Researchers have linked Chinese advanced persistent threat group Playful Taurus, also known as Vixen Panda and Nickel, to a series of attacks against Iranian organizations between July and December 2022. The group recently updated its toolkit to include a new variant of the Turian backdoor.
The former head of the U.K.'s National Cyber Security Centre warns that destructive ransomware targeting large enterprises is likely to surge in 2023, adding that recent attacks on Royal Mail and The Guardian newspaper are examples of these early-stage attacks.
Ukraine's top information protection agency says Russian cyberattacks are focusing on destruction of critical information infrastructure, spying and disinformation. Although efforts are underway, it will require $1.79 billion to completely restore the telecommunication sector, it says.
Hacking and third-party business associate incidents were the crux of the largest health data breaches reported to federal regulators in 2022, foreshadowing the top risks and threats that will likely plague healthcare entities and their vendors in the new year, as well.
Researchers have found that Kinsing malware gained access to Kubernetes servers by exploiting misconfigured and exposed PostgreSQL servers. The threat actors gained access by exploiting weakly configured PostgreSQL containers and vulnerable container images.
Potential regulatory policy moves by the federal government could help healthcare entities dedicate more resources to bolstering their cybersecurity efforts, says Greg Garcia, executive director of cybersecurity at the Health Sector Coordinating Council.
In the latest weekly update, ISMG editors discuss how collaboration platform Zoom has strengthened its security features, the implications of a new law on medical device security for patient safety, and details on how a zero-day exploit enabled the ransomware hit on cloud computing firm Rackspace.
Hosting giant Rackspace says the recent ransomware attack resulted in Microsoft Exchange data for 27 customer organizations being accessed by attackers. But it says a digital forensic investigation has found "no evidence" that attackers "viewed, obtained, misused or disseminated emails or data."
The latest edition of the ISMG Security Report analyzes why Meta has agreed to pay $725 million to settle a class-action lawsuit over users' personal data, how the median stock price dropped 40% among publicly traded security firms in 2022, and why an infrastructure change is needed in SOCs.
Arizona has long been a leader in leveraging IT and providing digital services, but across the state and country alike, new challenges are emerging in the wake of the pandemic, and with them come new threats and risk factors, including remote work security, says Ryan Murray, deputy state CISO.
Modern organizations often have complex cloud and on-premise environments often managed with siloed security tools. This situation leads to fragmented visibility, an inability to prioritize risks for remediation and a lack of business-level reporting.
In this webinar, security leaders will learn how cloud security...
Ukraine's domestic intelligence agency revealed this week that it successfully blocked more than 4,500 cyberattacks in 2022. The number of cyberattacks has tripled since last year and has grown fivefold since 2020, the domestic intelligence agency's cyber division chief says.
The latest edition of the ISMG Security Report discusses how investigators saw the collapse of cryptocurrency exchange FTX as "one of the biggest financial frauds in American history," how CISOs can guard against their own liability, and major security and privacy shifts and the outlook for 2023.
An important element of cybersecurity maturity is defining what exactly an organization is trying to accomplish, says Dan Wilkins, CISO for the state of Arizona. With that mission in mind, security teams can align strategy, goals and benchmarks for cyber maturity.