A security flaw in Kafdrop, an open-source user interface and management interface for distributed event-streaming platform Apache Kafka, has exposed data of "major global players ... in healthcare, insurance, media and IoT," a report by cybersecurity company Spectral says.
A new Microsoft Teams feature makes it possible for employees to communicate with people outside the organization and vice versa through Teams. Security researchers believe the new update potentially opens up avenues for threat actors to target organizations through phishing attacks.
The FBI warns that the "Cuba" ransomware-wielding attackers have extorted $43.9 million in ransom payments from victims after compromising at least 49 organizations across five critical infrastructure sectors - financial services, government, healthcare, manufacturing and IT - since early November.
The U.S. Transportation Security Administration has issued new security directives for higher-risk freight railroads, passenger rail, and rail transit that it says will strengthen cybersecurity across the transportation sector in response to growing threats to critical infrastructure.
Japanese multinational conglomerate Panasonic has disclosed a security breach that it says involved unnamed threat actors accessing servers on its network. The company says it detected the breach on Nov. 11. It was determined that some data on a file server had been accessed during the intrusion.
A new playbook, commissioned by the Food and Drug Administration, aims to help medical device manufacturers in developing and evolving threat modeling as an approach to strengthening the cybersecurity and safety of their products.
Forrester's Sandy Carielli and Jeff Pollard discuss their latest research, Predictions 2022: Cybersecurity, Risk and Privacy, which highlights the need for gaps in third-party relationships, collaboration and trust to be addressed.
The Israeli government's Ministry of Defense reportedly has cut the list of countries to which Israeli companies’ cyber spyware can be exported from 102 to 37, reducing Israel's surveillance tool export market by two-thirds. The list specifically restricts doing business with those involved in offensive cyber.
Michael Lines is working with Information Security Media Group to promote awareness of the need for cyber risk management, and as a part of that initiative, the CyberEdBoard will post draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself."
The annual IRISSCOM cybercrime conference in Dublin aims to give attendees "an overview of the current cyberthreats facing businesses in Ireland and throughout the world" and how to best defend themselves, organizers say. Here are visual highlights from the conference's latest edition.
The latest edition of the ISMG Security Report features an analysis of how organizations can reduce risk especially over holidays and weekends, when attackers are most likely to strike. Also featured: Highlights from Ireland's IRISSCON 2021 cybercrime conference; what's ahead for COVID-19 and the workplace?
The NSO Group is the target of a lawsuit filed by Apple, which alleges that the spyware maker abused Apple's products and services to carry out spying operations. The news follows the NSO Group's blacklisting by the U.S. government, a score downgrade by Moody's, and a reportedly failed deal with France.
The findings from a penetration test can help you identify risks and gaps in your security controls. Charles Gillman offers tips to maximize the value of your next pen test and, in the process, deliver better results.
Vulnerabilities in the Cisco ASA and Cisco FTD firewalls can lead to a denial of service attack, says Positive Technologies researcher Nikita Abramov. There is no workaround that addresses these vulnerabilities, but Cisco has released software updates and asks users to install them immediately.
The U.S. government warns all businesses that they're at elevated risk of online attacks during Thanksgiving, given attackers' proclivity to strike on weekends and holidays. The alert is a reminder of the importance of having in place well-practiced incident response plans. Here's where to start.