Indian Pharmaceutical Company Investigates Security Incident

Data Breach Today

Reddy's Laboratories Says Plants in Four Countries Affected Dr. Reddy's Laboratories, a multinational pharmaceutical company based in India that's testing a COVID-19 vaccine, says it isolated its data center services Thursday following what it calls a "detected cyberattack

IAM's Role in the Pharmaceutical Sector

Data Breach Today

Sandy Dalal of Allergan on Achieving Security Stability Mergers and acquisitions, along with cloud adoption, are rapidly changing the pharmaceutical industry. Sandy Dalal of Allergan talks about how identity and access management, along with zero trust, are bringing security stability

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Pharmaceutical companies exploited by phishing scam targeting job seekers

IT Governance

Earlier this month, two major pharmaceutical giants issued warnings about phishing emails targeting job hunters. The post Pharmaceutical companies exploited by phishing scam targeting job seekers appeared first on IT Governance Blog. Cyber Security phishingGlaxoSmithKline and AstraZeneca say they are victims of recruitment scams, in which crooks create fake job adverts to obtain people’s personal and financial details.

ThreatList: Pharma Mobile Phishing Attacks Turn to Malware


After the breakout of the COVID-19 pandemic, mobile phishing attacks targeting pharmaceutical companies have shifted their focus from credential theft to malware delivery.

Healthcare Supply Chain Security: Updated Guidance

Data Breach Today

With the escalation of cyberattacks on the healthcare sector during the COVID-19 pandemic, supply chain partners need to strengthen their security controls and defenses, say Vishwas Gadgil of pharmaceutical firm Merck and Ed Gaudet of the consultancy Censinet.

Three COVID-19 Vaccine-Makers are Under Active Attack


Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says.

Pharmaceutical Company to Plead Guilty and Settle Drug Marketing Charges

Hunton Privacy

Recently, Aegerion Pharmaceuticals announced that it will enter into several settlements and plead guilty to two misdemeanors in connection with alleged violations of HIPAA, drug marketing regulations and securities laws. Aegerion will also pay $40 million to settle claims by the Department of Justice and Securities and Exchange Commission, and enter into a deferred prosecution agreement related to alleged violations of HIPAA.

Safeguarding COVID-19 Research, Other Intellectual Property

Data Breach Today

As cyberthreats to medical research on COVID-19 - and other intellectual property - grow, organzations must take critical steps to prevent the theft of their "innovation capital," says Russell Koste, chief security officer of Alexion Pharmaceuticals

Alert: APT Groups Targeting COVID-19 Researchers

Data Breach Today

are warning medical institutions, pharmaceutical companies, universities and others about "password-spraying campaigns" by advance persistent threat groups seeking to steal COVID-19 research data. Security experts outline defensive steps that organizations can take Password-Spraying' Campaigns Aimed at Stealing Research Data, US and UK Authorities Warn Authorities in the U.S. and U.K.

What’s new in OpenText Life Sciences Smart View 20.4

OpenText Information Management

With the shift to remote work environments, Life Sciences organizations need a way to provide their workers with secure and compliant access to highly regulated content that is stored on-premises.

The hidden threats facing your intellectual property

IT Governance

For life sciences and pharmaceutical companies, this includes data on the development and testing of new therapies and details of how therapies are manufactured. Most healthcare providers in the UK are required to comply with the NIS Regulations (The Network and Information Systems Regulations 2018) , which transposed the NIS Directive (Directive on security of network and information systems) into UK law in May 2018.

Business Process Modeling Use Cases and Definition


The visualization process can aid in an organization’s ability to understand the security risks associated with a particular process. This also extends to industry-specific other compliance mandates such as those in healthcare, pharmaceutical and the financial services industries. What is business process modeling (BPM)? A visual representation of what your business does and how it does it. Why is having this picture important?

Maintaining Regulatory-Compliant Cloud Solutions

Perficient Data & Analytics

But there are also several risks to consider, including physical and technical security, privacy and confidentiality, technical support, enhancements, application uptime/availability, vendor stability, and data mobility – the ability to extract data from the system.

Cloud 45

Google Yanks 106 ‘Malicious’ Chrome Extensions


Trojan Chrome browser extensions spied on users and maintained a foothold on the networks of financial services, oil and gas, media and entertainment, healthcare and pharmaceuticals and government organizations. Malware Privacy Vulnerabilities Web Security Awake Security chrome web store CommuniGal Communication domain Domain Registrar GalComm Google Chrome browser malware web browser

Key Takeaways About Compliant IT Systems In The Cloud

Perficient Data & Analytics

Key topics include: Physical security. Data security, privacy, and confidentiality. Cloud Data & Analytics Digital Transformation Integration & IT Modernization Life Sciences Operations Regulatory Compliance Strategy 21 CFR Part 11 clinical cloud compliance Data hosting IaaS medical device PaaS pharmaceutical Regulatory SaaS Software Systems technologyThis is the final post in our series on maintaining regulatory-compliant IT systems in the cloud.

