The FCC is considering changes to its breach notification requirements for telecommunication companies. FCC Chairwoman Jessica Rosenworcel confirmed in a statement this week that the agency is strengthening its rules for both customer and federal law enforcement notification of breaches involving customer proprietary...
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of incident repose planning; the worldwide impact of the LOg4j flaw, which may lead to 2022 being the year of the SBOM; and the increasingly blurred line between conventional...
Multiple government sites in Ukraine, as well as Swedish, U.K. and U.S. embassy websites, have been defaced with warnings to "be afraid and expect the worst." The defacements occurred after a week of "intensive" but unresolved talks between NATO and Russia, which continues to mass troops on Ukraine's border.
The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.
We began last January with the realization that we have met a new and far more difficult class of cyber threat with the SolarWinds attack followed by the Colonial Pipeline attack in May. Both point to a fully wired world where physical and digital are colliding at unprecedented speeds.
If we had to choose a theme...
In the wake of the explosive Apache Log4j vulnerabilities, the White House hosted tech leaders and federal agencies in a summit to discuss ways to improve open-source software security. The meeting was hosted by Deputy National Security Adviser for Cyber and Emergency Technology Anne Neuberger.
Police in Ukraine have arrested five individuals on suspicion of using ransomware to extort more than 50 companies across the United States and Europe, as well as to provide an IP-changing service to international hackers to help them distribute malware, steal sensitive data and disrupt sites.
Microsoft released its first rollout of 2022 patches that covers 96 new CVEs, plus 24 CVEs patched by Microsoft Edge (Chromium-based) earlier this month and two other CVEs fixed previously in open-source projects. This makes a January total of 122 CVEs. Nine are rated critical in severity.
Attackers wielding Night Sky ransomware are among the latest groups that have been attempting to exploit critical vulnerabilities in widely used Apache Log4j software. Microsoft says that among other attacks, a China-based ransomware operator has been exploiting Log4j flaws in VMware Horizon.
A security researcher in Germany says he's discovered a software flaw affecting a small number of Teslas, allowing him to unlock doors and windows, start vehicles without keys and disable security systems. The flaw, however, does not affect steering, acceleration or braking.
The U.S. Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency warn in a joint advisory that state-sponsored Russian attackers are actively exploiting and seeking to cause disruption to critical infrastructure, and it urges defenders to mitigate commonly seen attack vectors.
Cybersecurity risk has spread from IT to OT, and this combined business risk is a shared responsibility that includes senior leaders and even the board. What are each stakeholder's roles? Robert Lee of Dragos and Dawn Cappelli of Rockwell Automation preview their upcoming webinar on this topic.