TracWrap: Change Healthcare Breach, BlackCat Ransom, Increasing AI Threats, and More!

This week’s TrapWrap recap:?

• Change Healthcare breach still wreaking havoc on the healthcare industry and patients. ????
• BlackCat receives $22 million payment, then goes dark.????
• Apple reveals two zero-day vulnerabilities.???
• Dan DeCloss discusses AI threats and trends to look out for in 2024.????
• PlexTrac introduces “Priorities” feature for risk quantification.???
• PlexTrac adds 25,000+ findings writeups to its already extensive content library. ?

In the News?

A Wakeup Call for the Healthcare Industry: Breach of UnitedHealth Group (Change Healthcare)

It’s been over three weeks since UnitedHealth Group (Change Healthcare) was breached, and customers are still experiencing the negative implications of the system outages. Change Healthcare, which processes over 15 billion transactions a year, was hacked by ALPHV/BlackCat – the same group of cybercriminals responsible for the attack on MGM Resorts last year. As a result of the breach, systems are still down, causing many customers to make the difficult decision between paying for medications out of pocket or going without.?

What's more? There's talk that Change Healthcare made a $22 million extortion payment to BlackCat. The payment, however, did not go the way Change Healthcare planned. BlackCat still has the sensitive data they were paid to destroy.

Is this the wake-up call the healthcare industry needs to set stricter regulations and more robust security measures? And what are your thoughts on the $22M payout??

Leave your comments below. >>

A Few Bad Apples??Apple Reveals Exploited Zero-Day Vulnerability?

If you haven’t updated your Apple products, take a moment and do so. Apple just uncovered two exploited vulnerabilities, a memory corruption issue in Kernel (CVE-2024-23225) and a memory corruption issue in RTKit real-time operating system (CVE-2024-23296).?

Although this isn’t necessarily “hot cyber news” it makes you stop and think. For those of you in the security space, we’re so busy ensuring that our organization or clients are secure, but do you find yourself taking the time to ensure that your personal devices are safe??

Reply “yes” or “no” in the comments section. >>

Founders Corner?

AI Threats to Cybersecurity in 2024

Our founder, Daniel DeCloss , has been working on a three-part series around the top AI threats to cybersecurity in 2024. In part 1, Dan predicts an increase in the quantity and speed of cyberattacks as a result of generative AI.?

“Businesses were already operating at a deficit in resources compared to threat actors. AI is only widening the gap. Time and money were always on the side of the black hats and AI is making it quicker and cheaper to deploy advanced attacks at scale. Attackers can use AI to create additional payloads faster and can utilize machine speed to determine attack paths and adapt to a target environment at scale. This decreases dwell time on behalf of the attacker which reduces their footprint and shortens their window for detection.”?

Check Out Blog >>

Company Highlights?

Introducing PlexTrac Priorities for Proactive Risk Quantification

We recently introduced PlexTrac Priorities, the industry’s first configurable contextual scoring engine that empowers security service providers and enterprises to:

• Prioritize risks based on real impact — Ditch generic scoring and tailor it to your unique risk tolerance or industry-specific needs.
• Automate workflows — Streamline processes from assessment to remediation for maximum efficiency.
• Identify underlying issues — Unearth patterns in your data to prevent future vulnerabilities from recurring.
• Demonstrate value from your continuous validation efforts — Prove the effectiveness of your security program with continuous risk reduction.

See it in Action >>

25,000+ Writeups Added to Content Library

We have recently added new? Common Vulnerabilities and Exposures (CVEs), Common Weakness Enumerations (CWEs), and Known Exploited Vulnerabilities (KEVs) writeups to our already extensive Content Library to help you enrich your findings with guidance on vulnerabilities or flaws, the level of exposure, and remediation steps. These new additions bring the total available writeups to over 25,000 – more than any other pentest reporting automation platform.?

Read the Announcement >>

Meet the New PlexTrac

We’ve not only updated our look, we’ve also enhanced the user experience on our website, added new product features to help you conquer the last mile of continuous validation, and reworked our pricing structure.?

In other words, PlexTrac now has something for everyone. Whether you’re a small-scale MSSP looking to expand, or a Fortune 100 company with an in-house security team, we have a package to meet your unique needs.?

Get a Custom Quote >>

Where to Find Us

Nullcon?

March 14-15 | Berlin, Germany

BSides Lancashire

March 27 | Lancashire, UK

BSides San Diego

March 30 | San Diego, CA

See where PlexTrac will be next >>

Community Spotlight:?

• Mandiant (part of Google Cloud) experts outline critical steps that organizations can take in light of the unprecedented growth in zero-day incidents. https://lnkd.in/e3VJz8MK
• Echelon Risk + Cyber explores challenges in legacy identity structures and discovers practical approaches for continuous verification. https://lnkd.in/e7iqfeZX
• Dragos, Inc. CEO Robert M. Lee is now hosting a town hall to talk about the changing cyber threat landscape and the importance of government-industry collaboration in safeguarding critical infrastructure. https://hubs.la/Q02nrpcz0

Helpful Resources

? View Customer Testimonials

? Request a Demo

? Get a Quote