In an open letter addressing Ukraine's request to web governance entity ICANN, dozens of researchers, internet activists, politicians and academics voiced their disapproval, instead calling for precise, measured sanctions that could more effectively weaken Russian military and propaganda efforts.
Healthcare entities and other organizations frequently skimp on application security, which is a critical area, and this often results in data breaches, security incidents and other mishaps, says former Blue Cross of Idaho CISO Sandy Dunn, who is now CIO and CISO of security firm BreachQuest.
The ISMG Security Report features an analysis of the U.S. government's request for billions of dollars in tech aid to curb the global impact of the Kremlin's campaign in Ukraine. It also examines Biden's cryptocurrency executive order and why breached organizations often don't share full details.
The Lapsus$ ransomware group is tricking users into installing malware by disguising it as verified and signed certificates, which researchers say are believed to have been stolen from the Nvidia and Samsung source code leaks.
In an excerpt from his book "CRISC Certified in Risk and Information Systems Control All-In-One Exam Guide," Peter Gregory discusses choosing the fifth option in risk management, which is ignoring the risk. He warns of the problems that choice can cause.
Federal authorities are warning about seven vulnerabilities affecting a software agent used to remotely manage an array of medical devices and other connected gear. If exploited, the vulnerabilities could enable hackers to gain full control of the affected devices or alter their configurations.
Ransomware groups continue to target critical infrastructure sectors internationally. An FBI alert says that ransomware group RagnarLocker has targeted 52 entities across 10 critical infrastructure sectors, while Romania's premier petrol supplier, Rompetrol, has reportedly been hit by Hive.
As Western cybersecurity officials warn that Russia's Ukraine invasion poses an elevated cybersecurity risk to all, kudos to Cloudflare, CrowdStrike and Ping Identity for offering free endpoint security and other defenses to the healthcare sector and power sectors, for at least four months.
Google will buy cybersecurity firm Mandiant for $5.4 billion, an acquisition Google says will give it new capabilities to respond to cybersecurity threats and bolster its cloud platform. Mandiant will be folded into Google's Cloud Platform.
U.S. and NATO officials are increasingly looking to sharpen sanctions and rhetoric against Russia, and cybersecurity is a pivotal part of the discussion. The Biden administration is now requesting $10 billion in emergency funds to address Russia's campaign, with sizeable pots for cybersecurity.
An undisclosed website was the victim of a massive, dayslong distributed denial-of-service attack. The threat actor included a ransom note as part of the attack, instead of contacting the victim separately, and the DDoS attack has been mitigated, researchers at cybersecurity company Imperva say.
As Russia's ground invasion and air assault against Ukraine continues, so too do online attacks being launched against Ukrainian targets. A Ukrainian cybersecurity official says his country is fighting the first-ever "hybrid war" that bridges both the physical and online realms.
South Korean consumer electronics giant Samsung Electronics has confirmed that it has suffered a breach that includes source code being stolen. Ransomware gang Lapsus$ has leaked a massive collection of confidential data from Samsung just a day after leaking credentials of 71,000 Nvidia employees.
Four ISMG editors discuss the accelerating invasion of Ukraine by Russia and its potential impact on the cybersecurity industry; whether hacktivists are the new resistance fighters and the dangers that might trigger; and how a data leak may help researchers track and fight the Conti ransomware gang.
Guidance from the Healthcare Sector Coordinating Council provides healthcare delivery organizations and vendors with recommendations for including cybersecurity in contracts pertaining to the procurement of medical device products and related services.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.