A bipartisan group of senators is circulating a draft of a federal breach notification bill that would require federal agencies, federal contractors and businesses that have oversight over critical infrastructure to report significant cyberthreats to CISA within 24 hours of discovery.
Malware hosting domain Cyberium has spread multiple Mirai variants, including one that targeted vulnerable Tenda routers as part of a botnet campaign, AT&T Alien Labs reports.
Bitcoin has enabled fast payments to cybercriminals pushing ransomware. How to deal with bitcoin is the subject of a spirited debate, with some arguing to restrict it. But bitcoin doesn't always favor cybercriminals, and it may actually be more of an ally than a foe by revealing webs of criminality.
SolarMarker malware operators are using "SEO poisoning" techniques to deploy the remote access Trojan to steal sensitive information, Microsoft reports.
With the RSA Conference virtual this year, ISMG replaced its two live on-site studios with a suite of home studios and produced a diverse group of interviews on timely topics with thought leaders who will be solving cybersecurity's most urgent problems.
Zero Trust, Firmware in the Supply Chain, and the Demand for Device Integrity
What does the Executive Order on Cybersecurity mean for security teams tasked with protecting endpoints, servers, and network devices? Download this report from Eclypsium to learn new Zero Trust requirements, their implications for device...
Cryptocurrency has a reputation for being tough to trace - no wonder anonymity-craving criminals favor using it. In reality, cryptocurrencies don't make users anonymous. But just how did the FBI recover most of the bitcoins paid by Colonial Pipeline to the DarkSide ransomware operation?
Criminals tricked into using an FBI-run encrypted messaging app, Verizon's 2021 Breach Investigations Report and overcoming the challenges of recruiting cybersecurity professionals are among the latest cybersecurity topics to be featured for analysis by a panel of Information Security Media Group editors.
Cryptojacking group TeamTNT is leveraging compromised Amazon Web Services credentials to attack its cloud environments through the platform’s API, according to researchers from Unit 42 at Palo Alto Networks.
President Joe Biden's nominees for White House cyber director and CISA director faced questions from senators during their confirmation hearing Thursday, including how the federal government should respond to a recent spate of ransomware attacks and other cyberthreats.
Microsoft's June Patch Tuesday contained patches for six zero-day vulnerabilities being exploited in the wild, including two flaws detected by Kaspersky that were being exploited by a new threat group named PuzzleMaker.
Researchers have uncovered an ongoing campaign by a Chinese advanced persistent threat group that has spent the last three years testing and refining a custom backdoor in its arsenal to conduct espionage campaigns targeting governments in Southeast Asia.
Security researchers have identified two vulnerabilities in the Joomla content management system that can be chained together for complete compromise of the network, a report by security firm Fortbridge finds.
Content delivery network Fastly says its global outage on Tuesday was caused by an unanticipated software bug, which it has now patched. IT experts caution that content delivery networks and other cloud services can become single points of failure if they go down, unless users have resiliency plans.
Security automation is going to be the key for organizations to proactively protect themselves and also investigate incidents. Ty Miller of Threat Intelligence says security automation is driving everything from penetration testing to incident response.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
