber instant messaging service, breaching and stealing over 740 GB of data from the company's servers. The group seems to be influenced by or based on the Palestinian resistance cartoon character Handala.

Who is the Handala Hacker Group?

Being a pro-Palestian group, the hackers behind the group took inspiration from Handala, a significant national emblem of the Palestinian people. The character of Handala was created by political cartoonist Naji al-Ali in 1969 and assumed its current form in 1973.  It embodies the spirit of Palestinian identity and resistance, often depicted in al-Ali's cartoons. Named after the Citrullus colocynthis plant native to Palestine, Handala symbolizes resilience, with deep roots and a bitter fruit that regrows when cut. Since al-Ali's assassination in 1987, Handala has remained a powerful symbol of Palestinian identity, prominently displayed on walls and buildings in the West Bank, Gaza, and Palestinian refugee camps. It has also gained traction as a tattoo and jewelry motif and has been adopted by movements like Boycott, Divestment and Sanctions, and the Iranian Green Movement — now the Handala hacker group. Handala's iconic posture, with its back turned and hands clasped behind reflects a rejection of imposed solutions and solidarity with the marginalized. The character, perpetually ten years old, signifies al-Ali's age when he left Palestine, embodying the hope of returning to a homeland.  Moreover, the inspired hacker group, similarly, claimed many such attacks to retain its identity as a supporter for Palestine. Although official Israeli sources have yet to confirm Handala's claims, security experts within Israel have expressed apprehension regarding the plausibility of Iranian cyberattacks targeting critical national infrastructure. 

Iran Attacks Israel With Missiles and Drones

The recent surge of drones and missiles directed towards Israel overnight on April 14 has raised a phase of tension and confrontation in the Middle East. Iran's attack on Israel, purportedly in retaliation to a suspected Israeli strike on the Iranian consulate in Damascus earlier this month, marks an escalation in the longstanding discord between the two nations. Iran's attack, comprising over 300 projectiles including drones and ballistic missiles, targeted various locations in Israel, albeit with minimal impact due to interception by Israeli defense systems. The Nevatim airbase was among the sites reportedly hit, allegedly in response to Israel's earlier strike on the Iranian consulate, reported The Times of Israel. Despite causing only minor structural damage, the attack highlights Iran's retaliatory position.  The airstrike on the Iranian consulate in Damascus, attributed to Israel, resulted in casualties including high-ranking Iranian officials, prompting vows of retribution from Iranian leadership. The ensuing regional instability has prompted concerns of a broader conflict, prompting calls from Israel's allies to prioritize de-escalation. Israel has responded defensively, emphasizing its successful interception of the majority of incoming projectiles while urging preparedness for any scenario. However, calls for restraint and de-escalation from Western allies, including the United States, highlights the urgency of avoiding further conflict. The immediate response from Israel's War Cabinet remains pending, with discussions ongoing regarding the timing and scope of potential retaliatory measures. Iran, on the other hand, has warned of retaliation should Israel pursue further attacks on its interests, suggesting a potential escalation of hostilities.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Digital security is about so much more than malware. That wasn’t always the case. 

When I started Malwarebytes more than 16 years ago, malware was the primary security concern—the annoying pop-ups, the fast-spreading viruses, the catastrophic worms—and throughout our company’s history, Malwarebytes routinely excelled against this threat. We caught malware that other vendors missed, and we pioneered malware detection methods beyond the signature-based industry standard.  

I’m proud of our success, but it wasn’t just our technology that got us here. It was our attitude.  

At Malwarebytes, we believe that everyone has the right to a secure digital life, no matter their budget, which is why our malware removal tool was free when it launched and remains free today. Our ad blocking tool, Browser Guard is also available to all without a charge. This was very much not the norm in cybersecurity, but I believe it was—and will always be—the right thing to do.  

Today, I am proud to add to our legacy of empowering individuals regardless of their wallet by releasing a new, free tool that better educates and prepares people for modern threats that abuse exposed data to target online identities. I’d like to welcome everyone to try our new Digital Footprint Portal.  

See your exposed data in our new Digital Footprint Portal.

By simply entering an email address, anyone can discover what information of theirs is available on the dark web to hackers, cybercriminals, and scammers. From our safe portal, everyday people can view past password breaches, active social media profiles, potential leaks of government ID info, and more.  

More than a decade ago, Malwarebytes revolutionized the antivirus industry by prioritizing the security of all individuals. Today, Malwarebytes is now also revolutionizing digital life protection by safeguarding the data that serves as the backbone of your identity, your privacy, your reputation, and your well-being online.  

Why data matters 

I can’t tell you how many times I’ve read that “data is the new oil” without reading any explanations as to why people should care.  

Here’s my attempt at clarifying the matter: Too much of our lives are put online without our control.  

Creating a social media account requires handing over your full name and birthdate. Completing any online shopping order requires detailing your address and credit card number. Getting approved for a mortgage requires the exchange of several documents that reveal your salary and your employer. Buying a plane ticket could necessitate your passport info. Messaging your doctor could involve sending a few photos that you’d like to keep private.  

As we know, a lot of this data is valuable to advertisers—this is what pundits focus on when they invoke the value of “oil” in discussing modern data collection—but this data is also valuable to an entirely separate group that has learned to abuse private information in novel and frightening ways: Cybercriminals.  

Long ago, cybercriminals would steal your username and password by fooling you with an urgently worded phishing email. Today, while this tactic is still being used, there’s a much easier path to data theft. Cybercriminals can simply buy your information on the dark web.  

