How 'The Great Resignation' Is Affecting Cybersecurity

Anna Delaney • January 18, 2022

People are leaving their jobs in droves during "The Great Resignation," and the cybersecurity industry is not immune to the trend. Mike Hamilton, the former CISO for the city of Seattle, warns organizations about the opportunities this presents for cybercriminals and outlines how employers can work to retain talent.

►

Application Security

Learn Your Organization's Weaknesses Before the Criminals Do

Latest

Electronic Healthcare Records

HHS Issues Trusted Health Data Exchange Governance Framework

Marianne Kolbasuk McGee • January 18, 2022

Federal regulators have released the final versions of the long-awaited Trusted Exchange Framework and Common Agreement, which provide a governance framework to promote secure, interoperable nationwide health information exchange - an effort that has been in the making for years.

General Data Protection Regulation (GDPR)

Privacy Fines: GDPR Sanctions in 2021 Exceeded $1 Billion

Mathew J. Schwartz • January 18, 2022

Privacy regulators in Europe last year imposed known fines totaling more than $1.2 billion under the EU's General Data Protection Regulation, including two record-breaking sanctions, law firm DLA Piper finds. The total value of fines in 2021 was nearly a sevenfold increase from that seen in 2020.

Critical Infrastructure Security

A Structured Response to the Log4j Vulnerability

Geetha Nandikotkur • January 17, 2022

"We came up with a structured, documented approach to respond to mitigating the Log4j vulnerability using the EDR scanning tools along with a code validation, containerization, and sandboxing of our applications and networks," says Ian Keller, security director at Ericsson.

Governance & Risk Management

FCC Proposes Stricter Telecom Breach Notification Measures

Dan Gunderman • January 14, 2022

The FCC is considering changes to its breach notification requirements for telecommunication companies. FCC Chairwoman Jessica Rosenworcel confirmed in a statement this week that the agency is strengthening its rules for both customer and federal law enforcement notification of breaches involving customer proprietary...

Cybercrime

Russia Arrests 14 Suspected REvil Ransomware Group Members

Mathew J. Schwartz • January 14, 2022

Russian authorities have arrested 14 individuals suspected of being part of the notorious REvil, aka Sodinokibi, ransomware operation. Russia's Federal Security Agency, the FSB, said it used intelligence provided by the U.S. to help identify the suspects.

3rd Party Risk Management

Ransomware Gatecrashes the Apache Log4j Attack Party

Anna Delaney • January 14, 2022

The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.

3rd Party Risk Management

Why Third Parties are the Source of So Many Hacks

Isa Jones • January 14, 2022

Protecting your critical access points and assets should be the number one priority in your cybersecurity strategy.

Governance & Risk Management

Insider Threats are a Quiet Risk in your System

Isa Jones • January 14, 2022

No matter the root cause, the result is the same: reputation damage, fines, compliance issues, and of course the ripple effects that extend outward from a breach.

Governance & Risk Management

Zero Trust Is More Than A Buzzword

Isa Jones • January 14, 2022

Since no one is trusted in this model, insider and outsider access needs to be verified and authenticated each time a user logs into a system.

3rd Party Risk Management

Log4j Updates: Flaw Challenges Global Security Leaders

Devon Warren-Kachelein • January 12, 2022

The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.

Endpoint Security

Researcher Says Flaw Allows Remote Access to Teslas

Jeremy Kirk • January 12, 2022

A security researcher in Germany says he's discovered a software flaw affecting a small number of Teslas, allowing him to unlock doors and windows, start vehicles without keys and disable security systems. The flaw, however, does not affect steering, acceleration or braking.

Critical Infrastructure Security

US Warns of Russia-Backed Threat to Critical Infrastructure

Devon Warren-Kachelein • January 11, 2022

The U.S. Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency warn in a joint advisory that state-sponsored Russian attackers are actively exploiting and seeking to cause disruption to critical infrastructure, and it urges defenders to mitigate commonly seen attack vectors.