In an emergency directive, the U.S. Cybersecurity and Infrastructure Security Agency calls on federal agencies to immediately implement a patch to address the "PrintNightmare" Windows Print Spooler service flaw and disable the service on servers on Microsoft Active Directory domain controllers.
Attackers have been exploiting a zero-day flaw in SolarWinds' Serv-U Managed File Transfer Server and Serv-U Secured FTP software, the security software vendor warns. The company has released patched versions that mitigate the flaw, discovered by Microsoft, and is urging users to update.
DevOps and the continuous integration/continuous deployment (CI/CD) pipeline are revolutionizing application development, test, and cloud delivery, enabling developers to write the application code and define the cloud infrastructure. But where is cloud security?
Shifting left allows cloud security to scale...
Enterprises on a Kubernetes journey cannot apply the traditional security solutions that once protected on-site servers or VMs, as those are not designed for the unique development practices and distributed environments with which Kubernetes excels. Enterprises must expand their existing security programs to cover the...
Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP) are foundations for good cloud security, but with more and more organizations adopting microservices and Kubernetes orchestration using cloud and hybrid cloud infrastructure, they are unwittingly expanding their significant attack...
Investment banking giant Morgan Stanley is the latest company to report a data breach tied to zero-day attacks on Accellion's legacy File Transfer Appliance - yet another indicator of the sustained impact of supply chain attacks.
This edition of the ISMG Security Report features three segments on battling ransomware. It includes insights on the Biden administration's efforts to curtail ransomware attacks, comments on risk mitigation from the acting director of CISA, plus suggestions for disrupting the ransomware business model.
A bipartisan bill introduced by Sens. Gary Peters and Ron Johnson would create a standardized cybersecurity training program for federal employees who purchase technology services. This bill follows a wave of attacks over the last two months that have targeted U.S. critical infrastructure.
As key elements of Palo Alto Networks secure access service edge (SASE) solution, SaaS Security and Enterprise DLP play a key role in enabling organizations to consistently protect their data, applications, and users across networks and clouds while avoiding the complexity of multiple point products (such as...
Disrupt the Network Security Status Quo
Nonstop malware variants delivered by attackers using automation...
Increasing complexity introduced by public and hybrid cloud adoption...
New cybersecurity risks due to the explosion of IoT devices...
With so many fundamental changes and challenges in today’s IT...
Failure to take basic security steps - such as avoiding using end-of-life software and default passwords - can create serious national security risks, CISA stresses. The agency is in the early stages of developing a catalog of "bad practices" that should be avoided.
In the latest weekly update, a panel of Information Security Media Group editors discusses key topics, including cybersecurity trends for the second half of the year, IoT device security and the planned security features for Windows 11.
Security researchers at Eclypsium have reported that they had identified four vulnerabilities that could affect 30 million users of computer technology company Dell's laptops, desktops and tablets. The vulnerabilities have a cumulative CVSS score of 8.3 (high).
NIST has published its definition of "critical software" for the U.S. federal government as the standards agency begins fulfilling requirements laid out in President Biden's executive order on cybersecurity. The software part of the executive order looks to reduce the threat of supply chain attacks.
The Russian-linked cyberespionage group behind the supply chain attack against SolarWinds targeted Microsoft's customer support system as part of a new campaign, the company disclosed in a report. The group, called Nobelium, has been linked to recent attacks against a marketing firm used by USAID.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.