In the latest weekly update, four editors at ISMG discuss important cybersecurity issues, including the lessons we can learn from Okta's breach fallout and subsequent response, how the first NFT rug pull of 2022 has amounted to over $1 million, and the much-anticipated return to in-person events.
Two serious remote-code-execution vulnerabilities have been discovered in VMware's widely used Spring, which is a platform for building online applications. With at least one of the vulnerabilities already being actively exploited, VMware urges immediate patching.
As Finnish technology giant Nokia announces it is ceasing sales in Russia over the war with Ukraine, the company is facing tough questions over how it helped enable a mass surveillance program that supports President Vladimir Putin's autocratic regime.
Since threats are becoming increasingly hard to find, it's crucial that your cybersecurity practice adopts a strategy focused on proactive preparedness and takes actions - in advance of an attack - that harden and reduce the threat surfaces that hackers exploit. Adam Mansour of ActZero offers tips.
Sophos says it has provided a fix to a critical RCE bug known to be actively exploited primarily in South Asia. Sophos says no customer action is needed if the "Allow automatic installation of hotfixes" feature is enabled, but versions close to their end of life need manual configuration.
Days after the recent Okta data breach, parts of a security report, allegedly created by Mandiant, were leaked, giving the breach timeline and how the threat group gained access to Okta's environment. Security experts, including an Okta customer, discuss the report, supply chain risks and redress.
In the latest "Troublemaker CISO" post, security director Ian Keller discusses killware - "a hack of critical services and or infrastructure that can lead to the loss of life" - and asks: "Why should the power grid - or hospitals, water treatment plants or your pacemaker - be internet-accessible?
Google's threat analysis team has detected a new remote code execution flaw leveraged by North Korean nation-state attackers targeting cryptocurrency, fintech and other industries. Although not named in the report, there appears to be a link to the notorious Lazarus cybercrime group.
In the latest weekly update, editors at Information Security Media Group discuss important cybersecurity issues, including the White House warning about escalated cyberthreats from Russia, the impact of the Russia-Ukraine war on the healthcare sector and why combating SIM swap fraud remains challenging.
Online attackers are increasingly targeting the financial services sector. John Fokker, head of cyber investigations at Trellix, says his firm has charted a 22% quarterly increase in ransomware attacks on financial services, and APT detections have risen by 37%. Here's how the industry must respond.
IT officials from Ukraine continue to call out alleged Russian cyberattacks. This comes as hacktivists have taken matters into their own hands in the digital underground. Also: NATO pledges additional cyber support, while President Joe Biden urges U.S. governors to bolster defenses.
The latest edition of the ISMG Security Report reviews the latest cyber resilience "call to action" from the White House and also explores authentication provider Okta's failure to inform hundreds of customers in a timely manner that their data could have been stolen by the Lapsus$ group.
Control is the lifeblood of an effective information security program, but fully locking down endpoints is impossible, not least in the open environment of a public university, says Robert Hellwig, CISO of Germany's University of Siegen. In this exclusive discussion, he recommends approaches.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.