In the latest "Proof of Concept," DXC Technology IT CISO and CyberEdBoard member Mike Baker and Chris Hughes, co-founder and CISO of Aquia, join ISMG editors to discuss benefits, challenges and misconceptions of adopting open-source software in modern code bases - plus best practices for securing them.
Digital transformation offers enormous upsides for technology companies, including the ability to work more efficiently, manage costs, scale operations, improve the customer experience, and accommodate fluctuations in service demand. But for cybersecurity teams, the digital transformation movement presents a wealth of...
The financial services sector handles massive amounts of data and faces increasing cybersecurity risks. With the industry ranking among the top three sectors in data ownership, it manages 2.5 quintillion bytes of data daily. However, technology reliance brings vulnerabilities, and security teams prioritize privacy...
A cyberattack on a shared IT services organization is forcing five member hospitals in Ontario to cancel or reschedule patient appointments and steer nonemergency patients to other facilities. Attacks against third-party vendors are rising, and many regional hospitals are unprepared.
Federal regulators issued new guidance materials for HIPAA-regulated entities, including a document stressing the importance of sanction policies for workforce members who violate HIPAA, plus two new resources for healthcare providers and patients regarding telehealth privacy and security risks.
Threat actors are exploiting another zero-day flaw in Cisco's IOS XE software to implant a malicious backdoor. The IOS XE operating system runs on a wide range of Cisco networking devices, including routers, switches, wireless controllers, access points and more.
Attorneys general across 33 states have reached settlements for three health data breaches that affected nearly 2 million people, including a $1.4 million settlement for a clearinghouse that left patient data exposed for three years. The AGs accused the firms of violating state laws and HIPAA rules.
Cisco issued an urgent warning Monday about a critical vulnerability in one of its modular operating system's web interfaces that is designed for routers, switches and other appliances. Hackers exploited the IOS XE software UI to gain admin rights that give them full control of compromised devices.
No company is an island anymore, and enterprises typically have hundreds and even thousands of vendors. Organizations struggle to understand the risks within their supply chain because of a lack of transparency beyond their own organization, and often don’t have a good sense of their own security posture or the...
Cloud compromises and supply chain attacks are overshadowing ransomware as the top cyberthreats worrying healthcare sector organizations - but all such incidents are still viewed as significant risks to patient outcomes and safety, said Ryan Witt of Proofpoint, citing new research findings.
Maintainers of the widely used open-source command-line tool cURL and libcurl library that supports key network protocols said two upcoming vulnerabilities are set to be disclosed this week. One flaw is probably "the worst curl security flaw in a long time," said curl founder Daniel Stenberg.
Hackers have weaponized a zero-day in a popular workspace collaboration tool to create administrator accounts and gain unrestricted access to their on-premises instances of the software, Atlassian's Confluence Data Center and Server products, which serves millions of daily active users.
Large enterprises, including government and educational organizations, are being warned to immediately update their WS_FTP Server, built by Progress Software, to fix serious flaws being actively exploited by attackers. Secure file transfer software remains a top target, especially for extortionists.
The Clop ransomware group's zero-day attack on MOVEit software was its fourth data theft campaign targeting secure file transfer users. Organizations can combat such attacks by using data minimization and encryption - among other defenses, says Teresa Walsh, global head of intelligence for FS-ISAC.