From contact tracing to data transfer to the new California Privacy Rights Act, 2021 already is shaping up to be a big year for privacy. Trevor Hughes, CEO and president of the International Association of Privacy Professionals, offers a "state of privacy" overview.
Security researchers are warning that attackers appear to have stepped up scanning for vulnerable Zyxel products, including VPN gateways, access point controllers and firewalls. A recently disclosed vulnerability in the company's firmware can create a hard-coded backdoor.
This edition of the ISMG Security Report features an analysis of the very latest information about the SolarWinds hack. Also featured are discussions of "zero trust" for the hybrid cloud environment and data privacy regulatory trends.
After the occupation of the U.S. Capitol by pro-Trump rioters Wednesday, an emergency response plan to ensure federal computers were locked down apparently was not activated, some experts say. As a result, federal security teams are likely scrambling to detect and repair any damage done.
Reacting to reports claiming hackers may have used JetBrains' TeamCity tool as an initial infection vector during the attack against SolarWinds, JetBrains CEO Maxim Shafirov says the company has not been contacted by investigators. But he says customer misconfiguration of TeamCity could have enabled a hack.
A recently uncovered remote access Trojan, dubbed ElectroRAT, has been stealing cryptocurrency from digital wallets over the past year, according to researchers at Intezer Labs. The malware, written in Golang, can target Windows, Linux and macOS platforms.
Although two earlier executive orders from President Donald Trump banning the use of the Chinese-made apps TikTok and WeChat are still hung up in the courts, the president has issued a new executive order banning eight other Chinese apps, citing threats they pose to national security, economy and foreign policy.
Based on cyber insurance claims they file, small and midsized vendors potentially pose substantial security risks, so their customers should make them a third-party risk management priority, says consultant Mark Johnson, a former healthcare CISO.
The massive pro-Trump demonstrations that saw large crowds riot and then occupy the U.S. Capitol building in Washington pose a significant potential cybersecurity threat as protesters appear to have gained access to at least one lawmaker's office, along with computer systems and other devices, some experts say.
The lingering aftershocks of an October ransomware attack and ongoing COVID-19 response challenges are forcing the University of Vermont Health Network to delay the next phases of an enterprisewide electronic health record rollout.
Mounting evidence points to the "serious compromise" of SolarWinds' Orion software having been an intelligence gathering operation "likely" run by Russia, according to U.S. government agencies probing the supply chain attack. It's the first official attack attribution to be issued by the Trump administration.
A U.K. court denied Julian Assange bail Wednesday as the U.S. Justice Department prepares to appeal a judge's ruling earlier this week rejecting its request to extradite the WikiLeaks founder to the U.S. to face criminal charges. Assange will remain in a high-security prison during the appeals process.
Apex Laboratory a Farmingdale, New York-based blood testing facility, is notifying patients about the leak of their information, including test results. The security incident - which appears to involve ransomware - happened in July.