Michael Lines is working with ISMG to promote awareness of the need for cyber risk management. As a part of that initiative, CyberEdBoard posts draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself." This chapter is "Recognize the Threats."
More information continues to emerge about the destructive malware attack that targeted Ukrainian government systems last week. As a probe continues, numerous questions about the incident remain unanswered. But the three-stage wiper attack, disguised as ransomware, apparently hit few systems.
Data on more than 515,000 "highly vulnerable people" has been compromised as the result of a supply chain cyberattack, the International Committee of the Red Cross has disclosed. The organization's humanitarian activities are already being impacted.
Among the simplest things that vendors can do to help improve the cybersecurity of their products is providing better transparency, especially regarding the third-party components contained in their technology, says Rob Suárez, CISO of medical device maker Becton Dickinson.
In a span of just days, two prominent congressmen who have long advanced cybersecurity at the federal level announced that they will not be seeking reelection in 2022. Reps. Jim Langevin, D-R.I., and John Katko, R-N.Y., will, however, pursue a cyber agenda throughout the remainder of their terms.
Attackers have been actively targeting Log4j vulnerabilities, or Log4Shell, vulnerabilities in the servers of virtualization solution VMware Horizon to establish persistent access via web shells, according to an alert by the U.K. National Health Service.
OpenSubtitles, a website providing free movie subtitles, confirmed to its users today that it had been hacked last August and the hacker had demanded a ransom to remain silent about the attack and to delete the leaked data. This data breach affected 6,783,158 users.
VPN Lab, known for its alleged wide use by ransomware threat actors, has been shut down. Fifteen servers associated with VPNLab.net were seized or disrupted based on multiple international investigations tying the VPN service provider to cybercrime operations, according to Europol.
JPMorgan Chase will earmark $12 billion for technological updates - including cloud migration, upgrading legacy architecture, data strategy, and emerging technologies. About half of this budget will go toward security modernization, while the other half will be invested into digital innovation.
Because healthcare IT environments are so complicated, it will become essential for all suppliers to provide and maintain a software bill of materials for their products to remain relevant, says Curt Miller of the Healthcare Supply Chain Association.
GAO auditors say in a new report that the federal government's response to both the SolarWinds software supply chain attack and the exploitation of Microsoft Exchange Servers in 2021 sharpened its coordination efforts, but also exposed information-sharing gaps.
Threat actors who use data-sharing website Doxbin have had passwords, decryptor keys, multifactor authentication codes and stealer log information leaked online, according to some security experts. Doxbin is used by threat actors to dump victims' personally identifiable information.
In the midst of a global pandemic, the federal breach tally shows that a record number of major health data breaches were reported in the U.S. in 2021, and the overwhelming majority of them involved hacking/IT incidents. Will those trends continue in 2022?
The defacement of Ukrainian government websites may have been intended as a smokescreen for a destructive malware attack that failed to execute or has yet to be unleashed, some security experts warn. Ukraine continues to investigate the attack, which it suggests may trace to Russia, Belarus or both.
Russian authorities have charged eight individuals with crimes tied to the REvil ransomware operation, after raiding 25 properties and detaining 14 suspects, thanks in part to U.S.-shared intelligence. The White House says one of the suspects was also responsible for last year's attack on Colonial Pipeline.