This edition of the ISMG Security Report features a discussion about why the head of Britain's National Cyber Security Center says the No. 1 cyber risk is not nation-state attackers but ransomware-wielding criminals. Also featured: Western Digital IoT flaws; an FBI agent tracks cybersecurity trends.
The NSA, the FBI and other U.S. government agencies are tracking an ongoing Russian cyberespionage campaign in which attackers are using brute-force methods to access Office 365 and other cloud-based services.
The University Medical Center of Southern Nevada acknowledged it had been the victim of a cyberattack after a newspaper discovered stolen data had been posted on the darknet site of ransomware-as-a-service gang REvil.
In a multinational effort led by the Dutch National Police, authorities seized servers and web domains used by DoubleVPN, a Russia-based company that allegedly provided a safe operating infrastructure for cybercriminals, according to Europol.
The Justice Department has filed seven new criminal charges against Paige Thompson, who is suspected of hacking Capital One in 2019, compromising the data of 100 million Americans, including exposing hundreds of thousands of Social Security numbers. If convicted, She now faces a possible 20-year sentence.
Deputy national security adviser Anne Neuberger says the White House is preparing to release additional details, including attribution, about the attacks that targeted vulnerable on-premises Microsoft Exchange email servers at government agencies and other organizations earlier this year.
During the past year-plus of digital transformation, many enterprises have not just migrated to the cloud but to hybrid cloud environments. David Hill of Veeam says two security measures - data portability and protection - are often overlooked.
The Centers for Medicare and Medicaid Services is considering new cybersecurity requirements for hospitals participating in Medicare after a watchdog agency recommended CMS should require the facilities to address the cybersecurity of their networked medical devices.
A government watchdog is urging NASA to make multiple improvements to its cybersecurity and risk management policies to counter threats to the space agency's network, infrastructure and data. NASA, in turn, is working toward making some security improvements outlined by the GAO by the end of this year.
Microsoft recently released updates for its Edge browser, including a fix for a bypass vulnerability that could allow a remote attacker to bypass implemented security restrictions.
The code used to build copies of Babuk ransomware - to infect victims with the crypto-locking malware - has been leaked, after someone posted the software to virus-scanning service VirusTotal. Whether the leak was intentional - perhaps a rival gang seeking to burn the operation - remains unclear.
The Russian-linked cyberespionage group behind the supply chain attack against SolarWinds targeted Microsoft's customer support system as part of a new campaign, the company disclosed in a report. The group, called Nobelium, has been linked to recent attacks against a marketing firm used by USAID.
What is the life cycle of a ransomware attack, and how can organizations better detect and block them? Peter Mackenzie of Sophos, says that while many victims assume attackers first struck when systems got crypto-locked, the intruders had actually been in the network for "days or weeks."
Security specialists are offering preliminary feedback on Microsoft's sneak peek at the new security measures to be included in the Windows 11 operating system, which is slated for release in December.
This edition of the ISMG Security Report features an analysis of CISA's finding that agencies could have prevented follow-on attacks after the SolarWinds supply chain attack by properly configuring firewalls. Also featured: Congressman discusses deterring nation-state attacks; insider threat mitigation tips.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.