In the latest weekly update, four editors at ISMG discuss important cybersecurity issues, including the lessons we can learn from Okta's breach fallout and subsequent response, how the first NFT rug pull of 2022 has amounted to over $1 million, and the much-anticipated return to in-person events.
Two serious remote-code-execution vulnerabilities have been discovered in VMware's widely used Spring, which is a platform for building online applications. With at least one of the vulnerabilities already being actively exploited, VMware urges immediate patching.
As Finnish technology giant Nokia announces it is ceasing sales in Russia over the war with Ukraine, the company is facing tough questions over how it helped enable a mass surveillance program that supports President Vladimir Putin's autocratic regime.
Sophos says it has provided a fix to a critical RCE bug known to be actively exploited primarily in South Asia. Sophos says no customer action is needed if the "Allow automatic installation of hotfixes" feature is enabled, but versions close to their end of life need manual configuration.
Days after the recent Okta data breach, parts of a security report, allegedly created by Mandiant, were leaked, giving the breach timeline and how the threat group gained access to Okta's environment. Security experts, including an Okta customer, discuss the report, supply chain risks and redress.
In the latest "Troublemaker CISO" post, security director Ian Keller discusses killware - "a hack of critical services and or infrastructure that can lead to the loss of life" - and asks: "Why should the power grid - or hospitals, water treatment plants or your pacemaker - be internet-accessible?
Google's threat analysis team has detected a new remote code execution flaw leveraged by North Korean nation-state attackers targeting cryptocurrency, fintech and other industries. Although not named in the report, there appears to be a link to the notorious Lazarus cybercrime group.
Two 20-year-olds have been charged in the U.S. for conspiring to commit wire fraud and launder money as part of a million-dollar scheme involving non-fungible tokens - or NFTs. The charges each carry a maximum sentence of 20 years in prison.
The ban on cryptocurrency transactions in China has led many users in the country to look for alternatives. But researchers from cybersecurity firm ESET say that threat actors have leveraged this scenario and targeted Chinese users by delivering Trojanized cryptocurrency wallet apps.
In the latest weekly update, editors at Information Security Media Group discuss important cybersecurity issues, including the White House warning about escalated cyberthreats from Russia, the impact of the Russia-Ukraine war on the healthcare sector and why combating SIM swap fraud remains challenging.
Online attackers are increasingly targeting the financial services sector. John Fokker, head of cyber investigations at Trellix, says his firm has charted a 22% quarterly increase in ransomware attacks on financial services, and APT detections have risen by 37%. Here's how the industry must respond.
In this interview with Information Security Media Group, Tony Richards, Office of the CISO, Google Cloud, and Tim Erridge, Vice President of Services, Unit 42 Palo Alto Networks, discuss how security leaders can strengthen their threat intelligence programs to successfully preempt future attacks.
IT officials from Ukraine continue to call out alleged Russian cyberattacks. This comes as hacktivists have taken matters into their own hands in the digital underground. Also: NATO pledges additional cyber support, while President Joe Biden urges U.S. governors to bolster defenses.
The latest edition of the ISMG Security Report reviews the latest cyber resilience "call to action" from the White House and also explores authentication provider Okta's failure to inform hundreds of customers in a timely manner that their data could have been stolen by the Lapsus$ group.
Control is the lifeblood of an effective information security program, but fully locking down endpoints is impossible, not least in the open environment of a public university, says Robert Hellwig, CISO of Germany's University of Siegen. In this exclusive discussion, he recommends approaches.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.