Microsoft Issues Patch Against Hack Described as Low Complexity, High Risk

By Kim S. Nash

Welcome back. Microsoft released an urgent fix for bug in Windows Server that a prior update didn't completely mitigate.

The vulnerability could let attackers get the ability to execute code remotely, the U.S. Cybersecurity and Infrastructure Security Agency said. CISA "strongly urges" businesses and other organizations to apply the patch.

In its advisory, Microsoft called the attack one of low complexity that doesn't require user interaction.

More news below.

‏‏‎ ‎

CONTENT FROM: ZSCALER

Why CIOs Are Adopting A Cafe-like Branch Architecture

Ransomware attacks often start with one compromised user — a single user in a branch can infect everything on your network. This is facilitated by an underlying design principle of MPLS and SD-WAN — lateral movement. Zscaler CEO Jay Chaudhry explains why CIOs are embracing cafe-like branches to stop ransomware, increase business agility and reduce cost.

It’s time to embrace cafe-like branches

More Cyber News

PHOTO: NHAC NGUYEN/AFP/GETTY IMAGES

The United Nations signed a cybersecurity treaty at a meeting in Vietnam over the weekend that would smooth cooperation among nations pursuing hackers. Tech firms have criticized the U.N. Cybercrime Convention, which must be ratified by member states, as potentially leading to governments helping each other to surveil internet users. (Reuters)

Downgraded: The Canadian city of Hamilton, Ontario, saw its credit rating downgraded by S&P Global, which in part cited a 2024 ransomware attack. The hack disabled 80% of the city's tech infrastructure and forced a delay in filing required financial reports. (Bay Observer)

The incident has cost Hamilton at least $13 million. The city's cyber insurer denied a claim for reimbursement.

Baltimore-based LifeBridge Health is notifying an unspecified number of patients that their personal and medical data was compromised in a January hack of the Oracle electronic health record system. (Becker's Hospital Review)

LifeBridge noted that its own tech systems weren't attacked. "We regret any concern that Oracle Health’s incident may cause our patients and continue to review and assess the cybersecurity protections of our third-party vendors," the healthcare provider said.

Underinsured: The hack of carmaker Jaguar Land Rover shows that the U.K. lacks adequate cyber insurance to mitigate risks from a systemic cyberattack, the head of regulator Financial Conduct Authority said. (Insurance Times)

The Cyber Monitoring Centre, a nonprofit that studies cyberattacks, said the incident has cost the U.K. economy about $2.5 billion.

13,234

Number of patients and families Treasure Coast Hospice is notifying of a data breach that exposed their personal, medical, financial and health insurance information. The company, which runs three hospice centers in Florida, first learned of the email-compromise incident in September 2024.

Careers & Talent

Daniel Parsons joined television-station giant E.W. Scripps as CISO. Previously Parsons served as vice president of cyber defense at NBCUniversal.

Gregg Cottage expanded his role as chief information officer to include CISO at manufacturer NN Inc., reporting to CFO Chris Bohnert.

About Us

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten, James Rundle and Catherine Stupp. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.

Unsubscribe |

Newsletters & Alerts |

Privacy Notice |

Cookie Notice

Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.