Back To Resource Center

Published: May 24, 2024

Security 3-2-1 Week of 5/24/2024

By Annie articles

Exciting News! TalPoint is happy to announce the public availability of two new talent hubs: AI and Data. If your company is looking for the same agile approach we offered in security, and the same quality of vetted subject matter experts, we’re here to help. Whether you’re evaluating feasibility, building internal LLMs, or just need to get your data-house in order, get in touch today!

3 Interesting Articles

US Unveils $50M Program to Help Hospitals Patch Cybersecurity Gaps

Infosecurity Magazine: The U.S. government has launched a new $50 million initiative through the Advanced Research Projects Agency for Health (ARPA-H) to enhance cybersecurity in hospital environments. The Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE) program focuses on automating vulnerability management across various systems and devices used in healthcare settings, minimizing disruptions to critical services. This program addresses the challenge of managing vulnerabilities in a hospital setting, where many devices are legacy systems and taking systems offline for updates can severely disrupt operations. UPGRADE will enable proactive evaluations of potential vulnerabilities, simulate digital hospital environments to test for software weaknesses, and ensure that remedies are swiftly developed and deployed with minimal interruption. This initiative comes in response to a series of high-profile ransomware attacks on healthcare facilities, including the notable incident at Change Healthcare in February 2024, which disrupted patient care and led to a significant ransom payment. The program is part of a broader U.S. government effort to build more resilient healthcare systems capable of sustaining secure operations amid ongoing cyber threats.

YouTube Becomes Latest Battlefront for Phishing, Deepfakes

Dark Reading: YouTube has become a significant platform for cybercriminals using tactics like phishing, malware deployment, and fake investment schemes. A recent study highlights that platforms like Lumma and RedLine misuse YouTube to direct traffic to malicious sites, exacerbating the threat landscape. The report also notes an increase in deepfake videos on YouTube that create false narratives to mislead viewers and spread disinformation, documenting cases where channels with over 50 million subscribers were compromised to promote cryptocurrency scams using these deepfakes.Several exploitation methods on YouTube include sending phishing emails to creators, embedding malicious links in video descriptions, and using social engineering to direct users to malware-laden sites posing as helpful tools. 

BreachForums, a key English-language cybercrime forum, seized by the FBI 

CyberScoop: The FBI, DOJ, and international law enforcement agencies, including those from the U.K., New Zealand, Australia, Switzerland, Ukraine, and Iceland, have successfully seized BreachForums, a notorious platform used for trading stolen and hacked data. This marks the second seizure of the site within a year, following a previous takedown in June 2023 after the arrest of its creator, Conor Fitzpatrick. Despite being reestablished shortly after the initial seizure, the site remained under scrutiny and was again targeted, resulting in the recent seizure that also included its associated Telegram channels. Paul Foster from the U.K.’s National Crime Agency highlighted the importance of such operations in disrupting the cybercrime ecosystem. The exact details of the operation, including whether any new arrests were made, remain unclear. The FBI has set up a reporting form for information related to BreachForums, underscoring the ongoing efforts against cybercriminal marketplaces.

2 Stats You Should Know

94% of organizations say their customers would not buy from them if they did not protect data properly. (source)

A recent survey shows that more than 95% of respondents believe dynamic content through Large Language Models (LLMs) makes detecting phishing attempts more challenging. (source)

1 More Thing

Our large and diverse network of experts is here to help...

Charles M.


Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.

Ellen K.

GRC Expert

Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.

Zachary C.

Founder and CRO

Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.