Since credential leaks are so common in cybersecurity incidents and breaches, how is it even possible to protect identities? Corey Nachreiner of WatchGuard Technologies shares strategies for how enterprises can upgrade their approach to identity security.
The threats come at a scale that no enterprise has seen before, and it is harder to recruit and retain staff to detect and respond. Yet, how can business leaders determine if an MSP is capable of adapting as their organization's security needs change? WatchGuard's Corey Nachreiner shares advice.
In the latest weekly update, ISMG editors discuss the trending themes from the 2022 ISMG Southeast Summit, plans by cryptocurrency exchange Binance to implement security measures to shore up cross-chain vulnerabilities, and the viability of a proposed data flow agreement between the U.S. and Europe.
Fast-fashion clothing giant Shein has been fined $1.9 million by the New York state attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security as well as failing to alert users or force password resets in a timely manner.
Emails encrypted through Microsoft Office are vulnerable to attacks that can reveal the original content of messages due to shortcomings in the protocol, says WithSecure security researcher Harry Sintonen. Microsoft says it may finally abandon its use of the Electronic Code Book algorithm.
Cybersecurity firm Eset says its spotted multiple hacks in Israel coming from a Lebanese threat group dubbed Polonium that's affiliated with Iran. The group employs custom-coded backdoors that use a slew of cloud storage accounts to handle command and control.
A ransomware gang published 52 gigabytes of data it says it stole from Consorci Sanitari Integral, a Barcelona health organization of 3,000 physicians and staff. CSI acknowledge a "compromise in data confidentiality" but says its systems are fully recovered thanks to cloud backups.
The toll that cyber incidents can have on healthcare entities and their patients was especially felt this week by the parents of a 3-year-old child who received an accidental megadose of medicine - a mistake attributed to IT systems being offline at an Iowa medical center.
A phishing and fraud prevention vendor has bought a startup founded by Qualys' longtime engineering leader to help organizations more effectively discover and monitor assets. Red Sift says its purchase of Hardenize will help customers assess the security of their digital asset inventory.
The Biden administration will put more critical infrastructure sectors, such as water, under mandates to ensure minimal cybersecurity standards. The White House is also ramping up interest in consumer cybersecurity by initiating a labeling program for the internet of things.
"Good enough" security used to be just that for many boards and senior leaders. But in today's dynamic threat landscape, where digital identities are under siege, the concept of identity security has risen to be a business essential. Matt Mills of SailPoint tells why this is a game-changer.
A former doctor who practiced internal medicine in several states has pleaded guilty in a New Jersey federal court to criminal HIPAA violations in a case that also involved a pharmaceutical salesman and a larger alleged $2.5 million healthcare fraud conspiracy.
Immersive Labs completed a funding round just weeks after laying off 10% of its workforce to cover more developer languages and safeguard Azure and Google Cloud. The Ten Eleven Ventures-led funding will help Immersive Labs expand its coverage from frontline cybersecurity staff to development teams.
One zero-day down but two Microsoft Exchange zero-days to go in this month's dose of patches from the Redmond, Washington computing giant. Microsoft fixed a COM+ flaw being exploited in the wild but for now is relying on workarounds for two known email server bugs.
Lloyd's of London says it has fully restored network services and that an investigation uncovered no evidence of a compromise. The insurance and reinsurance marketplace giant took systems offline last week after detecting what it called "suspicious activity."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.