The Office of Management and Budget is ordering federal agencies to begin identifying "critical software" that needs protection as part of the effort to fulfill President Biden's cybersecurity executive order. Executive branch agencies then will have a year to implement security measures.
With healthcare being the frequent target of ransomware assaults and other cyberattacks, CISOs must devise ways to improve their organizations' IT resiliency while maximizing value, says Anahi Santiago, CISO at ChristianaCare.
Healthcare organizations need to take several critical steps to help mitigate the risk of ransomware attacks, including implementing EDR software and regularly testing the integrity of their backups, says Mitch Parker, CISO of Indiana University Health.
Microsoft's Patch Tuesday rollout addressed two additional security issues within Windows Print Spooler, including one zero-day. Microsoft's August security update covers 44 vulnerabilities, with seven rated critical. Intel and Adobe also made security fixes.
On Tuesday, the Senate, by a vote of 69-30, passed a $1 trillion infrastructure spending bill that would provide additional money for cybersecurity over the next several years, including extra funds for the Department of Homeland Security and its Cybersecurity and Infrastructure Security Agency.
NIST is updating "cyber resiliency" guidance to focus on mitigating modern cyberthreats to IT networks, especially ransomware and nation-state attacks. A draft encourages security defenders to move away from a perimeter-based defense to building resilient IT systems.
The Health Information Sharing and Analysis Center has issued an advisory about attackers leveraging masquerade and obfuscation techniques in an attempt to deliver harmful files via email to healthcare organizations.
Some patched on-premises Microsoft Exchange email servers are still proving to be vulnerable. The Conti ransomware group is now leveraging backdoors that persist, cybersecurity consulting firm Pondurance reports.
The new BlackMatter Russian-speaking ransomware-as-a-service group, which announced its launch last month, has created a Linux version of its malware designed to target VMware's ESXi servers hosting virtual machines, according to MalwareHunterTeam.
Even though the healthcare sector is clearly a major target for disruptive cyberattacks, many organizations have yet to take the necessary steps to prevent intrusions or respond to incidents, says Amit Trivedi, a director at the Healthcare Information and Management Systems Society.
OT, IoT, IIoT - each has critical distinctions, and each is increasingly vital to protecting the world's critical infrastructure from crippling cyberattacks. In a panel discussion, cybersecurity leaders discuss what it takes to get the C-suite's attention to prioritize this new generation of risk.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including improving federal agencies' cybersecurity and businesses recovering from the pandemic's impact.