Several data breaches stemming from unpatched vulnerabilities in Accellion's File Transfer Appliance have been revealed. What went wrong? Where does the fault lie? And what can organizations do about it?
Ransomware operations continue to come and go. The notorious Maze ransomware gang retired last year, apparently replaced by Egregor, while new operators, such as Pay2Key, RansomEXX and Everest, have emerged. But in recent months, experts say, just six operations have accounted for 84% of attacks.
A data breach of a Washington state auditor's system exposed 1.4 million unemployment claimants’ records. The breach stemmed from an exploit of an unpatched system from Accellion, and the state says it was never notified of the flaw. But Accellion says it notified customers and offered a patch in December.
It's one thing to plan for a remote workforce. Quite another when you suddenly have to deploy and support it - at 100%. Martin Mazor of Entertainment Partners discusses the vital role of identity in his enterprise's unique business.
Biometrics, device-based risk scoring solutions and geo location can be helpful tools for tackling ID fraud, says Trace Fooshee, senior analyst at Aite Group, who calls for a layered approach.
The operators behind the Agent Tesla remote access Trojan have updated the malware to enable it to disable endpoint protection software and have added features to hide communications, according to a report from the security firm Sophos.
To take down bigger targets more easily and quickly, ransomware gangs are increasingly tapping initial access brokers, who sell ready access to high-value networks. Economically speaking, it's a no-brainer move for cybercrime gangs.
Up to 30% of the organizations hit as part of the cyberespionage campaign waged by the hackers responsible for the SolarWinds supply chain attack did not use the company’s compromised software, says Brandon Wales, acting director of CISA. These victims were targeted in a variety of other ways, he says.
Ransomware attacks continue to pummel organizations, but fewer victims have been paying a ransom, and when they do, on average they're paying less than before, says ransomware incident response firm Coveware, which traces the decline to attackers failing to honor their data deletion promises.
The number of data breaches being reported in the U.S. and elsewhere each year continues to decline. But security experts say this unfortunately can be explained by criminals increasingly focusing on lucrative ransomware and business email compromise scams, which require scant data to be successful.
The law enforcement agencies behind this week's disruption - dubbed “Operation Ladybird” - of Emotet are helping victims by pushing out an update via the botnet’s infrastructure that will disconnect their devices from the malicious network.
Some people run from change. Arun DeSouza of Nexteer Automotive runs toward it. "Now is my time," says the veteran chief information security and privacy officer, who shares his leadership and technology insights in this exclusive interview.
New Zealand’s financial regulator has issued a searing report about IT security failures at NZX, the country’s stock exchange, that contributed to a disruptive DDoS attack. The regulator says NZX had inadequate IT security and failed to prepare for DDoS attacks.
The latest edition of the ISMG Security Report features an analysis of this week’s police takedowns of Emotet and Netwalker cybercrime operations. Also featured: Updates on passwordless authentication and the use of deception technology.
Former Obama White House cybersecurity official Chris DeRusha has been appointed federal CISO by the Biden administration after having served as CISO for the Biden campaign. He joins a number of newly appointed officials who will have cybersecurity oversight.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.