Russian state-sponsored threat actors are exploiting default MFA protocols, along with PrintNightmare, the Windows Print Spooler vulnerability, to illegally access the network of a nongovernmental organization, the U.S. Cybersecurity and Infrastructure Security Agency and the FBI say.
As the Russia-Ukraine war continues, healthcare sector entities need to be prepared to deal with potential spillover cyber incidents, says Anahi Santiago, CISO of ChristianaCare, the largest healthcare delivery organization in the state of Delaware. She discusses current cyber challenges.
Automotive technology/parts supplier Denso confirmed that it suffered a ransomware attack last week. Investigations are ongoing. The company has not disclosed the ransom demanded or the attacker's name, but dark web monitoring platform DarkTracer says it's the work of the Pandora ransomware group.
Globalised supply chains and accelerated digitalisation has introduced more interconnected business environments, with a greater dependency by participants on third parties to operate critical processes and deliver goods and services to their customers.
The prevalence of such tightly knit service providers into an...
Two suspected ransomware operators have been extradited to the U.S. from Ukraine and Canada, according to the Department of Justice. One was allegedly part of the July 2021 Kaseya attack, and the other allegedly attacked healthcare facilities with NetWalker ransomware during the COVID-19 pandemic.
Federal authorities are warning about seven vulnerabilities affecting a software agent used to remotely manage an array of medical devices and other connected gear. If exploited, the vulnerabilities could enable hackers to gain full control of the affected devices or alter their configurations.
Ransomware groups continue to target critical infrastructure sectors internationally. An FBI alert says that ransomware group RagnarLocker has targeted 52 entities across 10 critical infrastructure sectors, while Romania's premier petrol supplier, Rompetrol, has reportedly been hit by Hive.
Studying software engineering practices from 100,000 production applications and 4,000,000 open source component migrations, Sonatype uncovered eye-opening behaviors in modern software development, including a surprising trend that nearly 70% of dependency management decisions are suboptimal.
Understanding these...
As Third-Party Cyber Risk Management (TPCRM) evolves, organizations are finding themselves in the precarious position of knowing that their third parties bring with them an increased level of risk, while being unsure if their current methods of managing third-party cyber risk are sufficient–or even...
Studying software engineering practices from 100,000 production applications and 4,000,000 open source component migrations, Sonatype uncovered eye-opening behaviors in modern software development, including a surprising trend that nearly 70% of dependency management decisions are suboptimal.
Understanding these...
Every business depends on suppliers such as vendors, partners, and service providers to help run their day-to-day operations. Their usefulness is unquestionable, but do you keep up to date with their security practices and policies? These days suppliers can become the targets of cyber-attacks, and these attacks can...
The Lapsus$ ransomware group says it has released some of the data trove stolen from chipmaker Nvidia. Leaked data contains proprietary source code, drivers and documentation on Nvidia's Falcon and LHR products. Experts discuss the impact on Nvidia, the stolen data's worth and remediation measures.
Toyota Motor Corp. reportedly decided to suspend all operations starting Tuesday because of a suspected cyberattack on Kojima Industries, its manufacturing partner. The suspension means the company’s output will be down by around 10,000 cars, according to a report from media agency Nikkei Asia.
As the Russian invasion of Ukraine escalates, organizations in the U.S. and Western Europe wonder: What is the potential blowback if the U.S. strikes back at Russia? Sam Curry, veteran CSO of Cybereason, reviews the possibilities and advises about how best to approach risk and preparedness.
As Russia has invaded Ukraine, the likelihood of nation-state cyberattacks continue to escalate, and banks remain a top target. On this week's "Sound Off," David Pollino, the former CISO of PNC Bank, discusses how financial institutions should - and must - strengthen their incident response plans.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.