Organizations face major challenges gaining visibility into networks that grow more complex by the day, and Corelight CEO Brian Dye says the open-source community can help with gathering evidence and insights from networks so that the perimeter is better secured.
The use of software-as-a-service applications has dramatically increased since the onset of the COVID-19 pandemic, and the changing consumption patterns have ushered in a new set of security challenges, according to Obsidian Security co-founder and chief product officer Glenn Chisholm.
Since joining Forescout 15 months ago as CEO, Wael Mohamed has aggressively pursued acquisitions, scooping up CyberMDX in February to safeguard internet of medical things devices and Cysiv in June to help OT and IoT customers analyze, detect and respond to threats using cloud-native data analytics.
Former Rockwell Automation CISO Dawn Cappelli discusses the mission of the new Dragos OT-CERT - a cybersecurity resource designed to help industrial asset owners and operators build their OT cybersecurity programs, improve their security postures and reduce OT risk - and her role as its director.
The COVID-19 pandemic has accelerated the migration to the cloud for many organizations, and there have also been challenges associated with securing hybrid or multi-cloud environments, according to Omdia Senior Principal Analyst Fernando Montenegro.
BSI Group has expanded its consulting practice beyond just cybersecurity to take on broader questions around digital trust, helping customers address everything from digital supply chain risk to the ethics of artificial intelligence, according to Mark Brown of BSI Group.
While ransomware, third-party risk, phishing scams and insiders continue as the top threats facing healthcare and public health entities, the sector overall is becoming better prepared to deal with these issues than it was just a few years ago, says Denise Anderson, president and CEO of H-ISAC.
Software bills of material, or SBOMs, are still "years away" from being ubiquitous, says Grant Schneider, senior director for cybersecurity services at Venable. He says it will take time for them to catch on, and a set of standards and other critical components for industry need to be defined.
Effective cyber risk management of vendors is critical to the success of organizations that are increasingly relying on these third parties, says Dave Stapleton, CISO of CyberGRX, who describes the importance of using a "true" third-party risk exchange.
CISA says Chinese state-sponsored threat actors are exploiting known vulnerabilities to target public and private companies in the United States, and a related joint advisory from CISA, the FBI and the NSA describes how major telcos and network service providers have been exploited since 2020.
A hacking incident involving data theft from a prominent provider of medical imaging services in Massachusetts has affected 2 million individuals, making it the largest health data breach reported to federal regulators so far this year. The company says the data was stolen in March.
Billions of dollars have already been lost in crypto exchanges, and some of the some losses have been due to "basic" security failures, including third parties not implementing common controls, says Troy Leach, security executive in residence at Cloud Security Alliance.
Atlassian has issued a patch for its Confluence workspace collaboration tool, which is being targeted in the wild with a zero-day vulnerability that gives attackers unauthenticated remote code execution privileges. The vulnerability has a CVSS score of 10 out of 10 for criticality.
Federal authorities have issued advisories about security vulnerabilities identified in several medical device products, including various Illumina Inc. genetic testing and sequencing devices and certain medication dispensing systems and microbiology software products from Becton, Dickinson & Co.
A zero-day vulnerability in Atlassian Confluence, a workspace collaboration tool that serves millions of daily active users, is being targeted in the wild. The flaw, according to the company's security advisory, gives attackers unauthenticated remote code execution privileges.