In light of the surge in ransomware attacks against universities, institutions need to make asset management a much higher priority, removing obsolete systems and upgrading essential systems to the latest version to avoid exploits of unpatched vulnerabilities, says Matthew Trump of the University of London.
With consumers relying more heavily on e-commerce during the pandemic and beyond, leveraging behavioral biometrics for authentication is an effective strategy, says Coby Montoya, a fraud-fighting and authentication strategist at a financial company.
Iran's Islamic Revolutionary Guard Corps was behind a ransomware campaign that used a contracting company called "Emen Net Pasargard" to target more than a dozen organizations, according to the security firm Flashpoint. But could cyberespionage be the campaign's true mission?
San Diego-based Scripps Health, which operates four area hospitals, has been forced to postpone some patient care - and reportedly divert some patients seeking emergency treatment - as a result of what local news outlets say is a ransomware attack.
The average amount of time that online attackers camp out in a victim's network - or "dwell time" - has been declining, FireEye's Mandiant incident response group reports. But the surge in ransomware accounts for some attacks coming to light more quickly because those attackers announce their presence.
Effective vulnerability management requires more frequent scanning of infrastructure, says Steve Yurich, CISO at Penn National Insurance, who explains his organization's approach.
Attackers are using a freshly updated variant of the Buer first-stage malware loader rewritten in the Rust programming language to help evade detection, Proofpoint reports.
The NSA is offering operational technology security guidance for the Defense Department as well as third-party military contractors and others in the wake of the SolarWinds supply chain attack. The agency notes that attackers could use IT exploits to pivot to OT systems.
CISA is investigating whether five U.S. government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to a senior official. Security researchers believe that at least two nation-state groups have been attempting to exploit these flaws.
The Internal Revenue Service is sharpening its expertise in cryptocurrencies to help prevent their use for tax evasion and money laundering, says Jarod Koopman, a director at the agency. The IRS is partnering with companies that have developed techniques and technologies for tracing blockchain transactions.
Four editors at Information Security Media Group discuss timely issues, including how the zero-day attacks against Accellion File Transfer Appliance users have rewritten the rules of the cyber extortion game and former federal CISO Gregory Touhill taking on an important new role.
The Babuk ransomware gang says it will no longer launch attacks but instead will make its malware source code available for other attackers to use. The gang took credit for recent attacks against the Washington, D.C. Metropolitan Police Department and the Houston Rockets basketball team.
A cyberthreat gang that's been active since 2020 exploited a now-patched zero-day vulnerability in the SonicWall SMA 100 Series appliance to plant ransomware in attacks launched earlier this year, FireEye Mandiant researchers say.
The latest edition of the ISMG Security Report features an analysis of British spy chief Jeremy Fleming’s "cybersecurity call to arms." Also featured: Insights on COVID-19 business continuity planning; the wisdom of the late Dan Kaminsky.
Some security experts are questioning whether Experian is doing enough to ensure security after a researcher discovered that an API the credit reporting firm uses to allow lenders to check the credit score of prospective borrowers could expose customer's scores.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.