A security researcher recently found a database exposed to the internet containing sensitive information on independent school students and faculty including financial data, salary, professional details, health information and child abuse reports. The security lapse affected nearly 700,000 records.
Adversaries use artificial intelligence to obtain explosives, advance sextortion schemes and propagate malware through malicious websites that appear legitimate. Intelligence officials grapple with emboldened criminals who use AI for nefarious purposes and nation-state actors such as China.
U.S. and Australian cybersecurity agencies are warning developers to guard against access flaws, saying that failure to institute authentication checks can lead to large data breaches. Broken access controls are on OWASP's 2021 list of the top 10 most critical security risks.
In the latest weekly update, ISMG editors discuss the surging number of MOVEit breach victims and the state of ransomware innovation, why the federal government warned healthcare firms about the use of web trackers, and how the DOJ is expanding its "whole of government" approach to fight ransomware.
Application journeys are fluid in practice because applications can live anywhere. Complex deployments with too many tools to configure and manage and overwhelmed IT teams lead to mistakes, so organizations should take a cybersecurity mesh platform approach to securing their application journeys.
Watch a special presentation in which Gary Phipps, CyberGRX VP of Strategy and Business Transformation, shares insights from his recent research on the vast potential of Artificial Intelligence (AI) in transforming Third-Party Risk Management (TPRM) decisions.
A Russian court sentenced cybersecurity firm Group 1B co-founder Ilya Sachkov on Wednesday to 14 years in prison in a case that state-run media says stems from delivering classified material to foreign intelligence. Group 1B defended its former CEO, calling the trial a "pretext" for prison.
SMB cybersecurity platform Coro purchased an early-stage Israeli startup to bring network connectivity to its SASE offering for midmarket organizations. Coro said its buy of Jerusalem-based Privatise will give Coro clients a secure way to connect, manage and filter out malicious content.
Adding former CIA Director Gen. David Petraeus to Semperis' strategic advisory board has given the identity vendor knowledge and insights into global threat activity, said CEO Mickey Bresman. Petraeus complements the firm's incident response arm company with perspectives on global threats.
Michigan-based academic medical provider Henry Ford Health is notifying nearly 170,000 individuals that their protected health information was breached in a recent phishing scam that compromised three employees' email accounts. Henry Ford Health said the incident occurred on March 30.
This week, a Zenbleed flaw exposed AMD Ryzen CPUs, Facebook was fined AU$20 million in Australia, NATO's COI Portal was breached, Quinn Emanuel reported a cyberattack, VirusTotal apologized for a data leak, Wuhan Earthquake Monitoring Center had a cyberattack and Yamaha Canada had a data breach.
Practicing incident response procedures is as important as practicing fire drills, said CISO Nick Prescot of Norgine. But beyond regularly testing the plan, security leaders must foster a collaborative environment so their teams maintain a sense of calm in the heat of an incident.
The U.S. federal government says hacker abuse of valid credentials is the most successful method for gaining access to systems and the technique is responsible for slightly more than the half of critical infrastructure attacks that occurred over a yearlong period.
It has become a cliche in payments circles: Faster payments equals faster fraud. But John Filby and Yogesh Patel of Outseer say behavioral biometrics and generative AI are among the emerging technologies fueling new ways to empower layered defenses.
The fallout from Clop group's data-grabbing attacks against MOVEit managed file transfer software users keeps mounting. In recent days, the extortionists have added 70 more organizations to their data leak site, taking the tally of known victims to over 515 organizations and 36 million individuals.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.