That information can include credit card numbers—where the risk of financial fraud is obvious—and even more regulated forms of identity, like Social Security Numbers and passport info. Equipped with enough forms of “proof,” online thieves can fool a bank into routing your money elsewhere or trick a lender into opening a new line of credit in your name.  

Where the risk truly lies, however, is in fraudulent account access.  

If you’ve ever been involved in a company’s data breach (which is extremely likely), there’s a chance that the username and password that were associated with that data breach can be bought on the dark web for just pennies. Even though each data breach involves just one username and password for each account, cybercriminals know that many people frequently reuse passwords across multiple accounts. After illegally purchasing your login credentials that were exposed in one data breach, thieves will use those same credentials to try to log into more popular, sensitive online accounts, like your online banking, your email, and your social media.  

If any of these attempts at digital safe-cracking works, the potential for harm is enormous.  

With just your email login and password, cybercriminals can ransack photos that are stored in an associated cloud drive and use those for extortion. They can search for attachments that reveal credit card numbers, passport info, and ID cards and then use that information to fool a bank into letting them access your funds. They can pose as you in bogus emails and make fraudulent requests for money from your family and friends. They can even change your password and lock you out forever. 

This is the future of personal cybercrime, and as a company committed to stopping cyberthreats everywhere, we understand that we have a role to play in protecting people.  

We will always stop malware. We will always advise to create and use unique passwords and multifactor authentication. But today, we’re expanding our responsibility and helping you truly see the modern threats that could leverage your data.  

With the Digital Footprint Portal, who you are online is finally visible to you—not just cybercriminals. Use it today to understand where your data has been leaked, what passwords have been exposed, and how you can protect yourself online.  

Digitally safe 

Malwarebytes and the cybersecurity industry at large could not have predicted today’s most pressing threats against online identities and reputations, but that doesn’t mean we get to ignore them. The truth is that Malwarebytes was founded with a belief broader than anti-malware protection. Malwarebytes was founded to keep people safe.  

As cybercriminals change their tactics, as scammers needle their way onto online platforms, and as thieves steal and abuse the sensitive data that everyone places online, Malwarebytes will always stay one step ahead. The future isn’t about worms, viruses, Trojans, scams, pig butchering, or any other single scam. It’s about holistic digital life protection. We’re excited to help you get there.  

Sometimes the consequences of a stolen identity exceed anything you could have imagined.

Matthew David Keirans, a 58-year-old former hospital employee has pleaded guilty to assuming another man’s identity since 1988. He was convicted of one count of making a false statement to a National Credit Union Administration insured institution and one count of aggravated identity theft.

The man whose identity he assumed—William Donald Woods—and Keirans worked together in 1988 at a hot dog cart in Albuquerque.

Keirans was wanted for theft, so he used Woods’ identity “in every aspect of his life,” including obtaining employment, insurance and official documents, and even paying taxes under Wood’s name, according to a plea agreement signed by Keirans. He even fathered a child, whose last name is Woods.

In 1990, Keirans obtained a fraudulent Colorado identification card with Woods’ name and birthday. He used the ID to get a job at a fast-food restaurant and to get a Colorado bank account. He bought a car for $600 in 1991, using Wood’s name, with two $300 checks that bounced.

It wasn’t the first time Keirans had committed car theft. When he was 16, he stole a car after running away from his adoptive parents’ home in San Francisco.

In 2012, Keirans fraudulently acquired a copy of Woods’ birth certificate from the state of Kentucky using information he found about Woods’ family on Ancestry.com.

Under the assumed identity, Keirans also worked as a systems architect for the University of Iowa Hospital where he was fired for misconduct related to the identity theft investigation.

Meanwhile, the real William Woods was homeless and living in Los Angeles, when he discovered that someone was using his credit and had accumulated a lot of debt. Woods didn’t want to pay the debt and so went after the account numbers for any accounts he had open so he could close them. He handed a bank employee his real Social Security card and an authentic California Identification card, which matched the information the bank had on file. But because there was a large amount of money in the accounts, the bank employee asked Woods a series of security questions that he was unable to answer.

At that point, the bank employee called Keirans, whose phone number was associated with the accounts. He was able to answer the security questions correctly and stated that no one in California should have access to the accounts.

So, the bank employee called the police and after an investigation, the real Woods was arrested and charged with identity theft and false impersonation, under a misspelling of Keirans’ name: Matthew Kierans.

Because Woods refused to give up his own identity, a judge ruled in February 2020 that he was not mentally competent to stand trial and he was sent to a mental hospital in California, where he received psychotropic medication and other mental health treatment.

For legal reasons, Woods pleaded no contest to the identity theft charges—meaning he accepted the conviction but did not admit guilt—and was sentenced to two years imprisonment with credit for the two years he already served in the county jail and the hospital and was released.

But he didn’t give up his fight for his identity even though the judge ordered him to stop using the name William Woods. He attempted to regain his identity by filing customer disputes with financial organizations to clear his credit report.

It wasn’t until a police detective tested Woods’ biological father’s DNA against Woods’ DNA. Both men had the same birth certificate with the father’s name on it. The DNA test proved Woods was the man’s son. During a follow-up interview Keirans made a mistake and eventually confessed to the prolonged identity theft, according to court documents.

Keirans was indicted on five counts of making a false statement to a National Credit Union Administration insured institution and two counts of aggravated identity theft. He pleaded guilty to one count of each charge, and the other counts were dropped.

A sentence ruling has not yet been scheduled. Keirans is currently in the custody of the US Marshals Service, according to a news release about his plea.

---

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection