Researchers have uncovered a full-time initial access broker group that serves both Conti and Diavol ransomware groups. Google's Threat Analysis Group - TAG - observed this financially motivated threat actor, dubbed Exotic Lily, exploiting a zero-day in Microsoft MSHTML tracked as CVE-2021-40444.
SentinelOne plans to buy security firm Attivo Networks, and the acquisition is scheduled to close sometime this summer. Some cybersecurity analysts and experts speak with Information Security Media Group about the gains and possible pitfalls of this $615.5 million deal.
As the Ukrainian military resists Russian advances toward its major population centers, its IT security teams are contending with record cyber incidents - although the same is true of their eastern neighbors, with Russia reporting "unprecedented" cyberattacks on its networks.
In the latest weekly update, four editors at ISMG discuss how Russia's invasion of Ukraine complicates cybercrime ransomware payments, a former U.S. Treasury senior adviser's take on Biden's cryptocurrency executive order, and important points regarding the upcoming identity theft executive order.
If Russia uses hack attacks to support its invasion, would Western governments want to immediately attribute those attacks or disruptions? Enter a Thursday alert from the U.S. government warning that it is "aware of possible threats to U.S. and international satellite communication networks."
Michael Lines is working with ISMG to promote awareness of the need for cyber risk management. As a part of that initiative, CyberEdBoard posts draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself." This chapter is "Recognize the Threats."
Cyber insurance: It's both more necessary than ever and harder to acquire. Erin Meyers of Bitdefender talks about the new marketplace and how deploying MDR and XDR can help enterprises be better prepared and more attractive to prospective cyber insurers.
A security researcher found two critical vulnerabilities and one high-severity vulnerability in two separate Veeam products that may allow attackers to perform remote code execution and allow local privilege execution on victims' systems, respectively. Veeam has issued patches for all three bugs.
The current and former owners of CafePress, a site for selling customizable merchandise, have agreed to a draft Federal Trade Commission settlement tied to multiple security shortcomings that failed to prevent or detect a 2019 data breach that exposed 22 million users' account details.
This report analyzes how sanctions levied against Russia and Belarus for the invasion of Ukraine are affecting security researchers in those countries who participate in bug bounty programs. It also examines lessons to be learned from data breaches and developments in passwordless authentication.
On Tuesday, Ireland's Data Protection Commission imposed an $18.6 million penalty on tech firm Meta. That same day, the privacy watchdog was sued by a member of the nonprofit Irish Council for Civil Liberties over its "prolonged inaction" in the Google data breach case.
Russian state-sponsored threat actors are exploiting default MFA protocols, along with PrintNightmare, the Windows Print Spooler vulnerability, to illegally access the network of a nongovernmental organization, the U.S. Cybersecurity and Infrastructure Security Agency and the FBI say.
War in Ukraine continues into its third week, and Russia is closing in on major Ukrainian cities, upping its targeting of civilian infrastructure. In the U.S., cybersecurity officials continue to urge a "Shields Up" approach - while the digital conflict has devolved deeply into the underground.
We look at cybersecurity largely focused on the immediate future. But educator Gary Henderson says we need to look a little further ahead. He makes the case for educating teachers about cybersecurity so they can educate their students, who can then go on to use those best practices in their careers.
As the Russia-Ukraine war continues, healthcare sector entities need to be prepared to deal with potential spillover cyber incidents, says Anahi Santiago, CISO of ChristianaCare, the largest healthcare delivery organization in the state of Delaware. She discusses current cyber challenges.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.
