To fight threats, security practitioners need to develop a proactive, offensive risk quantification strategy to establish cyber resilience, says Shaik J. Ahmed, vice president of risk, governance and information security at Mashreq Bank.
GAO auditors say in a new report that the federal government's response to both the SolarWinds software supply chain attack and the exploitation of Microsoft Exchange Servers in 2021 sharpened its coordination efforts, but also exposed information-sharing gaps.
In the midst of a global pandemic, the federal breach tally shows that a record number of major health data breaches were reported in the U.S. in 2021, and the overwhelming majority of them involved hacking/IT incidents. Will those trends continue in 2022?
The defacement of Ukrainian government websites may have been intended as a smokescreen for a destructive malware attack that failed to execute or has yet to be unleashed, some security experts warn. Ukraine continues to investigate the attack, which it suggests may trace to Russia, Belarus or both.
"We came up with a structured, documented approach to respond to mitigating the Log4j vulnerability using the EDR scanning tools along with a code validation, containerization, and sandboxing of our applications and networks," says Ian Keller, security director at Ericsson.
A family medical practice is notifying nearly 200,000 individuals that their information was compromised in a 2020 ransomware attack on cloud hosting vendor Netgain Technology, an incident that also affected several of the vendor's other clients and hundreds of thousands of their patients.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of incident repose planning; the worldwide impact of the LOg4j flaw, which may lead to 2022 being the year of the SBOM; and the increasingly blurred line between conventional...
Multiple government sites in Ukraine, as well as Swedish, U.K. and U.S. embassy websites, have been defaced with warnings to "be afraid and expect the worst." The defacements occurred after a week of "intensive" but unresolved talks between NATO and Russia, which continues to mass troops on Ukraine's border.
The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.
In the wake of the explosive Apache Log4j vulnerabilities, the White House hosted tech leaders and federal agencies in a summit to discuss ways to improve open-source software security. The meeting was hosted by Deputy National Security Adviser for Cyber and Emergency Technology Anne Neuberger.
Maryland officials confirm that a December cyberattack on the state's health department, which is still disrupting some services, involved ransomware - but that no ransom was paid. Also, lawsuits have been filed against a Florida specialty pharmacy in the wake of a November cyber incident.
Healthcare and public health sector entities must heed the warnings this week by federal authorities of Russian state-sponsored cyberthreats to critical infrastructure organizations, some experts say. Why are the stakes so high?
Attackers wielding Night Sky ransomware are among the latest groups that have been attempting to exploit critical vulnerabilities in widely used Apache Log4j software. Microsoft says that among other attacks, a China-based ransomware operator has been exploiting Log4j flaws in VMware Horizon.
The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
The U.S. Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency warn in a joint advisory that state-sponsored Russian attackers are actively exploiting and seeking to cause disruption to critical infrastructure, and it urges defenders to mitigate commonly seen attack vectors.