The Biden administration has unveiled its new national cybersecurity strategy, detailing top challenges facing the U.S. and plans for addressing them. Goals include minimum security requirements for critical infrastructure sector organizations and liability for poor software development practices.
A Chinese law requiring mandatory disclosure to the government of vulnerability reports appears to be paying dividends for state-connected hacking. "The Chinese government is up-leveling their capabilities," says Adam Meyers, senior vice president of intelligence at CrowdStrike.
The increasing digital connectivity of industrial networks opens them up to cyber threats, underscoring the importance of protecting not just IT systems, but also operational technology (OT) systems. An analysis of the most prominent cyberattacks that occurred over the past five years across a variety of industries...
Cyberattacks focusing on IoT-connected devices present an additional challenge for critical infrastructure organizations in 2023, due to the large number of vulnerable smart devices that can be compromised remotely.
Explore this research which evaluates the threat landscape from July to December 2022 to report on...
Healthcare last year was the most attacked sector within critical infrastructure, David Scott, deputy assistant director of the FBI Cyber Division, told a Scottish cybersecurity conference. The bureau in 2022 received 870 complaints showing indicators of a critical infrastructure ransomware attack.
Healthcare entities and their vendors should be prepared to show evidence to regulators of how they've implemented "recognized security practices," or RSPs, says Robert Booker, chief strategy officer of HITRUST. "You've got to demonstrate that you align with a framework."
Attackers targeting unpatched VMware ESXi hypervisors to hit virtual machines have reportedly modified their ESXiArgs ransomware to prevent victims from using decryption workarounds identified by researchers. The campaign has already amassed nearly 3,000 known victims and could have many more.
The LockBit group has gone from denying it had any involvement in the ransomware attack on Britain's Royal Mail to trying to bargain for a ransom. The ransomware group's site now lists Royal Mail as a victim and demands it pay a ransom or see stolen data get dumped.
According to ACSC, one quarter of cybersecurity incidents in Australia happened due to critical infrastructure, which has put Australia’s essential services at a heightened risk.
This case study dives into an in-depth analysis on what happens when a water management facility –classified as critical...
Executives underestimated the security risk associated with operational technology based on the erroneous belief that OT networks are highly segmented or air gapped. But COVID-19 made executives realize their OT networks are more connected than they previously thought, says Dragos CEO Robert M. Lee.
Chinese technology firms could be completely banned from buying U.S.-built technology under export control restrictions being mulled by the White House, which has already restricted access to the advanced semiconductors Beijing needs to realize its large-scale artificial intelligence ambitions.
Security researchers say they found the Russian intelligence-linked Sandworm threat actor deploying a novel disk wiper against an energy sector company located in Ukraine. Data wipers have played a key role in Russia's hacking campaign against Ukraine.
The increased physical connectivity of digital assets has expanded the attack surface and added complexity for engineers in industrial environments, says Dragos CEO Robert Lee. More industrial automation and new systems have made it tougher for plant operators to conduct root cause analysis.
Valuations are down, some companies have left the market altogether, and some even have announced deep rounds of layoffs. Yet, Alberto Yépez of Forgepoint Capital retains optimism for the cybersecurity marketplace in 2023 and says now is the ideal time to be ramping up investments in innovation.
Microsoft blamed an internal network configuration change for outages that disrupted access to Microsoft 365 services, including Microsoft Teams and Outlook, for users around the world. The change has been rolled back and additional infrastructure added to speed restoration, it says.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.
