Hacking incidents - especially those involving ransomware attacks and vendors - continue to rack up some of the largest victim counts in major health data breaches being reported to federal regulators in 2021. Will the trend continue?
The Russia-linked cyberespionage group Nobelium, which was responsible for the SolarWinds supply chain attack, has developed and deployed a new malware, dubbed FoggyWeb, according to a Microsoft Threat Intelligence Center security blog. Microsoft says FoggyWeb creates a backdoor to exfiltrate data.
The world is experiencing a cybercrime pandemic, which is a direct consequence of COVID-19, according to Amit Basu, CISO and CIO at International Seaways. He offers proactive prevention measures, based on his own experience, for how organizations can stay safe and secure.
The Department of Health and Human Services has named Lisa J. Pino - a former Department of Homeland Security official charged with mitigating the massive 2015 cyberattack on Office of Personnel Management - as the new director of its HIPAA enforcement agency.
The U.S. Department of Commerce is soliciting input on a Trump administration cybersecurity executive order that requires cloud providers to verify the identities of certain users - particularly cyber actors potentially operating abroad and leveraging U.S. cloud technologies.
A security researcher who goes by the alias Watchful_IP has discovered a command injection vulnerability that could potentially affect millions of Hikvision's IoT devices. The video security solutions provider says it has fixed the flaw and rolled out a firmware update for its end users.
For combating ransomware, doing the security basics is essential, including keeping systems updated and patched. Don't follow in the footsteps of one technology firm, which Sophos found got hit by Cring ransomware after attackers exploited ColdFusion software that hadn't been patched in 11 years.
Ransomware-wielding attackers love to lie to victims. But REvil - aka Sodinokibi - has reportedly been running double negotiations to make affiliates think a victim hasn't paid a ransom, using a backdoor in the malware that allows administrators to decrypt victims' systems, so affiliates don't get their cut.
Two proposed class action lawsuits filed this week in a California federal court allege negligence and a variety of other claims against UC San Diego Health in the wake of a phishing incident that affected nearly 496,000 individuals.
During testimony before a U.S. Senate committee hearing Thursday, CISA Director Jen Easterly told lawmakers that a recent joint alert issued by her agency, the FBI and the Coast Guard Cyber Command stemmed from an attempted attack against the Port of Houston in August.
Four editors at Information Security Media Group discuss important cybersecurity issues, including the rise of quadruple extortion attacks employed by ransomware gangs, the FBI reportedly withholding the Kaseya ransomware decryption key for weeks, and raising security posture during a pandemic.
Dwell time, double extortion, supply chain attacks - ransomware has changed considerably over the course of the year, and CyberArk's Andy Thompson says there is much we can learn from the attacks - both the unsuccessful and successful ones - and how they take root.
The latest edition of the ISMG Security Report features an analysis of how the U.S. government has been tracking an increase in the pace of attacks tied to Conti ransomware. Also featured are what "protection" means today and building a new cybersecurity operating model.
A new and still little-known ransomware group called Karma has been pursuing a novel strategy to pressure victims into paying: Get journalists to publicize businesses hit by the ransomware operation, adding pressure on victims to pay the ransom demand.