A pair of U.S. House committees held their first public hearings into the SolarWinds attack, with lawmakers and witnesses offering support for expanding federal cybersecurity laws to address the security failures. This includes a larger role for CISA to conduct threat hunting.
Ransomware continues to sting numerous organizations, and the problem only seems to be getting worse. More than ever, the onus is on potential victims to ensure they have essential defenses in place - and if possible, to proactively hunt for attackers who may already be inside their network.
The latest edition of the ISMG Security Report features an analysis of a federal crackdown on ICO cryptocurrency scams. Also featured: An update on the SonicWall hack investigation and the use of digital IDs to verify COVID-19 testing.
The SolarWinds supply chain attack is another example of the damage that lateral movement by system intruders can cause. Tim Keeler of Remediant describes why detecting lateral movement is so challenging.
The Senate Intelligence Committee's hearing about the supply chain attack that affected SolarWinds and dozens of other companies and federal agencies answered some questions about what went wrong but also raised four key issues.
At its core, Zero Trust aspires to eliminate persistent trust, and enforce continuous authentication, least privilege, and microsegmentation. This approach reduces the attack surface and minimizes the threat windows during which attackers can inflict damage, helping to protect against simple malware attacks to...
The CEOs of SolarWinds, Microsoft, FireEye and CrowdStrike rolled out a series of cybersecurity recommendations to a U.S. Senate panel Tuesday while detailing how foreign actors gained access into their firms' systems as a result of the SolarWinds supply chain attack.
The Python Software Foundation is issuing updates for Python 3.9.2 and 3.8.8 to address critical security vulnerabilities, including a remote code execution vulnerability that can be exploited to shut down systems.
The National Security and Defense Council of Ukraine accuses Russia of turning Ukrainian government servers into a botnet for massive distributed denial-of-service attacks that then caused the servers to be blocked.
French authorities are warning the country's healthcare sector of the discovery of a glut of stolen credentials, apparently belonging to hospital workers, that were found for sale on the dark web. The alert comes amid a recent rise in ransomware attacks on hospitals and other healthcare entities.
All email, cloud, and compliance solutions are not created equal.
As organizations make the move to Microsoft 365, many assume that the platform's built-in or bundled features will keep users safe and compliant. But these "good enough" features may not be good enough for your organization.
Download this eBook from...
Cybersecurity awareness training is one of the most important things you can do to secure your organisation. But starting a new programme may seem daunting. Maintaining one that keeps your users engaged, changes their behaviour and reduces your organisation’s exposure to threats might be an even bigger challenge....
A newly-discovered phishing campaign posts harvested credentials using the Telegram messaging app's application programming interface to bypass secure email gateways, report researchers at the Cofense Phishing Defense Center.