In the latest weekly update, four ISMG editors discuss the state of cyber insurance today and why its future is uncertain; applying a security-by-design reliability model to analyze vulnerabilities; and how Russia takes down members of the REvil ransomware group as cyber aggressions in Ukraine rise.
Although flaws in Apache Log4j software that need remediating remain widespread in organizations, "some of them are aware of the issue, some of them aren't aware of the issue, and likely this issue is going to be persisting with us for many, many years," says Jeff Macko, an offensive security expert at Kroll.
Michael Lines is working with ISMG to promote awareness of the need for cyber risk management. As a part of that initiative, CyberEdBoard posts draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself." This chapter is "Recognize the Threats."
The U.K. government is considering new measures to boost cybersecurity standards in the country. The proposed laws recommend levying large fines on essential digital service providers for noncompliance with strict cybersecurity rules, and improving incident reporting.
When Marcel Lehner was hired to be the CISO of MM Group in Vienna, his mandate was clear: to better embed information security management and governance throughout the manufacturer's organization. To do that, he ran a "hearts and minds" campaign to communicate his vision and strategy and boost uptake.
Data on more than 515,000 "highly vulnerable people" has been compromised as the result of a supply chain cyberattack, the International Committee of the Red Cross has disclosed. The organization's humanitarian activities are already being impacted.
U.S. President Joe Biden today signed a National Security Memorandum that aims to improve the cybersecurity of national security systems. The memo gives new powers to the NSA to oversee cybersecurity improvements such as the use of the multifactor authentication, encryption and endpoint detection services.
In a span of just days, two prominent congressmen who have long advanced cybersecurity at the federal level announced that they will not be seeking reelection in 2022. Reps. Jim Langevin, D-R.I., and John Katko, R-N.Y., will, however, pursue a cyber agenda throughout the remainder of their terms.
Attackers have been actively targeting Log4j vulnerabilities, or Log4Shell, vulnerabilities in the servers of virtualization solution VMware Horizon to establish persistent access via web shells, according to an alert by the U.K. National Health Service.
Because healthcare IT environments are so complicated, it will become essential for all suppliers to provide and maintain a software bill of materials for their products to remain relevant, says Curt Miller of the Healthcare Supply Chain Association.
Endpoint detection and response software news: The entity formerly known as McAfee Enterprise and FireEye Products has a new name: Trellix. Think of a "security trellis to businesses across the globe, giving them support they need to keep them safe," says CEO Bryan Palma. Will customers and prospects buy in?
GAO auditors say in a new report that the federal government's response to both the SolarWinds software supply chain attack and the exploitation of Microsoft Exchange Servers in 2021 sharpened its coordination efforts, but also exposed information-sharing gaps.
The FCC is considering changes to its breach notification requirements for telecommunication companies. FCC Chairwoman Jessica Rosenworcel confirmed in a statement this week that the agency is strengthening its rules for both customer and federal law enforcement notification of breaches involving customer proprietary...
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of incident repose planning; the worldwide impact of the LOg4j flaw, which may lead to 2022 being the year of the SBOM; and the increasingly blurred line between conventional...
Russian authorities have arrested 14 individuals suspected of being part of the notorious REvil, aka Sodinokibi, ransomware operation. Russia's Federal Security Agency, the FSB, said it used intelligence provided by the U.S. to help identify the suspects.