The shift to remote work during COVID-19 has prompted hackers to dramatically boost phishing attacks. The pandemic has led to users reading more corporate email on personal devices and opening messages while distracted by children or pets, increasing the chances they'll click on something malicious.
In the latest weekly update, ISMG editors discuss implications of the seizure of $3.36 billion in stolen bitcoin, whether the EU is complicit in the spread of advanced spyware, and the departure of the U.K.'s Dr. Ian Levy, technical director of NCSC, with some important parting words.
A U.S. federal district judge said users would be "shocked to realize" that Facebook collects patient data. Plaintiffs suing the social media giant asked the judge to enjoin the company from intercepting health data and communications through its Pixel web tracking tool embedded into patent portals.
Embattled social media platform Twitter lost its chiefs of security, privacy and compliance, and the resignations put the company and its new owner, Elon Musk, at greater risk of regulatory enforcement. The company signed a binding two-decade agreement with the U.S. Federal Trade Commission in May.
This edition of the ISMG Security Report discusses how Australian health insurer Medibank is facing stark consequences for not paying a ransom to a group of cyber extortionists, how to limit unnecessary cybersecurity exposure during M&A, and how to manage challenges in hybrid environments.
There was one major problem when Equifax had to change its entire approach to transforming their IT environment — the management of open source libraries needed to be more advanced.
Learn how Sonatype's full-spectrum software supply chain automation with the Nexus Platform brought a holistic approach to managing...
Microsoft released patches fixing a pair of Exchange vulnerabilities revealed publicly in late September and collectively known as ProxyNotShell. The computing giant assesses with "medium confidence" that state-sponsored hackers have exploited the now-squashed bugs.
Aging medical imaging devices are among those most vulnerable to security incidents, often due to misconfigurations and a lack of security controls, says Elisa Costante, vice president of research at security firm Forescout. She discusses how vendors can reduce security risks in connected products.
To ensure your security investments offer complete visibility into your attack surface and uncover critical risks at scale, we've compiled questions to help you evaluate solutions. We focus on six key areas: attack surface discovery, exposure identification, triage, validation, remediation, and outputs.
The introduction of the California Consumer Privacy Act (CCPA) in 2018 was a turning point for US state privacy laws. As more states introduce privacy laws, organizations must be aware of, and be able to manage, the varying provisions which can make cross-state compliance a complex undertaking.
Download this eBook...
As the US privacy landscape becomes more complex, understanding it becomes crucial. The US privacy landscape has expanded significantly over the past year and currently, 5 states have laws that will be going into effect in 2023.
Download this comprehensive guide to assess the current and upcoming policies:
The British data watchdog says the U.K. Department for Education shouldn't have allowed a private company to use student records to check whether new users of gambling apps were underage. A departmental spokesperson said it will ensure such misuse of the database doesn't reoccur.
A hack of an Australian legal aid group this week may have exposed the personal information of domestic violence, sexual assault victims and other vulnerable people around the nation’s capital. Legal Aid ACT says systems are disrupted and an investigation will find out if data was stolen.
From 2018 to 2020, the number of insider threat incidents increased by a staggering 47%. Security and risk management leaders must evaluate and strengthen their insider risk program, including surveillance of high-risk workers and anomaly monitoring of critical applications and data.
This report provides a deeper...
Over the past year, "enterprises continue to increase their use of AIOps platforms across various aspects of IT operations management (ITOM) and mature their use cases across DevOps and site reliability engineering (SRE) practices, according to Gartner. By doing so, enterprises are replacing some traditional...