Attack scans and attempts related to the Log4j flaw may have declined, but some security experts believe the attack vectors will continue to pose a problem up to two years. Also, the Ukraine Computer Emergency Response Team reports Log4j could be a possible attack vector in recent cyberattacks.
Four ISMG editors discuss: how too many organizations fail to implement basic cybersecurity defenses - such as MFA; a proposed lawsuit against health insurer Excellus that calls for an improvement to its data security program; and strategies for securing open-source and other software components.
All organizations in Britain are being urged by the government to immediately bolster their business resilience capabilities due to an increased risk of fallout from cyberattacks targeting Ukraine. In the past, such attacks have amassed victims outside Ukraine, causing billions in commercial damages.
The latest edition of the ISMG Security Report features an analysis of whether a new ransomware operation is a spinoff of the notorious REvil or simply copying the group's moves; how Maersk responded to the NotPetya wiper malware attack; and essential incident response skills.
U.S. Security and Exchange Commission Chair Gary Gensler wants to broaden cybersecurity regulations. Among his concerns are the rising threat of cyberattacks due to the tensions between Russia and Ukraine, and a need to harmonize communications between financial firms and third-party vendors.
Britain's National Cyber Security Center has launched a trial vulnerability management project called Scanning Made Easy, designed to empower small and midsize organizations to identify if critical software flaws are present in their IT infrastructure, so they can be targeted for remediation.
Lisa Young prepares security teams to protect and defend their organizations from cybercriminals by seeing the things that others miss and asking the questions that others are too afraid to ask. She discusses how critical thinking improves cybersecurity.
The Log4j vulnerability caused plenty of stress for tech practitioners, and while it’s likely under control now, it’s essential to take the opportunity to learn from these events to improve security.
Join this interactive session to review what the latest Zero Day threat taught us about current security...
The risks posed by Apache Log4j continue, as a previously seen initial access broker group with the codename Prophet Spider IAB appears to be targeting vulnerabilities in Apache's logging utility to infiltrate the virtualization solution VMware Horizon, researchers at BlackBerry warn.
OMB on Wednesday released a federal strategy to move the U.S. government toward mature zero trust architectures. White House officials say the new strategy - with a focus on MFA, asset inventories, traffic encryption, and more - is a key step in delivering on Biden's May 2021 executive order.
Despite Western governments' increased focus on disrupting ransomware, the quantity of new victims doesn't appear to have declined, at least so far. But multiple experts say that nation-state efforts to combat cybercrime syndicates are still picking up speed and may well yet have an impact.
Let’s face it, spreadsheets were designed to solve equations, not manage business strategy.
With everything you have on your plate ensuring regulatory compliance and mitigating business risks, you deserve a solution built to make your job easier. Automating your business processes can help you streamline and scale...
As tensions continue to flare between Ukraine and Russia, which has amassed at least 100,000 troops along Ukraine's eastern border, the U.S. continues to mull intervention, a part of which includes bolstering Ukraine's cyber defenses. This comes as experts warn that cyberwarfare could play an increasingly significant...
The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
Maersk was one of dozens of organizations crippled by the NotPetya malware in June 2017. Gavin Ashton and Bharat Halai worked in identity and access management at Maersk and share how the company's technology team tirelessly brought the company back from the brink of an IT systems meltdown.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
