The latest edition of the ISMG Security Report features an analysis of the arrest of two suspects tied to a major ransomware group in Ukraine. Also featured: Introducing "The Ransomware Files" and defining the next-gen CISO.
Deepayan Chanda discusses the four principles of cybersecurity - reliability, accuracy, architecture and resiliency - that he believes cover most of the aspects of how CISOs can maintain the level of cybersecurity that their organzations need to sustain attacks.
Applications, in particular Web Applications, have become a top target for threat actors. Organizations have long relied on Web App Firewalls (WAFs) to protect themselves from common threats such as SQL injection, cross-site scripting, and remote file inclusion. In an increasing number of cases, however, protecting...
The U.S. Department of Justice said this week it will pursue government contractors that fail to report cybersecurity incidents. The department also announced the formation of a Cryptocurrency Enforcement Team to prosecute the misuse of virtual currencies.
Federal regulators are warning healthcare and public health sector organizations of potential attacks by the ransomware group LockBit 2.0 and its affiliates. The group claimed credit for the August attack on consultancy firm Accenture. What preventative steps should healthcare sector entities take?
Researchers at Ben-Gurion University of the Negev, Israel, have uncovered a new type of electromagnetic attack, dubbed LANtenna, that exfiltrates sensitive data from an isolated, air-gapped computer using Ethernet cables as transmitting antennas.
U.S. lawmakers have introduced legislation that would require the reporting of ransom payments within 48 hours of the transaction. The bill would also require DHS to create a voluntary website to log ransom payments and task the department with studying ransomware and cryptocurrencies.
Who had heard of Syniverse before it recently disclosed a five-year breach, potentially exposing call-routing data and text messages for hundreds of mobile phone networks? The incident is just the latest supply chain attack to hit a lesser-known but nevertheless critical service provider.
Open XDR-as-a-Service: When Your Organization Needs More Than MDR - With security tool sprawl and wider diversification of threats, traditional managed detection and response tools often lack the functionality needed to adequately protect organizations and their users against data breaches. Consider an alternative:...
Automation has become critical survival equipment in security operations, but few feel like they are doing it right. Read this webinar summary to learn the results of a new survey, how to improve, and which security processes are being automated.
Where organizations are in their journey to defining and...
Today, healthcare organizations are adopting and leveraging more public cloud technologies to keep up with the demands of delivering modern healthcare and supporting the evolving connected health ecosystem. How should healthcare organizations incorporate data security practices to public cloud and SaaS applications...
The expanded recall of insulin pump devices due to vulnerabilities that pose the risk of injury or death to patients and a recent malpractice lawsuit alleging that the effects of a ransomware attack led to a baby's death are the latest warnings of dangers posed by security issues in medical gear.
Amazon-owned video streaming service Twitch, which focuses on video games and e-sports broadcasts, reportedly suffered a massive data breach, which the company vaguely confirmed via Twitter. A post on the anonymous online forum 4chan reportedly indicates that the entire platform was compromised.
Apache, a popular open-source web server software for Unix and Windows, says it has fixed a zero-day vulnerability in its HTTP server that it says has been exploited in the wild. The path traversal and file disclosure vulnerability only affects Apache HTTP servers upgraded to version 2.4.49.
Cyber extortion through digital means is nothing new, says U.K.-based cybersecurity expert John Walker, but the concerning aspect of today's ransomware attacks is that they are "low-cost in the macro sense and so easy to achieve."