Three banking trade groups are objecting to provisions of a bill now pending in Congress that would require security incident reporting within 24 hours of discovery. They also are raising concerns about other provisions.
When is a data exposure not just a data exposure? According to a U.S. Securities and Exchange Commission order, education publishing giant Pearson misled investors when it failed to proactively inform them that attackers had stolen millions of rows of student information, including poorly hashed passwords.
The ransomware attack that targeted Colonial Pipeline Co. in May compromised the personal information of more than 5,800 individuals, mainly current and former employees, according to a breach notification letter.
Multi-factor authentication (MFA) necessitates the user to provide two or more verification factors to gain access to a
resource such as an application, an online account, or a virtual private network (VPN). It is a core component of a strong
identity and access management policy.
Download this whitepaper for...
A Gartner study estimated that 1 in 3 security breaches will come via shadow IT. Shadow IT resources, which are typically in the cloud, are often purchased and used outside IT procurement and support policies. They create double trouble, bloating overall spend and leaving you vulnerable to cyberattacks or data loss....
What do Facebook, Twitter, and Github all have in common? Data exposure incidents in recent years where even though they had locked down their data stores, credentials leaked into their log files creating painful, public security incidents. Modern software development practices, from microservices to CI/CD, make it...
This edition of the ISMG Security Report features an analysis of ongoing investigations into the use of NSO Group's Pegasus spyware to spy on dissidents, journalists, political rivals, business leaders and even heads of state - and discussion of whether the commercial spyware business model should be banned.
A bipartisan group of senators introduced a federal breach notification bill Wednesday that would require federal agencies, federal contractors and organizations that are considered critical to U.S. national security to report security incidents to CISA within 24 hours of discovery.
Digital transformation
is rewriting what a
successful financial services
organization looks like.
However, running an information-driven business in
this sector does not come without its challenges!
Finance is one of the most targeted industries by
cybercriminals. The rate of data breaches within
financial...
Clothing retailer Guess suffered a ransomware attack and data breach earlier this year that exposed personal information - including Social Security numbers, driver's license and passport numbers, and financial details - for an unspecified number of individuals.
The insurance company CNA Financial Corp. has acknowledged that the cyber incident the company sustained in March was a ransomware attack and that it has notified 75,000 individuals that their data may have been compromised
Investment banking giant Morgan Stanley is the latest company to report a data breach tied to zero-day attacks on Accellion's legacy File Transfer Appliance - yet another indicator of the sustained impact of supply chain attacks.
This edition of the ISMG Security Report features three segments on battling ransomware. It includes insights on the Biden administration's efforts to curtail ransomware attacks, comments on risk mitigation from the acting director of CISA, plus suggestions for disrupting the ransomware business model.
The Biden administration has a message for Russia: Rein in the criminal hackers operating from inside your borders who hit Western targets, or we'll do it for you. But experts say disrupting ransomware will take more than diplomacy or even using offensive cyber operations to target criminal infrastructure.
It was stealthy, and it was widespread. But perhaps the Kaseya VSA ransomware attack wasn't quite as effective and damaging as initially feared, says Michael Daniel, president and CEO of the Cyber Threat Alliance. He explains where defenses succeeded.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.