Gregory Touhill, the retired Air Force general and former federal CISO under President Obama, minces no words when he describes the Colonial Pipeline ransomware attack as a "global day of reckoning" for critical infrastructure protection.
After a ransomware incident, Colonial Pipeline Co. has restored smaller pipelines that ship fuels to the U.S. East Coast, but its larger ones are still offline as it assesses safety. Citing U.S. officials, The Associated Press reports the company was infected by the DarkSide ransomware group.
Merger and acquisition activity involving cybersecurity companies continued at a rapid pace in the last two weeks, with Accenture, Forcepoint, OneTrust and the Swedish IT consultancy firm Knowit AB all making acquisitions.
Security researchers have uncovered a flaw dubbed TsuNAME in DNS resolver software that attackers could used to carry out distributed denial-of-service attacks against authoritative DNS servers. Google and Cisco have resolved the issue in their DNS servers.
The latest edition of the ISMG Security Report features an analysis of whether courts can trust evidence collected by Cellebrite's mobile device forensic tools. Also featured: Report shows attackers' dwell times plummeting; a call for partnership with law enforcement.
Security researchers say API flaws could have exposed the private data of millions of Peloton fitness equipment online service users for months before they were recently patched.
Attackers are increasingly using malicious OAuth 2.0 applications to siphon data and access sensitive information from cloud platforms, and mitigating the risks is proving challenging, according to the security firm Proofpoint.
In 2020, the predictable economics of the past disappeared during an increasingly chaotic year. The pandemic reshaped society and impacted countless people. Organizations adapted quickly enabling employees to collaborate remotely. Businesses reconfigured their operating model enabling them to serve customers safely....
SmileDirectClub, which sells teeth-straightening appliances, expects that a recent cyberattack, which disrupted the manufacturing of its products, will take a $10 million to $15 million bite out of its second-quarter revenue.
The websites of about 200 public and private entities in Belgium were knocked fully or partially offline Tuesday by a distributed denial-of-service attack against the publicly funded internet service provider Belnet.
No one needs more stats about the skills gap in cybersecurity; many organizations are obviously facing challenges in recruiting, skilling, and retaining security professionals. We haven’t written this cheat sheet to tell you what you already know. Instead, we will outline a realistic strategy for workforce-wide...
In order to keep pace with hackers, you need to learn like hackers. That’s why when it comes to guidance on building detection and response programs, MITRE ATT&CK® – which has a strong adversarial focus – trumps traditional frameworks such as the Diamond Model (which lacks technical depth), and Lockheed...
Cyber crisis response and preparedness is on everyone’s lips, yet organizations’ efforts are failing to adapt to modern threats. While table top exercises have long been considered an essential tool in preparing organizations to face cyber crises, they’re now rapidly falling into obsolescence.
So what’s the...
'Mega breaches' might sound dystopian, but they're becoming an all too familiar feature of the modern cyber crisis. Yet organizations are still relying on traditional techniques to prepare and exercise their workforces' cyber crisis response. Enter micro-drilling: the modern alternative to tabletop exercising.
In...
Cybersecurity training: from dry-as-dust videos to cutesy animations of hapless office workers to streams of green code on a black screen. The variety out there is staggering, and it’s hard to know where to start – or what's really going to work.
Luckily, the most effective forms of training – for all teams,...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
