This edition of the ISMG Security Report analyzes the latest ransomware trends from the European Union Agency for Cybersecurity, findings from the first-ever Cyber Safety Review Board on the Log4j incident, and how security and privacy leaders are harmonizing new U.S. privacy laws.
Thales plans to enter the customer identity and access management market through its purchase of an emerging European CIAM player. The French firm plans to capitalize on OneWelcome's strong product by extending its footprint beyond Europe and into North America and Asia-Pacific.
Indian hyperlocal logistics provider Grab says it wasn't hacked by a Malaysian hacktivist group. DragonForce Malaysia posted last Saturday on Twitter and Telegram the purported details of Grab delivery personnel. The group is amid an active campaign dubbed OpsPatuk against Indian targets.
"We came up with a structured, documented approach to respond to mitigating the Log4j vulnerability using the EDR scanning tools along with a code validation, containerization, and sandboxing of our applications and networks," says Ian Keller, security director at Ericsson.
Applying cloud access security broker’s three functionalities - API-level integration with managed device transfer for visibility, in-line CASB for proxy and other devices, and its control over cloud and other access points - helps provide better control and the ability to protect and secure user access, says Thomas...
Over 500 cyber security professionals reveal key incident response challenges and how they’re rethinking preparedness, detection and response programs.
Download this whitepaper - takeaways include:
Over 55% of organizations want to improve time to containment and incident response automation but more than 45%...
Amid a surge in new international data privacy laws and regulations, it is becoming increasingly challenging for organizations to stay compliant. The first step: data classification. In this webinar, a panel of experts will explain how integrating data classification with necessary data protection tools such as DLP,...
Nearly three weeks ago, Iran's state railway company was hit with a cyberattack that was disruptive and - somewhat unusually - also playful. Security firm SentinelOne says analyzing the wiper malware involved offers tantalizing clues about the attackers' skills, but no clear attribution.
As organizations prepare a plan for migrating to the Secure Access Service Edge, or SASE, model, they need to carefully assess the need for reorganization of the networking and security departments, says Nat Smith, senior director, security analyst at Gartner, which coined the SASE term.
Third party vendors are often the weakest link in your organization’s security ecosystem, since most security leaders do not have good visibility or oversight of their security controls. But as the recent breach of SolarWinds or HAFNIUM has made clear, managing third party risk is now an essential part of your...
North Korean hackers have been "targeting security researchers working on vulnerability research and development at different companies and organizations" to trick them into installing backdoored software that gives attackers remote access to their systems, warns Google's Threat Analysis Group.
The Hong Kong Monetary Authority's Cybersecurity Fortification Initiative 2.0, an updated version of a framework designed to strengthen cyber resilience in the banking and financial sector, will officially roll out in January and be implemented over the following two years.
TikTok and WeChat both received reprieves over the weekend that helped avert U.S. blocks of their social media apps. President Donald Trump says he has given his "blessing" to a deal that would see Oracle and Walmart take a stake in TikTok's U.S. operations. Separately, a federal judge suspended a WeChat ban.
An organization has successfully implemented a "zero trust" framework when it can achieve context-aware resolution of a risk, says Dr. Siva Sivasubramanian, CISO of SingTel Optus, an Australian telecommunications firm.