Who watches the penetration-testing testers? Questions are circulating over how some organizations train their employees for the CREST pen-testing certification after some leaked internal documents appeared to contain material from past tests.
How many different shades of bizarre is the data breach notification issued by software vendor Blackbaud? Over the course of three paragraphs, Blackbaud normalizes hacking, congratulates its amazing cybersecurity team, and says it cares so much for its customers that it paid a ransom to attackers.
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.
Despite the need to battle COVID-19, several nations' in-development digital contact-tracing apps are already dogged by security and privacy concerns. Whether enough users will ever trust these apps to make them effective remains a major question. Is it too late to get more projects back on track?
With more employees working remotely and a much heavier demand for telehealth services, entities need to consider extra, accelerated steps in keeping data and systems secure, says Martin Littmann, Kelsey-Seybold Clinic CISO, and Stephen Moore, a former security leader at Anthem.
Alongside the sad and vast expense of legitimate claims, it is an unfortunate fact that in times of economic hardship, people have a history of taking any opportunity to exploit financial institutions for ill-gotten gain.
When it comes to threat hunting, what are the complementary uses of SIEM and EDR technologies? What are the unique use cases for each, and how can they coexist? Sam Curry of Cybereason shares tips in advance of a virtual roundtable discussion.
Russian authorities typically turn a blind eye to cybercrime committed by citizens, provided they target foreigners. But as the recent "BuyBest" arrests of 25 individuals demonstrate, authorities do not tolerate criminals that target Russians, and especially not anyone who targets Russian banks.
An emerging technology, Vvendor Privileged Access Management (VPAM) can provide both operational efficiencies and increased security in your projected ROI analysis. And that is a rare combination in InfoSec these days.
Mitsubishi Electric says hackers exploited a zero-day vulnerability in its anti-virus software, prior to the vendor patching the flaw, and potentially stole trade secrets and employee data. The Japanese multinational firm announced the breach more than six months after detecting it in June 2019.
Developing a mature security program takes time, but I've met many forward-thinking security leaders who've made swift and lengthy strides in protecting their clients' data. With those lessons in mind, here are five things any organization can do today to create immediate, measurable security benefits,
When our company set out to find a managed detection and response provider, one thing was clear: We needed to put vendors to the test with a proof of concept.
What's the best way to spring your citizens from foreign jail if they've been detained on U.S. hacking charges? That's a question that continues to plague Russia, including in the ongoing case against Aleksey Burkov, who's been charged with being part of a $20 million payment fraud scheme.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.