In the latest "Proof of Concept," Lisa Sotto, Jeremy Grant and ISMG editors discuss the significance of Apple, Google and Microsoft supporting the FIDO protocol's passwordless sign-in standard, progress made on Biden's cybersecurity executive order and updates on U.S. cybersecurity and privacy laws.
In its most recent assault against a healthcare entity, ransomware-as-a-service operator AvosLocker claims to be behind an attack allegedly involving data theft from Texas-based CHRISTUS Health, which operates hundreds of healthcare facilities in the U.S., Mexico and South America.
Italian police reportedly thwarted attempts to disrupt online voting for the music competition Eurovision, allegedly perpetrated by a hacking group called Killnet in retaliation for Russia not being allowed to compete at this year's festival, due to its invasion of Ukraine.
The European Parliament and the Council of the European Union on Friday reached a provisional agreement to set a "baseline for cybersecurity risk management measures and reporting obligations." Called NIS2, it is a modernized framework based on the EU Network and Information Security Directive.
As attack surfaces have grown, so has risk - and adversaries are finding new ways to infiltrate organizations. Wade Ellery of Radiant Logic discusses the convergence of risk, identity management and zero trust security, spelling out new strategies to defend attack surfaces and minimize risk.
If you were a nation with legions of hackers at your disposal, seeking to sidestep crippling international sanctions, would you look to ransomware to fund your regime? That question is posed by new research that finds state-sponsored North Korean hackers haven't stopped their ransomware experiments.
A post-exploitation framework dubbed IceApple has been targeting global organizations that use Internet Information Services - Microsoft's extensible web server software - and Microsoft Exchange servers since at least 2021, says Falcon OverWatch, the proactive threat hunting team at CrowdStrike.
In the latest update, four editors at Information Security Media Group discuss the intriguing insights exposed by the leak of ransomware gang Conti's internal communications, the U.S. Treasury's first-ever sanctions on a cryptocurrency mixer and the latest cyber activity in Russia's hybrid war.
As the Russia-Ukraine war continues, cybersecurity officials say the risk of attack spillover - and perhaps the direct targeting of critical infrastructure sectors outside Ukraine - remains high. The memo for CISOs is clear: Remain prepared.
Many organizations struggle to understand how to approach application security program maturity. Caitlin Johanson and Dan Cornell of Coalfire share why AppSec maturity is important and offer strategies for how enterprises can evaluate their AppSec maturity levels and build a robust response.
In the latest "Troublemaker CISO" post, security director Ian Keller discusses the issue of supply chain security and whether you should disclose information about your supply chain to companies as part of the effort to secure it. His conclusion: Build your defenses and trust no one.
A recent ransomware attack disclosed by a medication management systems provider is the latest reminder of persistent cybersecurity threats and risks facing healthcare supply chain and related vendors, as well as their customers. What's at stake?
Viasat's satellite communications suffered an outage an hour before the Russian invasion of Ukraine began on Feb. 24. The company said it was a cyberattack, but did not identify the attacker. The U.S., U.K., EU and Ukraine have now attributed this attack to Russia.
As the Russia-Ukraine war continues, what cybersecurity lessons should be learned? At the CyberUK conference in Wales, cybersecurity czars focused on surprises - including low online attack volume and the role of hacktivists - and lauded Ukraine's cyber resilience, honed by years of stress testing.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.