The FBI will soon begin sharing hashes of compromised passwords found in the course of its cybercrime investigations with Have I Been Pwned, a data breach notification service. The data will contribute to Pwned Passwords, a service that alerts users to passwords that have been exposed in data breaches.
Advanced persistent threat groups are continuing to exploit unpatched flaws in Fortinet products, the FBI warns in a flash alert. For example, an APT group apparently recently exploited a Fortigate appliance to access a web server hosting the domain for a U.S. municipal government, the bureau says.
The latest edition of the ISMG Security Report features an analysis of the city of Tulsa's decision to refuse to pay a ransom following an attack. Also featured: Johnson & Johnson's CISO on shifting priorities; mitigating quantum computing risks.
STEM education has moved to the forefront in the last 15 years, but we still need to do a better job of celebrating technologists as people who can solve significant world problems, says Dr. Heather Monthie, author of the book “Beginner’s Guide to Developing a High School Cybersecurity Program.”
Another big wave of large breaches stemming from hacking incidents, including ransomware attacks, has flooded the federal tally of major health data breaches in recent weeks.
The Department of Homeland Security has issued a cybersecurity directive that requires the operators of oil and gas pipelines to report ransomware attacks and other security incidents to the government and take other security steps.
Belgium's interior ministry, Federal Public Service Interior, is investigating an attack against its network that appears to have the hallmarks of a cyberespionage campaign.
The key to reducing "alert fatigue" is to make sure alerts are repeatedly validated before they're distributed, says Chris Kubic, CISO at Fidelis Cybersecurity, who formerly served as CISO at the U.S. National Security Agency.
There's growing momentum around the use of software bills of materials, which allow for automated supply chain risk analysis. Patrick Dwyer of OWASP says that SBOMs and automation mean organizations can make better risk-based decisions on emerging security threats.
Customer data, PII, web apps – your strategic assets are digital, and they require a new degree of digital risk protection. In this exclusive panel, CISOs Todd Carroll of CybelAngel and TJ Hart of PlanSource discuss the needs, scope and practical use cases.
A threat group likely operating from Iran has been attacking Israeli targets for more than a year with the wiper variants Apostle and Deadwood, masking the intrusions as ransomware attacks to confuse defenders, according to SentinelOne.
More than five months after the SolarWinds supply chain attack came to light, federal agencies continue to struggle with supply chain security, according to a top GAO official who testified before a House committee.
VMware is warning all vCenter Server administrators to patch their software to fix a serious vulnerability that could be used to execute arbitrary code as well as a separate authentication flaw. Experts warn that these and other recent flaws are likely to be targeted by ransomware gangs.
Network intrusion displaced phishing as the leading hack-attack tactic last year, while ransomware continued to surge as the pandemic complicated incident response efforts, says BakerHostetler's Craig A. Hoffman, who describes trends from the 1,250 incidents his firm helped manage.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.