In the latest weekly update, ISMG editors discuss why being a CISO is like being the first family doctor in a small village, why you can't trust ransomware gangs such as LockBit, and why cloud security vendor Netskope took on $401 million in debt from Morgan Stanley to fuel its SASE offering.
Security appliances are targets for sophisticated threat actors who take advantage of devices' limited configuration and logging features, as well as their incompatibility with endpoint detection and response. Suspected Chinese hackers took advantage of a Fortinet zero-day to implant a backdoor.
Competition between rival Russian-language darknet markets remains fierce since police shuttered Hydra last year. The latest to fall dark is Solaris, which controlled an estimated 25% of the darknet drug trade. It got hacked by newcomer rival Kraken. But that wasn't Solaris' only problem.
eSentire has used the $325 million it received in February to leverage data from its Atlas XDR platform and strengthen customers' positions around cyber resiliency. The Kitchener, Canada-based company has shifted its focus from alerts and data to business worries and business risk.
Contractors for the Federal Aviation Administration who attempted to correct a database synchronization issue ended up causing an hourslong outage to a key flight safety system, says the agency. No evidence exists that hackers caused the Jan. 11 airspace snafu.
Legislation requiring vendors to design cybersecurity into their medical devices is a great first step to help healthcare entities, but organizations will still face major risks involving legacy medical gear for many years to come, says Daniel dos Santos, research leader at security firm Forescout.
In this episode of "Cybersecurity Unplugged," Galit Lubetzky Sharon, CTO of Wing Security, discusses the challenge of securing SaaS applications, which are decentralized and ever-expanding. She describes how Wing Security manages app inventories and issues of compliance, remediation and privacy.
T-Mobile disclosed Thursday that hackers had access for approximately six weeks to an application programming interface that exposed customer data including names, birthdates and email addresses. No payment information or passwords were part of the breach, the company said.
Cryptocurrency wallet BitKeep says it will compensate victims of a December 2022 hack that cost the users $8 million. The wallet says it will pay victims in USDT stablecoin to counter asset fluctuation. This isn't the first time BitKeep has made customers whole following a hack.
Vulnerability management issues are a common problem for many healthcare entities and can become an even bigger concern when unremediated issues are left to linger for years. That appears to be the case at some VA medical facilities, according to a report from the Office of Inspector General.
BlueVoyant has strengthened its ability to monitor the remediation of supply chain issues and integrate that with questionnaire activity, CEO Jim Rosenthal says. Existing supply chain tools tend to generate lots of risk information but then put the burden on the client to interact with suppliers.
RiskRecon recently studied the impact of destructive ransomware incidents and the unique tie between ransomware susceptibility and an organization's cybersecurity posture. Kelly White of RiskRecon discusses the findings and how to use them to help secure the digital supply chain.
Researchers have linked Chinese advanced persistent threat group Playful Taurus, also known as Vixen Panda and Nickel, to a series of attacks against Iranian organizations between July and December 2022. The group recently updated its toolkit to include a new variant of the Turian backdoor.
PayPal is notifying 34,942 Americans that a hacker accessed their personal information during a two-day credential stuffing attack in early December. The San Jose, California-based company says it has not detected unauthorized transactions emanating from affected accounts.
The United Kingdom's Royal Mail says it can again deliver simple letters to international destinations as it enters a second week of grappling with the fallout of a ransomware attack. It is testing operational workarounds to reduce its backlog of packages to be delivered.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.