With the rise in cloud infrastructure, internet-connected devices, and third-party vendors, the attack surface has expanded, and the number of vulnerabilities and risks has increased dramatically. This has led to enormous pressure from stakeholders, including executives, board members, customers, business partners,...
The U.S. government limited its use of advanced surveillance software such as Pegasus through an executive order prohibiting agencies from buying licenses for spyware used by foreign governments to spy on dissidents. The order does not outright stop the government from purchasing spyware.
Orca Security has promoted Chief Product Officer Gil Geron to CEO to help the agentless cloud security vendor maintain its market leadership and rapid growth. The leadership swap at Portland, Oregon-based Orca will result in Avi Shua moving to the newly created position of chief innovation officer.
Europe's cybersecurity agency predicts hackers will take advantage of the growing overlap between information and operational technologies in the transport sector and disrupt OT processes in a targeted attack. Ransomware will become a tool wielded for political and financial motivations, says ENISA.
Healthcare executives called on Congress to ensure minimum cybersecurity standards, saying a wholly voluntary approach is failing clinics and hospitals. Gaps are widest at small rural hospitals, testified a former hospital CISO before the Senate Homeland Security and Governmental Affairs Committee.
As our business-critical applications are a blend of cloud and on-premise based and users need secure access to resources from everywhere, the traditional firewall approach no longer works. Our single network perimeter has evolved to multiple micro-perimeters.
For many organizations the application is the new...
Identity verification and e-signature firm OneSpan is working with investment bank Evercore on a sale process that could attract interest from other businesses and private equity firms, Reuters reported. This follows five publicly traded cyber vendors agreeing to go private since the start of 2022.
Spoiler alert: In 2022, audits found open source in 100% of our customer engagements.
Since open source usages are now so pervasive, companies are increasingly concerned about the security of applications built on the foundation of open source components. Consequently, open source security and license compliance...
Arctic Wolf has expanded its security operations platform into threat intelligence, incident response and cyber insurance, says CEO Nick Schneider. The company has focused on putting businesses in the best possible position to answer questions from insurance carriers following a security incident.
Technologists were quick to point out that popular AI-based chatbot, ChatGPT, could lower the bar for attackers in phishing campaigns and even write malware code, but Cato Networks' Etay Maor advises taking these predictions "with a grain of salt" and explores the pros and cons of ChatGPT.
In the latest weekly update, four ISMG editors share highlights of ISMG's upcoming Engage Toronto event and discuss how the U.S. Supreme Court may undercut the identity theft statute and how - despite tough economic times - vendor Wiz boosted its valuation by $4 billion in 16 months.
In the 21-month stretch from October 2020 to June 2022, a whopping 48 cybersecurity startups received 10-figure valuations as investors evaluated prospects on potential rather than performance. Now that the financial boom has gone bust, what happens to these unicorns from a different economic era?
A new federal strategy to make commercial manufacturers liable for insecure software requires an attainable safe harbor policy and could be a disincentive for software manufacturers in sharing important vulnerability information with the U.S. government, according to industry observers.
It all started at the end of July 2018, following a fire in an electrical substation that led to a power outage for citizens and a major train station in Paris. Because of the time of year, RTE, the manager of France’s electrical infrastructure, found itself in the middle of a controversy about its responsiveness....
Having an incident response plan in place is essential for any engineering organization. A plan helps keep every person, tool, and process involved in your incident response workflow working together cohesively. Oftentimes, incident
response workflows are reactive, disorganized processes that move slower than...