Companies continue to struggle with prioritizing which vulnerabilities present the greatest risk to the business and need to be remediated first since vulnerability scoring is too often based on a static set of what could happen if an issue is exploited, says Qualys President and CEO Sumedh Thakar.
An updated version of the Russian-linked SOVA Android Trojan is back with updated attack techniques targeting more than 200 mobile applications, including banking apps and crypto exchanges/wallets. Researchers at Cleafy uncovered that the Trojan now also features ransomware capabilities.
A "secure message-themed" phishing campaign targeting healthcare providers aims to lure recipients to an Evernote notepad website in an attempt by hackers to harvest security credentials, federal authorities warn, saying the scheme puts entities at risk for potential data security compromises.
ISMG caught up with 11 security executives in Las Vegas on Tuesday to discuss everything from open-source intelligence and Web3 security to training new security analysts and responding to directory attacks. Here's a look at some of the most interesting things we heard from industry leaders.
The rise of ransomware brokers and the continued talent shortage mean defenders increasingly need security technology managed on their behalf, Sophos' Kris Hagerman says. Customers must manage all their security products from a single platform and analyze the data these tools generate, he says.
The ongoing Russia-Ukraine war has featured cyber operations being used to target Ukraine as well as Russia. But CyberPeace Institute, which tracks cyberattacks tied to the conflict, has so far seen 27 different countries being affected by more than 300 attacks, and many have affected civilians.
It's not enough for medical device makers to provide a software bill of materials - there also needs to be close attention paid to how vulnerabilities in components are communicated and managed, says medical device security expert Ken Hoyme.
Twilio, which runs a customer engagement platform used by thousands of businesses, says that its employees were tricked via SMS phishing messages into giving attackers their login credentials, resulting in the theft of information on customers, as well as their customers and end users.
With data taking the spotlight, there are important implications for security, privacy, and compliance teams. It’s not just your company that sees value in your data. There are many bad actors that also see value in your sensitive data too.
Your data and databases are the primary target for attackers. And with...
According to 451 Research’s Voice of the Enterprise, 'loss of control of sensitive data’ is reported as a top three potential issue with cloud solutions by 25.9% of survey respondents – outranking even the common concern for cloud provider lock-in.
The overall enterprise motion toward cloud adoption has been...
Referred to as the Data Mesh, this growing ecosystem of databases, data lakes and data services enable businesses to embrace data democratization and be data driven. It eliminates silos, unlocks innovation, and helps improve customer experience and company culture.
To truly harness these benefits, IT, DevOps, and...
Federal authorities, in two separate advisories issued Thursday, urge healthcare sector entities to proactively address security risks from internet of things devices equipped with sensors, software and other technologies to connect and exchange data over the internet and from open web applications.
The era of pandemic-induced telework is also the era of higher reliance on mobile devices for sensitive workplace information - meaning we're likewise living in the age of fretful chief information security officers, a new survey concludes. "Companies are still struggling" to secure mobile devices.
This year's winner of RSA Conference's prestigious Innovation Sandbox Contest has completed its first major funding round, earning backing from CrowdStrike CEO George Kurtz. Talon has received $100 million to support more operating systems, add more capabilities and boost existing integrations.
The move to cloud email has allowed companies to streamline security investments and leverage the native Microsoft functionality provided by Exchange Online Protection (EOP) and Defender for Office 365 (MDO). But this approach isn’t perfect, and many companies have realized that they need an additional layer of...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
