Top U.S. cybersecurity leaders continue to warn against the peril of Apache Log4j vulnerabilities, confirming on Monday that hundreds of millions of devices worldwide are likely affected by the logging utility flaw, although the response, in terms of scope and speed, has been "exceptional."
U.S. authorities are warning healthcare sector entities of rising threats involving Pysa ransomware and the cybercriminal gang Mespinoza, which operates the malware variant. Meanwhile, healthcare entities in the U.S. and globally continue to battle an assortment of cyberattacks and their fallout.
The EU's law enforcement agency, Europol, has been ordered by a watchdog to not retain for longer than six months any personal data it stores pertaining to individuals who reside in the EU, unless it has ascertained that the individuals are tied to an investigation or criminal activities.
Ransomware has captured the attention of many due to its far-reaching impacts on industrial control systems (ICS) and has become the primary attack vector for many industrial organisations in 2021. Once a problem that only affected IT infrastructure, incidents like Colonial Pipeline, Honeywell, and JB Foods showed...
Identity Security Alliance reported in 2021, 83% of security professionals have seen an increase in the number of identities within their organization in the past year. The number of identities relating to the business is expanding, and as the IT estate grows, the more unwieldy it becomes. Gartner named Cybersecurity...
Learn How to Achieve Zero Trust Private Cloud Security
Protecting core applications and sensitive data in a private cloud requires the agility of cloud-centric, cloud-delivered security to converge with Zero Trust Enterprise Architecture principles.
The time to secure your applications, users, and devices is...
The increasingly connected home is a vulnerable part of the extended enterprise, especially as the line blurs between personal life and work, says Forrester principal analyst Heidi Shey. She encourages organizations to adopt a two-pronged approach to protecting the "work from home" workforce.
Sen. Gary Peters, D-Mich., who chairs the Homeland Security and Governmental Affairs Committee, said this week that his committee convened a virtual briefing with both CISA and National Cyber Director Chris Inglis to discuss efforts to mitigate the threat posed by the Log4j vulnerability.
The Apache Log4j vulnerability capped the end of a long year for CISOs and incident responders. Security leaders Pooja Shimpi and Deepayan Chanda discuss how their teams have tackled Log4j - and significant lessons learned about incident response and information sharing.
The road to Zero Trust starts with an entry point on the road map. But what are the common entry points, and how might the journey unfold? Satish Gannu, CTO-Digital of Korn Ferry, discusses the Zero Trust road map with Paul Martini, CEO of iboss.
The JFrog research team discovered a new RCE vulnerability, which will be tracked by NIST as CVE-2021-42392, in the H2 database console. Although the researchers say the root cause of this critical flaw is similar to the flaw in Apache's Log4j, they believe the differences may lessen its impact.
French data protection agency CNIL has imposed fines of $170 million on Google and $66 million on Facebook for not complying with cookie regulations. The watchdog has ruled that the firms should make opting out of cookies as simple as opting in, or pay a $113,000 fine for each day of delay.
A Chicago-based fertility center has reported that a hacking incident detected in February 2021 has affected the protected health information of nearly 80,000 individuals. The breach is among the latest major security incidents involving fertility healthcare providers.
In the latest update, four ISMG editors discuss key cybersecurity issues, including myth busting from the founder of Zero Trust, the reason behind the surge in high-profile cryptocurrency scams in India and how ransomware attackers routinely lie about their inclinations, motivations and tactics.
The latest edition of the ISMG Security Report features an analysis of the recent surge in Russian cyber interference in Ukrainian government and civilian networks, the impact of China's privacy law, and the battle against cryptocurrency cybercrime.