A European effort to wrest greater control over the infrastructure underpinning internet encryption has some security experts warning about degraded website security. The European Union is on the cusp of requiring web browsers to honor web certificates known as QWACs.
In recent years, a wide range of organizations have made unprecedented migrations to cloud. But as businesses increasingly rely on cloud-based technologies, the need to mitigate cybersecurity threats has never been greater. Is CNAPP the solution to defending against adversaries in the cloud?
How do we manage the risk of global supply chain attacks? Will a shift in cybersecurity liability to software providers help improve the problems of software vulnerabilities? Adam Isles, principal of The Chertoff Group, said mandating software bill of materials measures has its own challenges.
The United States' second-highest-ranking prosecutor said the Department of Justice has pivoted its security strategy from pursuing courtroom victories to preventing and disrupting cybercrime. Lisa Monaco said Justice officials now put victims at the center of their cybercrime response.
Diabetic patients who used a Medtronic smartphone app for managing insulin levels are being told that Google may have collected certain personal information through the sign-in infrastructure. The disclosure comes amid a wave of healthcare providers reassessing their use of third-party tools.
Nurse call systems present a top cybersecurity risk in clinical environments, but so do an array of other similarly connected nonmedical devices commonly found in healthcare settings, says a new research study by security vendor Armis.
ISMG editors are live at RSA Conference 2023 in San Francisco with an overview of opening-day speakers and hot topics including the emergence of AI, the latest intel on nation-state threats, security product innovation and deals, and ransomware trends. Join us for daily updates from RSA.
A Chinese and a Hong Kong national are each under U.S. federal indictment for their roles in channeling cryptocurrency stolen by North Korean hackers into hard currency. Prosecutors also indicted a North Korean man for representing the sanctioned Korea Kwangson Banking Corp.
Over a five-year span, reported BEC incidents cost global enterprises more than $43 billion in losses. This trend has the attention of the U.S. Secret Service. Agents Kevin Cooke and Abigail Tyrrell discuss why law enforcement partnerships and speed of response are more critical than ever.
According to findings from the Identity Theft Resource Center's 2023 Q1 Data Breach Report, the number of publicly reported data compromises decreased, but the number of data breaches with no actionable information about the root cause of the compromise grew.
Many of the same security weaknesses of the past - including incidents involving the exploitation of vulnerabilities - are still leading to major IT system compromises and data breaches, said John Shier, field CTO commercial of Sophos, who shared findings from the 2023 Active Adversary report.
Threat actors are exploiting Kubernetes Role-Based Access Control in the wild to create backdoors and to run cryptocurrency miners. Researchers observed a recent campaign that targeted at least 60 Kubernetes clusters by deploying DaemonSets to hijack and steal resources from the victims' clusters.
A North Korean backdoor targeting Linux desktop users shares infrastructure with the hacking group behind the 3CX software supply chain hack. Cybersecurity firm Eset analyzed the backdoor and connected it with a Pyongyang fake job recruiting campaign generally known as Operation Dream Job.
In the latest weekly update, finance security expert Ari Redbord joins ISMG editors to discuss takeaways from the U.S. Treasury's 2023 DeFi Illicit Finance Risk Assessment, the state of blockchain analytics and where it is headed, and traction for FinCEN's Financial Action Task Force Travel Rule.
Hardware-based authentication vendor Yubico plans to go public at an $800 million valuation by merging with a special purpose acquisition company. The Swedish firm said becoming publicly traded will accelerate Yubico's push to enter adjacent authentication markets and land clients in new verticals.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.