Cloud 40

How To Qualify Cloud Vendors

Perficient Data & Analytics

Because the ultimate responsibility for regulatory compliance lies with you – the pharmaceutical or medical device company – you need to be much more proactive and critical. When qualifying a cloud vendor, be sure to evaluate their written procedures and the documented evidence that they follow their procedures in the following key areas: Security of the physical space, which houses the servers that host IaaS, PaaS, and/or SaaS products, even if that space is in a third-party data center.

Cloud 40

Chinese hackers stole info from Spanish centers working on Covid19 vaccine

Security Affairs

While pharmaceutical companies worldwide are working on the research of a vaccine for the ongoing COVID19 pandemic, threat actors are conducting cyber espionage campaigns in the attempt of stealing information on the work.

Google warned users of 33,015 nation-state attacks since January

Security Affairs

During the last summer, Google observed threat actors from China, Russia, and Iran targeting pharmaceutical companies and researchers involved in the development of a vaccine. . The post Google warned users of 33,015 nation-state attacks since January appeared first on Security Affairs.

Q&A: The drivers behind the stark rise — and security implications — of ‘memory attacks’

The Last Watchdog

Related: Memory hacking becomes a go-to tactic These attacks are referred to in the security community as “fileless attacks” or “memory attacks.” I had the chance at RSA 2019 to discuss memory hacking with Willy Leichter, vice president of marketing, and Shauntinez Jakab, director of product marketing, at Virsec , a San Jose-based supplier of advanced application security and memory protection technologies.

How To Use Contracts For Regulatory Compliance Of Cloud Systems

Perficient Data & Analytics

Security. What will the cloud vendor do to proactively protect security, and what will it do if security is breached in some way? This includes: physical security, cyber security (e.g., Cloud Data & Analytics Digital Transformation Integration & IT Modernization Life Sciences Operations Regulatory Compliance Strategy 21 CFR Part 11 clinical cloud compliance Data hosting IaaS medical device PaaS pharmaceutical Regulatory SaaS Software Systems technology

Three APT groups have targeted at least seven COVID-19 vaccine makers

Security Affairs

“The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States. The post Three APT groups have targeted at least seven COVID-19 vaccine makers appeared first on Security Affairs.

What does the future hold for the Life Sciences supply chain?

OpenText Information Management

The Life Sciences sector is facing a period of profound change and disruption.

Security in a World of Physically Capable Computers

Schneier on Security

Security is not a problem the market will solve. The primary reason computers are insecure is that most buyers aren't willing to pay -- in money, features, or time to market -- for security to be built into the products and services they want. We have accepted this tenuous situation because, for a very long time, computer security has mostly been about data. But the nature of how we use computers is changing, and that comes with greater security risks.

Coronavirus: Europol arrests man behind €6M face masks and hand sanitisers scam

Security Affairs

million by a European pharmaceutical company, a European State reported. “A European Member State reported to Europol that one of their pharmaceutical companies had been defrauded of €6.64 Once the pharmaceutical company transferred the funds to a bank in Singapore, the items were never delivered and the supplier became uncontactable.” The post Coronavirus: Europol arrests man behind €6M face masks and hand sanitisers scam appeared first on Security Affairs.

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Security Affairs

Targeted sectors include: Automotive Clothing Conglomerates Electronics Engineering General Trading Company Government Industrial Products Managed Service Providers Manufacturing Pharmaceutical Professional Services.

FIN11 gang started deploying ransomware to monetize its operations

Security Affairs

Since August, FIN11 started targeting organizations in many industries, including defense, energy, finance, healthcare, legal, pharmaceutical, telecommunications, technology, and transportation.

68% of Pharma Executives Have Had Credentials Breached Online

Adam Levin

The online credentials for 68% of pharmaceutical executives analyzed for a study have been compromised recently. The study, conducted by cybersecurity firm Blackcloak, found that the email accounts of over two-thirds of pharmaceutical executives had been compromised within the last five to ten years. Every day the executive brings their company home, where the security controls are nonexistent and weak ? Data Security Cybersecurity featured linkedin pharma

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense (DoD) released information on a RAT variant, dubbed TAIDOOR, used by China-linked hackers in cyber espionage campaigns targeting governments, corporations, and think tanks.

