Symantec Threat Intelligence says it's uncovered another malware variant used in the SolarWinds supply chain hack - a loader nicknamed "Raindrop" that apparently was used to deliver Cobalt Strike, a legitimate penetration testing tool, to a handful of targets.
The latest edition of the ISMG Security Report describes new details emerging from the SolarWinds supply chain hack investigation. Also featured: A discussion of why security education is so crucial in 2021 and tips on how to retain security and operations center analysts.
Third parties are one of the top attack vectors and according to a recent
Ponemon report, in the last three years, the financial services industry
experienced the second most third-party breaches despite spending the
most time on assessments (over 17,000 hours/year).
In response to the growing threats, regulators...
Cyber criminals are taking advantage of the
economic uncertainty plaguing the Oil & Gas industry.
Download this summary to learn more about the true cost of cyber dangers facing
the industry and how control your third party risk.
As security software firm SolarWinds investigates the supply chain attack involving its Orion software and looks to rebuild its security processes and reputation, it's hired former U.S. cybersecurity czar Chris Krebs and former Facebook CSO Alex Stamos as advisers.
This edition of the ISMG Security Report features an analysis of the very latest information about the SolarWinds hack. Also featured are discussions of "zero trust" for the hybrid cloud environment and data privacy regulatory trends.
In 2020, the "zero trust" conversation evolved from "What is it?" to "How do we achieve a zero trust architecture?" Chase Cunningham, principal analyst serving security and risk professionals at Forrester, offers an outlook for what we can expect in 2021.
The attorneys general of 27 states have entered into a $2.4 million settlement with Sabre Corp. to resolve a lawsuit tied to a 2017 data breach that struck the company's Sabre Hospitality Solutions hotel booking system, compromising 1.3 million payment cards.
It’s understood: Ongoing monitoring of third party relationships is mission-critical. But what constitutes ongoing monitoring? Who should own it? Who should do it? Todd Boehler of ProcessUnity addresses these questions and more.
In this eBook, Boehler discusses:
The meaning of ‘ongoing monitoring;
How to do...
The Cybersecurity and Infrastructure Security Agency has released an emergency directive requiring all federal organizations running the vulnerable SolarWinds Orion software to immediately update to the latest version.
The latest edition of the ISMG Security Report offers leadership lessons from Equifax CISO Jamil Farshchi and Mastercard's deputy CSO, Alissa "Dr. Jay" Abdullah. Also featured: An assessment of cybersecurity priorities for President-elect Joe Biden.
In less than a month, President-elect Joe Biden will be sworn into office and immediately confront a list of cybersecurity problems ranging from a now-leaderless CISA to the SolarWinds breach. Here's how security experts - and former government leaders - see the administration's cyber policies taking shape.
Software vendor SolarWinds has updated multiple versions of its Orion network-monitoring software to address the Sunburst backdoor that was added to its code and to block Supernova malware that exploited a vulnerability in Orion. But incident response experts have warned that full cleanup may take years.
The SolarWinds breach is a case study in how attackers can subvert a widely used piece of software to turn it to their advantage, says Lou Manousos, CEO of RiskIQ. The attack surface management expert details lessons all organizations must learn in the wake of this "unprecedented" attack.