In the latest "Troublemaker CISO" post, security director Ian Keller discusses killware - "a hack of critical services and or infrastructure that can lead to the loss of life" - and asks: "Why should the power grid - or hospitals, water treatment plants or your pacemaker - be internet-accessible?
Google's threat analysis team has detected a new remote code execution flaw leveraged by North Korean nation-state attackers targeting cryptocurrency, fintech and other industries. Although not named in the report, there appears to be a link to the notorious Lazarus cybercrime group.
Online attackers are increasingly targeting the financial services sector. John Fokker, head of cyber investigations at Trellix, says his firm has charted a 22% quarterly increase in ransomware attacks on financial services, and APT detections have risen by 37%. Here's how the industry must respond.
The pandemic has raised the ante significantly for the attack surface and the level of insider threats facing healthcare sector entities, according to Dave Bailey, vice president of security services, and attorney Andrew Mahler, vice president of privacy and compliance, of consultancy CynergisTek.
A security researcher found two critical vulnerabilities and one high-severity vulnerability in two separate Veeam products that may allow attackers to perform remote code execution and allow local privilege execution on victims' systems, respectively. Veeam has issued patches for all three bugs.
The current and former owners of CafePress, a site for selling customizable merchandise, have agreed to a draft Federal Trade Commission settlement tied to multiple security shortcomings that failed to prevent or detect a 2019 data breach that exposed 22 million users' account details.
This report analyzes how sanctions levied against Russia and Belarus for the invasion of Ukraine are affecting security researchers in those countries who participate in bug bounty programs. It also examines lessons to be learned from data breaches and developments in passwordless authentication.
Russian state-sponsored threat actors are exploiting default MFA protocols, along with PrintNightmare, the Windows Print Spooler vulnerability, to illegally access the network of a nongovernmental organization, the U.S. Cybersecurity and Infrastructure Security Agency and the FBI say.
It is critical for medical device manufacturers to take a threat modeling approach early in a product's design stage, say MITRE medical device cybersecurity experts Margie Zuk and Penny Chase, co-authors of the recently released Playbook for Threat Modeling Medical Devices commissioned by the FDA.
Video game developer Ubisoft has confirmed that a cybersecurity incident caused temporary disruption to some of its games, systems and services, and the ransomware gang Lapsus$, which was behind the breaches at Samsung and Nvidia, is implying that it may have been responsible.
The U.S. OMB recently released its latest deliverable as part of President Biden's cybersecurity executive order. Former federal CISO Grant Schneider discusses this guidance and shares best practices for agencies and organizations to improve the security of their software supply chain.
Cybersecurity in Russia right now is complicated, owing to reprisals over its Ukraine invasion, leading to Russia launching its own root certificate to keep sites online; facing down "Russians only" RURansom wiper malware; and Avast being the latest business to suspend all operations in the country.
Healthcare entities and other organizations frequently skimp on application security, which is a critical area, and this often results in data breaches, security incidents and other mishaps, says former Blue Cross of Idaho CISO Sandy Dunn, who is now CIO and CISO of security firm BreachQuest.
Federal authorities are warning about seven vulnerabilities affecting a software agent used to remotely manage an array of medical devices and other connected gear. If exploited, the vulnerabilities could enable hackers to gain full control of the affected devices or alter their configurations.
Guidance from the Healthcare Sector Coordinating Council provides healthcare delivery organizations and vendors with recommendations for including cybersecurity in contracts pertaining to the procurement of medical device products and related services.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.