In the latest weekly update, Troy Leach, chief strategy officer at Cloud Security Alliance, joins ISMG editors to discuss the latest innovation in the payments space and accompanying risks, as well as how the case of Sam Bankman-Fried's failed cryptocurrency exchange will affect regulatory actions.
From the cyberwar in Ukraine to ongoing ransomware threats and emerging global data regulations, 2022 has been a taxing year for CISOs. And they can expect more of the same in 2023, says Rodman Ramezanian of Skyhigh Security. He offers predictions and advice for the new year.
It's called the cybersecurity poverty line, and it distinguishes organizations as haves or have-nots - not just financially, but in terms of cybersecurity defenses. Cisco's Mike Storm discusses how to develop and leverage embedded security to rise above the line.
A forensic examination of an email hosting service offered by subsidiaries of Australian telecom firm TPG revealed an intrusion affecting up to 15,000 customers, the company disclosed Wednesday. The breach adds to a growing list of cyber incidents experienced by Australia's telecommunication sector.
A Florida primary care practice will pay a $20,000 financial penalty and implement a corrective action plan to settle a HIPAA right of patient access dispute. The case is the 42nd such dispute resolved by the Department of Health and Human Services since April 2019.
U.S. federal prosecutors charged six men ranging in age from 19 to 37 with running distributed denial-of-service attacks for sale on the internet. One of the accused allegedly ran a site, Ipstresser.com, responsible for more than 30 million DDoS attacks.
Anything that can write a software code can also write malware. The latest AI technology can do it in seconds. Even worse, it could open the door to rapid innovation for hackers with little or no technical skills or help them overcome language barriers to writing the perfect phishing email.
A hacker selling a data set purportedly containing emails stripped from the FBI's InfraGard public-private cybersecurity forum obtained access by sending an application, which the bureau approved, reports independent cybersecurity journalist Brian Krebs.
A California dental practice that for years revealed patient data on Yelp must stop doing so and pay federal regulators a $23,000 fine. New Vision Dental, owned by Dr. Brandon Au, must also delete social media posts and send breach notification letters to affected patients.
Microsoft's last monthly dump of patches for 2022 includes a fix for a zero-day exploited by ransomware hackers to bypass the SmartScreen security mechanism for malware execution. The zero-day hinged on hackers creating a malformed Authenticode signature.
Ransomware operations have become expert at finding ways to make a victim pay. But experts say there are multiple steps healthcare sector entities in particular can take to better protect themselves and ensure that they can quickly restore systems and never have to consider paying a ransom.
To get zero trust strategy right, it is important to know what exactly to protect and decide what your crown jewels are. Three panelists discuss the various ways to do that and also offer their thoughts on whether zero trust is need for everything.
Speaking at the company's annual conference, Palo Alto Networks CEO Nikesh Arora urged the industry to move away from the alert triage model popularized by SIEM. SIEM tools have for decades highlighted alerts for SOC analysts to focus on, but the most important ones are getting ignored, he warns.
The many alleged failures of former FTX CEO Sam Bankman-Fried fell into relief Tuesday amid a welter of unsealed criminal and civil prosecutions and damning congressional testimony by his successor. The day ended with Bankman-Fried ordered to remain in a Bahamas jail pending an extradition.
Assets kept behind air-gapped networks should be inaccessible, but researchers from Pentera describe how hackers use the DNS protocol as a command-and-control channel. To be truly safe, companies should isolate the DNS server used for air-gapped networks and filter traffic for anomalies.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.