Information security and compliance training for the healthcare sector

IT Governance

Pharmacies, rehabilitation care, social care, medical research and pharmaceuticals all rely on this data being available to individuals delivering their services. To address the rising threat of data breaches across all sectors, new compliance requirements which aim to harmonise and improve data security practices. and healthcare must address the new DSP (Data Security and Protection) Toolkit. Healthcare Training GDPR Information security

Operation Pangea: Europol dismantles criminal gangs selling coronavirus medicine, surgical masks

Security Affairs

Below the operation in numbers reported by the Europol: 121 arrests; €13 million in potentially dangerous pharmaceuticals seized; 326 00 packages inspected; 48 000 packages seized; 4.4 The post Operation Pangea: Europol dismantles criminal gangs selling coronavirus medicine, surgical masks appeared first on Security Affairs. Operation Pangea is the name of a joint international operation lead by the Interpol that seized €13 million in counterfeit drugs for care. .

Hundreds of malicious Chrome browser extensions used to spy on you!

Security Affairs

Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. The malicious Chrome browser extensions were discovered by researchers from Awake Security that shared their findings with Google. ” reads the analysis published by Awake Security. appeared first on Security Affairs.

FBI warns US companies on the use of Chinese Tax Software

Security Affairs

“Compromise of the pharmaceutical supply chain provides malicious actors opportunities for theft of US intellectual property, while public disclosure can cause cascading effects including loss of public trust in both chemical and healthcare institutions.”

China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

Security Affairs

Victims operate in the Banking/Finance, Construction, Defense Industrial Base, Government, Healthcare, High Technology, Higher Education, Legal, Manufacturing, Media, Non-profit, Oil & Gas, Petrochemical, Pharmaceutical, Real Estate, Telecommunications, Transportation, Travel, and Utility. . The post China-linked APT41 group exploits Citrix, Cisco, Zoho flaws appeared first on Security Affairs.

New financially motivated attacks in Western Europe traced to Russian-speaking threat actors

Security Affairs

At least two companies operating in pharmaceutical and manufacturing sectors have been affected. If the latter are the ones to blame, this marks the first time the gang has launched the attacks against pharmaceutical and manufacturing companies and may indicate a significant shift in their modus operandi. . MainModule can be explained by the gang’s attempts to avoid detection as a result of being in the spotlight of security researchers for some time now.”

Europol seized 30,506 Internet domain names for IP Infringement

Security Affairs

some private security firms. “These included counterfeit pharmaceuticals and pirated movies , illegal television streaming, music, software, electronics, and other bogus products.” ” The domain names were involved in the sale of illegal or counterfeit products, including counterfeit pharmaceuticals and pirated movies, music, software, electronics, illegal television streaming, and other bogus products. .

Malvertising campaign exploits recently disclosed WordPress Plugin flaws

Security Affairs

Experts at Defiant, the company that developed the Wordfence security plugin for WordPress, uncovered a malvertising campaign that leverages recently disclosed plugin flaws to inject malicious code into websites. “The Defiant Threat Intelligence team has identified a malvertising campaign which is causing victims’ sites to display unwanted popup ads and redirect visitors to malicious destinations, including tech support scams, malicious Android APKs, and sketchy pharmaceutical ads.”

China-linked Winnti APT targets South Korean Gaming firm

Security Affairs

Security experts from QuoIntelligence (QuoINT) firm reported that China-linked Winnti cyberespionage group targets South Korean video gaming company Gravity. The APT group targeted organizations in various industries, including the aviation, gaming, pharmaceuticals, technology, telecoms, and software development industries. The post China-linked Winnti APT targets South Korean Gaming firm appeared first on Security Affairs.

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

CISA published a security advisory warning of a wave of attacks carried out by China-linked APT groups affiliated with China’s Ministry of State Security. ” reads the security advisory. Citrix blog post: security updates for Citrix SD-WAN WANOP release 10.2.6

Chronicle experts spotted a Linux variant of the Winnti backdoor

Security Affairs

Security researchers from Chronicle, Alphabet’s cyber-security division, have spotted a Linux variant of the Winnti backdoor. Security experts from Chronicle, the Alphabet’s cyber-security division, have discovered a Linux variant of the Winnti backdoor. Chronicle researchers while investigating the cyber attack that hit the Bayer pharmaceutical company in April.

Hackers target German Task Force for COVID-19 PPE procurement

Security Affairs

“The remaining half belong to executives at third-party partners, including European and American companies associated with chemical manufacturing, aviation and transport, medical and pharmaceutical manufacturing, finance, oil and gas, and communications.” “This discovery represents a precision-targeting campaign exploiting the race to secure essential PPE,” IBM concludes.