The increasing use of internet-connected devices in manufacturing facilities is opening up new ways for hackers to target so-called "smart" factories with unconventional attack methods, according to an analysis by security firm Trend Micro and the Polytechnic University of Milan.
A recently discovered cyber-espionage toolkit called Ramsay is designed to infiltrate air-gapped networks to steal documents, take screenshots and compromise other devices, according to the security firm ESET.
To keep up with security issues raised by the transition to a much larger remote workforce and expanded telehealth services during the COVID-19 crisis, healthcare entities should "streamline" their approach to risk management, says Dustin Hutchison of the security consultancy Pondurance.
Security experts and law enforcement officials have long argued that paying ransoms doesn't pay. For starters, it directly funds the cybercrime ecosystem and makes it attractive for criminals to keep launching ransomware attacks.
Security teams are dealing with more vulnerabilities than they can handle. Spreading these limited resources too thin can quickly lead to inefficiency and burnout. Don't waste precious time remediating vulnerabilities that pose little to no risk.
With risk-based vulnerability management, you'll know exactly which...
Get smarter about data and technology risks.
With more products, relationships, and revenues depending on more digital capabilities, risk isn't something just for IT or the compliance person. We are all on the frontline, and we can all help our companies avoid mistakes and problems.
Use this book to:
Magellan Health, a U.S. managed care company that focuses on specialty areas of healthcare, says it was hit by a ransomware attack that involved the exfiltration of data. Ransomware gangs are increasingly going beyond encrypting data, stealing information to put more pressure on victims to pay ransoms.
From 2016 to 2019, sophisticated nation-state attackers preferred to target 10 vulnerabilities more than all others, the U.S. Cybersecurity and Infrastructure Security Agency and FBI warn in a new alert. They say many of these flaws are years old, yet remain unpatched and actively exploited.
Australian shipping giant Toll Group has vowed to again not pay a ransom after suffering its second ransomware attack of the year. In the latest incident, however, the company warns that attackers also stole corporate data - and it may get leaked.
Phishing scams continue to be a leading cause of health data breaches so far this year. But the theft of unencrypted laptops led to the biggest breach reported in 2020, and an insider breach involving a physician exposed data on thousands of patients.
New research shows it's possible to unlock a password-protected Windows computer in about five minutes by exploiting vulnerabilities in Intel's Thunderbolt hardware controller. The vulnerabilities add to a growing list of issues around Thunderbolt, which is used for connecting peripherals.
Zoom has reached a settlement with the New York state attorney general's office to provide better security and privacy controls for its videoconferencing platform. Meanwhile, the company announced it's acquiring a start-up encryption company.
As manufacturers - including companies such as automakers that do not typically produce healthcare devices - race to help fill medical equipment shortages during the COVID-19 crisis, steps must be taken to ensure adequate security testing, says Fairuz Rafique of cybersecurity services firm EmberSec.
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.