Threats from API and application vulnerabilities increased in 2022, but ransomware, human error and hygiene continue to pose the greatest threats to organizations, according to findings from CyberTheory's 2022 Performance Study. CyberTheory's Steve King shares how education can make a difference.
Attackers are continuing to target unpatched VMware hosts to infect them with ESXiArgs and RansomExx2 crypto-locking malware and hold them to ransom. VMware urges immediate updating, saying that the attacks don't appear to be targeting zero-day vulnerabilities but rather long-patched flaws.
Chris Inglis, head of the Office of the National Cyber Director in the White House, stepped down from the position. The widely anticipated move comes as the Biden administration finalizes a national cyberspace strategy expected to call for more regulation and the disruption of malicious actors.
Open Systems has split its MDR and SASE businesses into separate divisions with unique executive teams to help each optimize its engineering stack and selling motion. The 300-person MDR division will be known as Ontinue and led by Geoff Haydon, who had served as Open Systems CEO since February 2021.
Microsoft, in its February monthly dump of fixes, is patching three actively exploited zero-day vulnerabilities, including one that coaxes users into downloading a file that bypasses Office security features. In all, the computing giant pushed fixes for 77 vulnerabilities.
As ransomware continues to disrupt British organizations, the U.K. for the first time has sanctioned alleged cybercriminals, including accused Conti and TrickBot operators. Ransomware victims must conduct due diligence before paying any ransom, as violating sanctions carries severe penalties.
Community Health Systems has reported to the U.S. Securities and Exchange Commission that a security incident involving vendor Fortra's GoAnywhere secure file transfer software has compromised the data of about 1 million patients. Did attackers exploit a recent zero-day vulnerability?
Federal regulators said true health data interoperability is on its way for hundreds of millions of American patients now that six tech providers have committed to a rigorous set of trust and security criteria for swapping patient information. The agreement is a milestone years in the making.
Zscaler has agreed to purchase a startup established by a former Proofpoint executive to help organizations thwart SaaS supply chain attacks. The proposed acquisition of Tel Aviv, Israel-based Canonic Security will help customers streamline SaaS application governance and enforcement.
Ahead of RSA Conference 2023, Greg Day, a program committee member focusing on "hackers and threats," previews top themes at this year's event. Day, a member of the RSA Conference program committee, says one common theme is "old vulnerabilities and threat techniques being used in new environments."
Check Point has at last introduced an SD-WAN offering that supports more than 1,000 applications and is tightly integrated into the company's network security stack, CEO Gil Shwed says. The debut of Quantum SD-WAN makes Check Point Software the last major firewall vendor to enter the SD-WAN space.
Attackers have been actively exploiting a zero-day vulnerability in widely used managed file transfer software GoAnywhere MFT to take full control of systems, and in some cases to deploy ransomware. Vendor Fortra has released a patch and urged users to review systems for unusual behavior.
Healthcare entities and their vendors should be prepared to show evidence to regulators of how they've implemented "recognized security practices," or RSPs, says Robert Booker, chief strategy officer of HITRUST. "You've got to demonstrate that you align with a framework."
Asia-Pacific healthcare sector organizations struggle with many of the same cybersecurity challenges as clinics in other parts of the world, including ransomware threats and denial-of-service attacks, says Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center.