The U.S. Cybersecurity and Infrastructure Security Agency is ordering most executive branch agencies and departments to create vulnerability disclosure programs by March 2021. Some agencies, such as the Pentagon, already have robust programs in place.
Two recent hacking incidents that each affected more than 100,000 individuals illustrate the variety of cyberthreats healthcare organizations face during these chaotic times. Security experts offer risk mitigation insights.
Security professionals are expressing surprise that email service provider Sendgrid did not have multifactor authentication in place to protect its customer accounts, which may have enabled the compromise of a large number of accounts, followed by the sale data on the darknet.
A Ghana resident has been extradited to the U.S. to face charges of targeting a Memphis-based real estate company in a sophisticated BEC scam and participating in other criminal schemes, according to the Justice Department.
Political campaigns are at risk from nation-state actors and other hackers seeking to exploit network vulnerabilities and create backdoors to access sensitive data that can be used to undermine the November election, says retired Brigadier General Francis X. Taylor, executive director of U.S. CyberDome.
A South Dakota agency, one of 200 law enforcement agencies affected by the so-called "BlueLeaks" hacking of a web development firm in June, has disclosed that COVID-19 patient information was leaked.
Diebold Nixdorf and NCR have issued patches for ATM software vulnerabilities that could enable a hacker with physical access to the devices to commit deposit forgery, according to the Carnegie Mellon University CERT Coordination Center.
A patching effort has been underway for six months to upgrade Thales wireless communication modules that are embedded in millions of IoT devices, including insulin pumps and smart meters. Left unpatched, a vulnerability in the modules could allow attackers to control devices, IBM warns.
Researchers at Check Point developed a one-click attack against Amazon's popular voice-controlled assistant Alexa that could reveal a user's voice history or personal information. Amazon has fixed the web application security flaws but says Check Point's demo video is misleading.
The latest edition of the ISMG Security Report analyzes why Barclays is being investigated for allegedly spying on its employees. Also featured: How the pandemic is affecting CISOs; an FBI assessment of nation-state threats to U.S. election.
To help mitigate the risks posed by business email compromise scams that target privileged users, enterprises need to create a detailed enterprise risk management plan that spells out procedures to secure accounts, says Espen Otterstad, CISO at Norwegian telematics company ABAX AS.
Jeanette Manfra served under three presidents as one of the top U.S. government cybersecurity leaders. Now in her new role with Google Cloud, she draws upon her public sector experience to help agencies in their cloud adoption.
New research has uncovered widespread vulnerabilities in wireless dongles that plug into a vehicle's OBD-II port. The inexpensive IoT devices have put new power into the hands of consumers to monitor their vehicles or check fault codes, but they could also open up new vectors for attacks.
High-speed trading firm Virtu Financial says it lost $6.9 million in a business email compromise scam in May. The company is now suing its insurer for failure to cover the loss.
A recently uncovered BEC scam has targeted the Office 365 accounts of executives at over 1,000 companies worldwide, collecting more than 800 sets of credentials in an attempt to commit payment fraud, according to Trend Micro.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.