Attacks like Kaseya and SolarWinds have highlighted the supply chain risks and demonstrated how securing the supply chain can no longer just be considered a compliance function. It has evolved into a risk management function, said Fred Kneip, chief executive officer at CyberGRX.
Microsoft issued an optional patch Tuesday as part of its monthly dump of fixes that addresses for the second time a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware. The patch is optional since the attacker must have admin privileges or physical access to the device.
A European Commission effort to require instant messenger apps such as WhatsApp and iMessage to scan for child sexual abuse material would likely violate Europeans' human rights and weaken encryption protections for consumers, a leaked document from the commission's internal legal service says.
Risk management, operations, security - each organization and more play a role in ensuring OT security across the enterprise. Qiang Huang of Palo Alto Networks talks about new strategies to embrace and improve security of operational technology and connected devices.
Security researchers say a slight modification to a Microsoft Exchange zero day attack used by Russian state hackers can bypass a patch the computing giant introduced in March. Microsoft patched the modified attack during this month's dump of fixes, rating the bug as "important" but not "critical."
Members of the U.K. Parliament considering modifications to national privacy law heard assurances Wednesday that the European Union will go along with them. "U.K. GDPR retains all the rights of the European citizens," said John Edwards, U.K. Information Commissioner said Wednesday.
Nickolas Sharp, a one-time employee of Ubiquity who pleaded guilty to insider hacking received Wednesday a six year prison sentence. He admitted guilt on Feb. 2 to three criminal counts including transmitting a program to a protected computer that intentionally caused damage.
A European Parliament committee investigating commercial spyware tools such as Pegasus recommended new regulatory safeguards but dropped a preliminary call for a moratorium. Members condemned "major violations of EU law in Poland and Hungary" for those governments' use of commercial spyware.
The use of cloud by financial services firms has risen from 91% to 98%, and multi-cloud for critical operations has risen dramatically, triggering greater risk and regulatory scrutiny, said Troy Leach, chief strategy officer at the Cloud Security Alliance, citing a new survey.
Regulators are continuing their campaign to enforce compliance with the HIPAA "right of access" provision. HHS on Monday said it had slapped a solo-practitioner psychotherapy counselor with a $15,000 settlement in a dispute involving a father who sought medical records of his three minor children.
The security of hundreds of MSI products is at risk due to hackers leaking private code signing keys stolen during a data breach last month. The signing keys allow an attacker to push malicious firmware updates under the guise of regular BIOS update processes with MSI update tools.
With an ever-expanding threat landscape, organizations need to possess the right tools and knowledge to deal with cyberattacks. Dawn Cappelli, head of OT-CERT at Dragos, recommends training small and medium-sized businesses that are just starting their operation technology journey.
Most people would assume ransomware tops the list of cyber insurance claims. Not so these days. Most claims are originating from third-party attacks, said Peter Hedberg of Corvus Insurance and Christopher J. Seusing of law firm Wood Smith Henning & Berman.
Humans continue to reuse simple passwords that criminals can access, and passwordless continues to be the way forward. Jeff Shiner, CEO of 1Password, said we're making progress toward the future of authentication - passkeys - and discussed when, why and how to adopt them.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.