The SolarWinds supply chain attack should push federal government agencies to adopt the "zero trust" model and deploy better endpoint detection and response tools, according to the new federal CISO and the acting director of the U.S. Cybersecurity and Infrastructure Security Agency.
Don’t call it a product, and don’t try to create a standard around it - "zero trust" is a strategy, says John Kindervag, the former Forrester analyst who created it. As he steps into his new role at ON2IT Cybersecurity, his goal is to help make zero trust easy to implement.
University researchers have tested a new browser-based side-channel attack technique that uses only HTML and CSS and works even if JavaScript is disabled. They shared their findings with browser providers and tech firms.
The White House on Wednesday unveiled the formation of a Unified Coordination Group to lead the government's response to attacks exploiting unpatched vulnerabilities in on-premises Microsoft Exchange email servers.
To help strengthen the healthcare sector's defenses, the Center for Internet Security is offering all U.S. hospitals and healthcare delivery systems a free protection service designed to help block ransomware and other malware, says Ed Mattison, the center's executive vice president.
U.S. intelligence agency reports conclude that Russia and Iran tried to interfere in the 2020 presidential election via disinformation campaigns, but found "no indication that any foreign actor attempted to alter any technical aspect of the voting process," including voting results.
From Thursday through Monday, Check Point Research tracked a tenfold increase in the number of global attempts to exploit vulnerable on-premises Microsoft Exchange servers as organizations race to install patches.
“Passwordless” has become the holy grail for user authentication. But there are different interpretations of what passwordless is – and is not. Tom “TJ” Jermoluk, CEO of Beyond Identity, addresses some of the myths,the realities and how passwordless is deployed today.
Fresh ransomware targeting an unpatched Microsoft Exchange email server flaw appears to have been rushed to market by criminals trying to capitalize on new opportunities before the competition stepped in, resulting in relatively shoddy attack code, security firm Sophos reports.
Microsoft has released an interim mitigation tool designed to help smaller organizations take quick action to prevent attacks that exploit the unpatched ProxyLogon flaw in on-premises Microsoft Exchange servers.
As concerns about the number of attacks targeting domain name system protocols continue to grow, the NSA and CISA have released new guidance on how to choose and deploy a Protective Domain Name System service to strengthen security.
Hacking incidents - including ransomware attacks, phishing scams and episodes involving vendors - are still the dominant culprits in major health data breaches being reported to federal regulators so far this year. Why?
U.S. Rep. Suzan DelBene, D-Wash, has reintroduced a bill that would create a national-wide data privacy standard that in its latest incarnation makes an attempt to placate Republicans. The bill, if passed, would replace a patchwork of current state laws.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.