The U.K. government is considering new measures to boost cybersecurity standards in the country. The proposed laws recommend levying large fines on essential digital service providers for noncompliance with strict cybersecurity rules, and improving incident reporting.
In a span of just days, two prominent congressmen who have long advanced cybersecurity at the federal level announced that they will not be seeking reelection in 2022. Reps. Jim Langevin, D-R.I., and John Katko, R-N.Y., will, however, pursue a cyber agenda throughout the remainder of their terms.
Attackers have been actively targeting Log4j vulnerabilities, or Log4Shell, vulnerabilities in the servers of virtualization solution VMware Horizon to establish persistent access via web shells, according to an alert by the U.K. National Health Service.
VPN Lab, known for its alleged wide use by ransomware threat actors, has been shut down. Fifteen servers associated with VPNLab.net were seized or disrupted based on multiple international investigations tying the VPN service provider to cybercrime operations, according to Europol.
JPMorgan Chase will earmark $12 billion for technological updates - including cloud migration, upgrading legacy architecture, data strategy, and emerging technologies. About half of this budget will go toward security modernization, while the other half will be invested into digital innovation.
Because healthcare IT environments are so complicated, it will become essential for all suppliers to provide and maintain a software bill of materials for their products to remain relevant, says Curt Miller of the Healthcare Supply Chain Association.
To fight threats, security practitioners need to develop a proactive, offensive risk quantification strategy to establish cyber resilience, says Shaik J. Ahmed, vice president of risk, governance and information security at Mashreq Bank.
GAO auditors say in a new report that the federal government's response to both the SolarWinds software supply chain attack and the exploitation of Microsoft Exchange Servers in 2021 sharpened its coordination efforts, but also exposed information-sharing gaps.
In the midst of a global pandemic, the federal breach tally shows that a record number of major health data breaches were reported in the U.S. in 2021, and the overwhelming majority of them involved hacking/IT incidents. Will those trends continue in 2022?
The defacement of Ukrainian government websites may have been intended as a smokescreen for a destructive malware attack that failed to execute or has yet to be unleashed, some security experts warn. Ukraine continues to investigate the attack, which it suggests may trace to Russia, Belarus or both.
"We came up with a structured, documented approach to respond to mitigating the Log4j vulnerability using the EDR scanning tools along with a code validation, containerization, and sandboxing of our applications and networks," says Ian Keller, security director at Ericsson.
A family medical practice is notifying nearly 200,000 individuals that their information was compromised in a 2020 ransomware attack on cloud hosting vendor Netgain Technology, an incident that also affected several of the vendor's other clients and hundreds of thousands of their patients.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of incident repose planning; the worldwide impact of the LOg4j flaw, which may lead to 2022 being the year of the SBOM; and the increasingly blurred line between conventional...
Multiple government sites in Ukraine, as well as Swedish, U.K. and U.S. embassy websites, have been defaced with warnings to "be afraid and expect the worst." The defacements occurred after a week of "intensive" but unresolved talks between NATO and Russia, which continues to mass troops on Ukraine's border.
The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.