As former CISO of Pacific Gas & Electric, Bernie Cowens knows plenty about cyber securing the nation's critical infrastructure. He shares his informed opinion on the Colonial Pipeline ransomware attack and what public and private sector entities must do to shore up key defenses.
Vulnerabilities in the way you manage identities and credentials are easy targets for cyber attackers. Sophisticated bad actors know how to fully exploit them to steal your most valuable IP and data, disrupt your operations and destroy your reputation with customers.
This eBook presents five ways your teams can...
President Joe Biden signed an extensive executive order Wednesday that describes the government's plan to increase cybersecurity protection across the public and private sectors as well as secure the nation's infrastructure against the type of attack that targeted SolarWinds and its customers.
The NSA is offering operational technology security guidance for the Defense Department as well as third-party military contractors and others in the wake of the SolarWinds supply chain attack. The agency notes that attackers could use IT exploits to pivot to OT systems.
The U.S. Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology have released a report providing insights on how to enhance supply chain security in the wake of the SolarWinds attack.
A series of cyber incidents targeting a Swedish vendor of oncology radiation systems earlier this month is still affecting some of the company's clients - including cancer treatment facilities in the U.S. - because the company has taken its cloud-based systems offline during its recovery effort.
Does the West want to have its digital existence defined by adversaries, or is it ready to devote the time, resources, expertise and planning required to more fully take control of its evolving destiny? That's the techno-Darwinian call to arms issued by Jeremy Fleming, the director of Britain's GCHQ intelligence...
The U.S. Cybersecurity and Infrastructure Security Agency, Ivanti and FireEye report that federal agencies and other entities have been compromised by two attack groups, with one possibly acting on behalf of the Chinese government. The groups are exploiting vulnerabilities in Ivanti's Pulse Connect Secure.
A bombshell news report suggests that Dutch mobile network provider KPN in 2010 didn't know if one of its major equipment suppliers - China's Huawei - was spying on users. Viewed 11 years later, the report stands as a reminder to constantly review and address risks posed by suppliers.
Codecov, a company that tests software code prior to release, has notified customers that attackers had access to its network for a month and placed malware in one of its systems, which may have led to the exfiltration of customers' information.
The latest edition of the ISMG Security Report features an analysis of whether the FBI removing malicious web shells from hundreds of compromised Microsoft Exchange Servers could set a precedent. Also featured is a description of an unusual fraud scam plus an update on security product development trends.
The Health Information Sharing and Analysis Center and the American Hospital Association have released a new report providing guidance for combating the next supply chain attack along the lines of the SolarWinds incident.
The SolarWinds supply chain attack that led to follow-on attacks on nine government agencies and 100 companies points to the need for a federal law requiring prompt breach notification, several senators said at a Wednesday hearing.
Does your team have the appropriate secure tools in place to handle the most pressing issues related to a large volume of third-party vendors, internal privileged users and remote workers connecting remotely into your network?
Download this whitepaper to get actionable tips to:
Manage vendor access
Avoid "All or...