With more than 61% of breaches attributed to stolen passwords, a password manager can go a long way in helping enterprises enhance security, say Chandan Pani, CISO at Mindtree, and Lloyd Evans, identity lead, JAPAC, at LogMeIn.
On Tuesday, the Senate, by a vote of 69-30, passed a $1 trillion infrastructure spending bill that would provide additional money for cybersecurity over the next several years, including extra funds for the Department of Homeland Security and its Cybersecurity and Infrastructure Security Agency.
NIST is updating "cyber resiliency" guidance to focus on mitigating modern cyberthreats to IT networks, especially ransomware and nation-state attacks. A draft encourages security defenders to move away from a perimeter-based defense to building resilient IT systems.
The rise of ransomware as a criminal moneymaking powerhouse parallels the services offered by initial access brokers, who continue to offer affordable access to victims' networks - often via brute-forced remote desktop protocol or VPN credentials - to help attackers hit more targets in search of larger profits.
A group dubbed "ITG18," which apparently is linked to an Iranian advanced persistent threat group, deployed an Android backdoor it used to exfiltrate sensitive information from at least 20 reformists in Iran in the runup to the country's June 18 presidential election, IBM's Security Intelligence reports.
The FDIC has failed to properly update its policies for mobile device usage, conduct regular control assessments of its mobile device management solution or adequately log and monitor mobile cybersecurity practices, according to a new report from the Office of the Inspector General.
OT, IoT, IIoT - each has critical distinctions, and each is increasingly vital to protecting the world's critical infrastructure from crippling cyberattacks. In a panel discussion, cybersecurity leaders discuss what it takes to get the C-suite's attention to prioritize this new generation of risk.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including improving federal agencies' cybersecurity and businesses recovering from the pandemic's impact.
The widely used NicheStack TCP/IP stack has 14 vulnerabilities that, if exploited, could allow for remote code execution, denial of service, information leaks, TCP spoofing or DNS cache poisoning, according to researchers at Forescout and JFrog. But patches are now available.
The latest edition of the ISMG Security Report features an analysis of how ransomware attackers share about their inclinations, motivations and tactics. Also featured: The rise of integrity attacks; dispelling vaccine myths.
The U.S. needs to devise ways to counter Chinese cyber activity - including the theft of intellectual property and cyberattacks on government networks and critical infrastructure - that poses a direct threat to national security, according to those who testified at a Senate hearing this week.
A seemingly nonstop number of ransomware-wielding attackers have been granting tell-all media interviews. One perhaps inadvertent takeaway from these interviews is the extent to which - surprise - so many criminals use lies in an attempt to compel more victims to pay a ransom.