An evolving workplace, greater reliance on IoT and the cloud, and already we have seen the new face of supply chain attacks. This is the backdrop for 2021, and Imperva's Brian Anderson offers insights into the cyber-attack outlook.
Philip Reitinger has held senior cybersecurity leadership roles in both the public and private sectors. He's seen big breaches. And he says what he sees so far in the SolarWinds attack may be just the "tip of the iceberg" in terms of government and business entities that have been compromised.
Point-of-sale device manufacturers Verifone and Ingenico have released fixes for flaws in some of their devices after researchers found the vulnerabilities could have enabled attackers to steal payment card data, clone cards or install malware.
For the first time, a U.S. technology firm has been fined under the EU's General Data Protection Regulation. Ireland's Data Protection Commission on Tuesday hit social media giant Twitter with a $547,000 fine for failing to report and document a data breach within 72 hours, as required under GDPR.
To improve compliance efforts, organizations can turn to a number of technologies, including data analytics. Two experts share their views on making the most of automation and integration tools.
A new Python-based information-stealing Trojan dubbed "PyMicropsia" is linked to a hacking group called AridViper, which is active mainly in the Middle East, according to Palo Alto Networks' Unit 42.
Security teams must explain to business leaders how customer identity and access management can help with customer retention, says cybercrime and fraud expert Lenny Gusel.
Vulnerability management is vulnerable. This year's transformation has revealed new gaps in processes and tools, inspiring a new evolution to the discipline of Vulnerability Management, Detection and Response. Mehul Revankar of Qualys discusses VMDR and how to embrace it.
Following the discovery that attackers Trojanized SolarWinds' Orion software, expect the list of organizations that were running the backdoored network-monitoring tool to keep increasing. But with this being a suspected cyberespionage operation, attackers likely focused on only the juiciest targets.
He was the first U.S. federal CISO, and before that he was an Air Force general. So when Gregory Touhill reacts to the coordinated supply chain attack on SolarWinds, he does so in military terms. His message to the global cybersecurity community: "Shields up."
What should incident responders grappling with the complex online attack campaign that successfully distributed a Trojanized version of SolarWinds Orion network monitoring software to customers focus on first? See these four essential alerts, which are already being updated.
The supply chain attack targeting SolarWinds was planned for months and intensified since the November election, says Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black. "Unprecedented" is how he describes the scale of the attack and level of sophistication.
Cybersecurity is a legitimate - and significant - business risk, and it's time to frame the topic appropriately, says Robert Hill, CEO of Cyturus. He shares insight on how to discuss cyber risk appropriately with C-level leadership and the board of directors.
Warning: The breach of FireEye disclosed last week traces to a sophisticated campaign involving Trojanized versions of SolarWinds Orion software used by hundreds of large businesses and government agencies. Experts are urging users to immediately upgrade the software and begin looking for signs of compromise.
Researchers with Palo Alto Networks' Unit 42 are tracking a relatively new cryptomining botnet called "PGMiner," which is targeting PostgreSQL database servers to illegally mine for monero. Currently, the malware only targets Linux-based database servers.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.