A pair of U.S. House committees held their first public hearings into the SolarWinds attack, with lawmakers and witnesses offering support for expanding federal cybersecurity laws to address the security failures. This includes a larger role for CISA to conduct threat hunting.
Ransomware continues to sting numerous organizations, and the problem only seems to be getting worse. More than ever, the onus is on potential victims to ensure they have essential defenses in place - and if possible, to proactively hunt for attackers who may already be inside their network.
Microsoft is making available the CodeQL queries it used to detect malicious implants in the massive supply chain attack that affected SolarWinds, tech firms and government agencies.
The latest edition of the ISMG Security Report features an analysis of a federal crackdown on ICO cryptocurrency scams. Also featured: An update on the SonicWall hack investigation and the use of digital IDs to verify COVID-19 testing.
It was the breach heard ‘round the world. Last December’s SolarWinds attack got every security leader’s attention and reminded us of the fragility of supply chain security. Nolan Karpinski of VMware Carbon Black addresses these concerns and previews a new set of Executive Roundtables.
Tool consolidation, supply chain security, intrinsic security - how are these trends developing, and how do they impact specific industries? Nolan Karpinski of VMware Carbon Black shares insight on how to tackle the year's top cybersecurity challenges.
The SolarWinds supply chain attack is another example of the damage that lateral movement by system intruders can cause. Tim Keeler of Remediant describes why detecting lateral movement is so challenging.
As the healthcare sector works to provide patients with secure access to their health information via smartphones and other devices, it must address critical identity and trust issues, says DirectTrust president and CEO Scott Stuewe.
The onslaught of account takeover attacks from insecure passwords is driving the rapid adoption of passwordless solutions. While the risk reduction benefits are substantial, eliminating passwords is just the first step on the path to fundamentally strong authentication. In the “new normal” era of work from...
The Senate Intelligence Committee's hearing about the supply chain attack that affected SolarWinds and dozens of other companies and federal agencies answered some questions about what went wrong but also raised four key issues.
Watch this OnDemand webinar to learn more about the data uncovered during this unprecedented year and how organizations are seeking to implement and extend modern security capabilities.
The inevitability of change compounded by an unprecedented global pandemic revealed that organizations continue to struggle with the tension between planning and investing in the physical access control infrastructure needed to meet the evolution of threats. This is among the key findings of the latest survey-based...
Security professionals have been thrust to the forefront of return-to-work planning as the crisis continues to create a complex set of security and safety challenges. Preparing to return to the physical workplace means adapting to new requirements, implementing new procedures and leveraging technology to alleviate...
The Zero Trust Security approach ensures the right people have the right level of access, to the right resources, in the right context, and that access is assessed continuously - all without adding friction for the user. The adoption of mobile and cloud means that we can no longer have a network perimeter-centric view...
At its core, Zero Trust aspires to eliminate persistent trust, and enforce continuous authentication, least privilege, and microsegmentation. This approach reduces the attack surface and minimizes the threat windows during which attackers can inflict damage, helping to protect against simple malware attacks to...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.