Why didn't Russia unleash major cyberattacks against Ukrainian critical infrastructure ahead of its invasion troop advance? While theories abound, some experts warn that, unfortunately, this war and its cost to human life is only set to get worse.
Fortinet's FortiGuard Labs has released its latest Global Threat Landscape Report, and it portrays adversaries who are increasingly more sophisticated and speedy and who are diversifying their attack techniques. Derek Manky tells why organizations need to respond by bolstering the cyber kill chain.
A question that keeps many CISOs awake at night is whether or not to pay in a ransomware attack.
In a vacuum, the guidance to withhold payment makes total sense. We don’t want to negotiate with
criminals. But when you need to get your business back online, a cost/benefit analysis takes effect, and
a company will...
CISA and the FBI issued a joint advisory pointing to Russian state-sponsored activity using WhisperGate and HermeticWiper malware to target Ukrainian organizations. CISA also updated the Shields Up webpage to include new recommendations for corporate leaders and actions to protect critical assets.
The industrial cyber threat landscape is constantly changing with new adversaries, vulnerabilities, and attacks that put operations and safety at risk.
The Dragos Year in Review summarizes what you need to know to protect your critical assets, including:
Findings from incident response and threat hunts
The...
The industrial cyber threat landscape is constantly changing with new adversaries, vulnerabilities, and attacks that put operations and safety at risk.
Get what you need to know quickly to protect your critical assets by reading the Executive Summary of the 2021 Year in Review. Discover:
Findings from incident...
In 2021, there was a spike in cybercrime, and the focus changed for threat actors from several countries, particularly Russia and China. Cybersecurity firm CrowdStrike provides an overview of the changes, analyzes the takedown of Russian threat actor REvil and adds to its list of adversaries.
Employees with too much access can pose an insider threat. When employees have access to more than they need to do their job, there are more opportunities for mistakes, whether accidental or not. Lack of accountability means you
don’t know who did what, when. If too many people have the same level of access and...
The ability to evade detection by traditional endpoint detection tools, easy availability of valid credentials, access to code vulnerabilities, increased persistence and ease of lateral movement are causing an increasing number of threat actors to choose malware-free options, CrowdStrike says.
Cyberattacks in the aviation sector over the past several years have been tied to a single advanced persistent threat group named TA2541, which - since at least 2017 - has consistently used more than a dozen remote access Trojans to control compromised machines, according to a report from Proofpoint.
In a declassified letter to CIA Director William Burns and DNI Avril Haines from 2021, two U.S. senators urged transparency around alleged "bulk surveillance" conducted by the CIA in response to now-declassified documents compiled by the Privacy and Civil Liberties Oversight Board.
Israeli officials announced they will set up a commission of inquiry to investigate reports that the nation's police force used the flagship spyware of Israeli firm NSO Group, called Pegasus, to hack the phones of Israeli public officials, journalists and activists.
In a report published Monday, Symantec's Threat Hunter Team outlines a specific Russian cyberespionage campaign conducted on a Ukrainian network in 2021 - which comes as Russia has amassed 100,000 or more troops at Ukraine's eastern border while it reportedly mulls invasion
Britain's National Cyber Security Center has launched a trial vulnerability management project called Scanning Made Easy, designed to empower small and midsize organizations to identify if critical software flaws are present in their IT infrastructure, so they can be targeted for remediation.
The Log4j vulnerability caused plenty of stress for tech practitioners, and while it’s likely under control now, it’s essential to take the opportunity to learn from these events to improve security.
Join this interactive session to review what the latest Zero Day threat taught us about current security...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.