A pair of U.S. House committees held their first public hearings into the SolarWinds attack, with lawmakers and witnesses offering support for expanding federal cybersecurity laws to address the security failures. This includes a larger role for CISA to conduct threat hunting.
Ransomware continues to sting numerous organizations, and the problem only seems to be getting worse. More than ever, the onus is on potential victims to ensure they have essential defenses in place - and if possible, to proactively hunt for attackers who may already be inside their network.
Microsoft is making available the CodeQL queries it used to detect malicious implants in the massive supply chain attack that affected SolarWinds, tech firms and government agencies.
The latest edition of the ISMG Security Report features an analysis of a federal crackdown on ICO cryptocurrency scams. Also featured: An update on the SonicWall hack investigation and the use of digital IDs to verify COVID-19 testing.
It was the breach heard round the world. Last December’s SolarWinds attack got every security leader’s attention and reminded us of the fragility of supply chain security. Nolan Karpinski of VMware Carbon Black addresses these concerns and previews a new set of Executive Roundtables.
Security firm Positive Technologies says more than 6,000 VMware vCenter devices worldwide that are accessible via the internet contain a critical remote code execution vulnerability. VMware has issued recommendations for patching the flaw.
Tool consolidation, supply chain security, intrinsic security - how are these trends developing, and how do they impact specific industries? Nolan Karpinski of VMware Carbon Black shares insight on how to tackle the year's top cybersecurity challenges.
The SolarWinds supply chain attack is another example of the damage that lateral movement by system intruders can cause. Tim Keeler of Remediant describes why detecting lateral movement is so challenging.
Authorities have accused Serbia-based scammers of capitalizing on the "initial coin offering" bubble that began in 2017, bilking global cryptocurrency investors out of $70 million via Bitcoiin2Gen and other supposed coins and hiring actor Steven Seagal to endorse them.
In light of the global shortage of semiconductors, President Joe Biden signed an executive order Wednesday requiring a federal review of supply chain risks for these chips. Also to be reviewed: supply chain risks for information and communications technology and the pharmaceutical industry.
The Senate Intelligence Committee's hearing about the supply chain attack that affected SolarWinds and dozens of other companies and federal agencies answered some questions about what went wrong but also raised four key issues.
Data loss prevention is evolving to meet changing work environments. Mario Espinoza, VP of SaaS Security & Data Protection at Palo Alto Networks, details how cost and complexity can be reduced.
Watch this OnDemand webinar to learn more about the data uncovered during this unprecedented year and how organizations are seeking to implement and extend modern security capabilities.
The CEOs of SolarWinds, Microsoft, FireEye and CrowdStrike rolled out a series of cybersecurity recommendations to a U.S. Senate panel Tuesday while detailing how foreign actors gained access into their firms' systems as a result of the SolarWinds supply chain attack.
The Python Software Foundation is issuing updates for Python 3.9.2 and 3.8.8 to address critical security vulnerabilities, including a remote code execution vulnerability that can be exploited to shut down systems.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.