The findings from a penetration test can help you identify risks and gaps in your security controls. Charles Gillman offers tips to maximize the value of your next pen test and, in the process, deliver better results.
The new U.K cyber strategy calls for a balanced partnership across the public, private and third sectors. The government is to provide a 2.6 billion-pound investment in a more proactive approach to fostering and protecting the U.K.’s competitive advantage critical cyber technologies.
The U.S. Department of Homeland Security this week announced a "Hack DHS" bug bounty program to identify potential cybersecurity vulnerabilities within its systems and to increase DHS' overall cyber resilience. Hackers uncovering vulnerabilities will be compensated by the department.
Attackers tied to China, Iran, North Korea and Turkey have been targeting or testing exploits of the ubiquitous Apache Log4j vulnerability. Vendors are rushing to identify and patch supported software and hardware as cybersecurity agencies urge organizations to mitigate the threat and beware exploit attempts.
It’s no secret that the recent large-scale ransomware attacks are a call to action for greater federal cybersecurity regulations. As it stands, security policies are not mandated and are largely a voluntary mechanism. But it has become apparent that at-will standards are not getting the job done. According to a...
December’s Microsoft Patch Tuesday covers 67 security fixes, one of which is a zero-day vulnerability spreading Emotet malware. Five of the other bugs are listed as publicly known, but not yet exploited. Additionally, Google, Apple and Adobe also released critical updates.
Security and IT teams racing to mitigate the threat posed by the ubiquitous Apache Log4j 2.14 flaw are facing a new problem: Which version of the patched software should they deploy - 2.15.0 or the newly released 2.16.0?
What's in store for defenders as attackers increasingly try to target the ubiquitous Apache Log4j vulnerability? "Everyone is a target," says veteran cybersecurity leader Etay Maor, whose team at Cato Networks has been analyzing hundreds of attacks that already attempt to exploit the flaw.
AI-based image recognition technology used by radiologists to help improve the speed and accuracy of medical diagnoses - such as detecting breast cancer in mammography images - is vulnerable to cyberattacks that can trick the AI, as well as doctors, into potentially making the wrong diagnoses, a new study says.
Like CISOs everywhere, Dawn Cappelli of Rockwell Automation awoke last Friday to news about the Log4j vulnerability and the risk it posed to her company, customers and partners. Here is how she approached triage, response and capturing insights to be shared with other security leaders.
The year is ending with a cybersecurity bang - not whimper - due to the widespread prevalence of the Apache Log4j vulnerability. Researchers warn that at least 40% of corporate networks have been targeted by attackers seeking to exploit the flaw. More than 250 vendors have already issued security advisories.
Accenture's State of Cybersecurity Resilience 2021 study finds that 55% of large companies are not effectively stopping cyberattacks, finding and fixing breaches quickly, or reducing the impact of breaches. Ryan LaSalle of Accenture Security discusses how to increase cyber resiliency.
Multiple security researchers have spotted threat actors already exploiting the Apache Log4j vulnerability by deploying Muhstik and Mirai botnets to target Linux devices. Their advice: Ensure to remove any existing compromise before patching, and expect this flaw to be exploited for the long term.
In today's disparate IT environment, there are gaping, business critical gaps in enterprise log management. Graylog's Mark Brooks discusses the Log Management Maturity Model and the six (6) critical steps to move from "no alignment" to "continuous improvement."
A massive wave of ongoing attacks has been targeting more than 1.6 million WordPress sites, researchers at Wordfence say. So far, they've counted more than 13.7 million individual attacks in just 36 hours, focused on exploiting four different WordPress plug-ins and several Epsilon framework themes.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.