A hacking group called Lapsus$ caused major headaches for identity vendor Okta in March when it dropped incriminating but misleading screenshots of a security breach. Brett Winterford of Okta breaks down what happened and discusses why visibility into third-party support operations is important.
Medical device cybersecurity is again getting attention from Congress, with yet another bill proposing to require manufacturers to address product life cycle cybersecurity concerns in their premarket submissions to the Food and Drug Administration.
The U.S. National Institute of Standards and Technology has revised its guidance for organizations to counter supply chain risks. The new document addresses how to identify, assess and respond to cybersecurity risks throughout the supply chain at all levels of an organization.
ICS and their end-use critical infrastructure organizations can now establish a live view into their organization’s overall security posture inclusive of their external perimeter, while placing focus on ‘crown jewel’ operational technology (OT) assets.
The cybersecurity industry has found that timely and secure...
Cyber risk intelligence is critical for businesses that operate in the digital world. It is the collection, evaluation, and analysis of cyber threat information by those with access to all-source information.
Like other areas of important business intelligence, cyber threat intelligence is qualitative information...
Managing and securing software supply chains end to end has been a challenge for organizations the world over. Relying on manual processes and disjointed spreadsheets reports, or worse, blind trust, are no match for cyber threats that continue to grow both in frequency and sophistication.
"Supply Chain Security...
The healthcare industry continues to be targeted by ransomware gangs, but there are efforts underway to help improve the health sector's information security resiliency. Errol Weiss of Health-ISAC says the industry as a whole lacks resources.
The Five Eyes intelligence alliance has released a set of the 15 most routinely exploited vulnerabilities in the past year. Nine of the 15 vulnerabilities allow remote code execution, and the rest include privilege escalation, security bypass and path traversal, among other flaws.
Each day organizations face new threats that jeopardize their critical networks. Gaining visibility into the security risks your supply chain or third-party vendors pose to your organization is a growing priority among cybersecurity leaders. Next-generation cybersecurity practices will require organizations to align...
The Food and Drug Administration's decision to incorporate "quality systems regulations" into its new draft guidance for premarket medical device cybersecurity is an important development in the scope of the agency's expectations for manufacturers, says Dr. Suzanne Schwartz of the FDA.
Recent security incidents involving third-party software, including Okta and Log4j, underscore the importance of healthcare entities taking steps to enhance their vendor risk management programs, says Chris Frenz, assistant vice president of IT security at Mount Sinai South Nassau.
AWS has fixed "severe security issues" in hot patches it released last December to address the Log4Shell vulnerability in Java applications and containers. Palo Alto Networks' Unit 42 researchers said containers in server or cluster environments can exploit the patch to take over its underlying host.
VMware's Tom Kellermann is out with Modern Bank Heists 5.0, his latest look at the attackers and attacks targeting financial services. Subtitled "The Escalation," this report looks at the increase in destructive attacks, ransomware and hits on cryptocurrency exchanges. Kellermann shares insights.
Researchers at security firm ESET have found three vulnerabilities affecting Lenovo laptops worldwide and targeting users who work from home. Two of the flaws affect UEFI firmware drivers meant for use only during the manufacturing process of Lenovo notebooks, and one is a memory corruption bug.