How bad is the breach of the MOVEit zero-day to businesses, government agencies and their customers? The short answer is that the known fallout from the Clop ransomware group attack already looks bad and keeps getting worse as ongoing investigations add to the victim count of 20 million people.
While IT-OT convergence is accelerating, awareness and maturity of OT technologies still have a long road ahead. In this transition, organizations need to ensure the safety and health of workers is always the top priority for OT security, said Andre Shori, CISO, APAC with Schneider Electric.
President Xi Jinping directed state agencies to strengthen the government’s control over the internet and information technology sector, potentially discouraging investment in the country. Among the obstacles is a new Counter-Espionage Law focused on investigating foreign companies.
Warning: Hackers are actively exploiting a flaw in Adobe's ColdFusion rapid web application development platform to execute malicious code. While Adobe attempted to patch the flaw, researchers say attackers appear to have found a way to bypass it by chaining together multiple flaws.
Organizations need to change their approach to managing risk and vulnerabilities, monitor data to one place and identify the true risks - vulnerable devices and systems that matter most to the business, said Vulcan Cyber's Yaniv Bar-Dayan. It’s time to move from quantitative to qualitative analysis.
Microsoft estimates that each day threat actors attack 95 million Active Directory accounts. In the face of so many attacks, security teams should assume compromise and focus not just on securing Active Directory but also on recovery and resilience, said Semperis' Simon Hodgkinson.
Federal regulators and medical device maker Becton, Dickinson and Co. are warning about eight vulnerabilities that could allow an attacker to compromise BD's medication infusion product suite, potentially putting data and device integrity at risk if exploited.
The administrator of the now-defunct BreachForums has pleaded guilty to two counts of hacking and one count of child pornographic possession. Conor Fitzpatrick, 20, operating under the moniker Pompompurin, made nearly $700,000 running the criminal online forum for just under a year.
Cybercriminals may be using a generative AI tool called WormGPT to create convincing phishing emails to support business email compromise attacks. A new survey shows that 1 in 5 people fall for the fake, AI-generated emails, according to cybersecurity researchers.
Countries in the Asia-Pacific region so far have not followed the West's lead in banning TikTok from government agency devices, except for special circumstances. But individual nations are pursuing a variety of strategies based on their specific perceptions of the threats they face.
Suspected Chinese hackers gained access to senior U.S. officials' emails by exploiting a zero-day vulnerability in Microsoft's cloud environment. While Microsoft said customers couldn't have prevented the attack, the U.S. government says logging was key to spotting it.
In the drive to build a more diverse workforce, security organizations are progressing in many ways, such as ensuring that required skills in job descriptions are more inclusive, said Ed Parsons of (ISC)². But he added that job recruiters need to "meet underrepresented groups where they are."
Enterprise software firm JumpCloud says a sophisticated nation-state threat actor is behind a security incident that targeted a small and specific set of customers last week. JumpCloud reset all of its API keys, potentially affecting thousands of customers including Cars.com and GoFundMe.
It’s hard for SaaS startups to sit at the same table with large enterprises. They need governance and risk management programs to build trust. So how can startups compete when they have no background? Privacy and security play a key role in building trust, said Privacy Business Group's Sawan Joshi.
How can you tackle mobile app security and solve user concerns about usability? No-code cyber defense automation can be used to achieve security outcomes in seconds, build desired protections and prevent fraud and malware directly inside the CI/CD pipeline, said Appdome CEO Tom Tovar.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.