Ransomware continues to sting numerous organizations, and the problem only seems to be getting worse. More than ever, the onus is on potential victims to ensure they have essential defenses in place - and if possible, to proactively hunt for attackers who may already be inside their network.
Microsoft is making available the CodeQL queries it used to detect malicious implants in the massive supply chain attack that affected SolarWinds, tech firms and government agencies.
Microsoft has patched a critical vulnerability in Windows that can be exploited by tricking users to visit websites that use a malicious font. The flaw was found by Google's Project Zero bug-hunting team.
The latest edition of the ISMG Security Report features an analysis of a federal crackdown on ICO cryptocurrency scams. Also featured: An update on the SonicWall hack investigation and the use of digital IDs to verify COVID-19 testing.
Security firm Positive Technologies says more than 6,000 VMware vCenter devices worldwide that are accessible via the internet contain a critical remote code execution vulnerability. VMware has issued recommendations for patching the flaw.
The SolarWinds supply chain attack is another example of the damage that lateral movement by system intruders can cause. Tim Keeler of Remediant describes why detecting lateral movement is so challenging.
In light of the global shortage of semiconductors, President Joe Biden signed an executive order Wednesday requiring a federal review of supply chain risks for these chips. Also to be reviewed: supply chain risks for information and communications technology and the pharmaceutical industry.
Identity and access management (IAM) securely connects employees to the business resources required to be productive. With the sudden shift to remote work, were businesses prepared to empower their employees to securely work from anywhere?
View this infographic to answer the following questions:
How critical is...
Today’s business environment is anything but simple – and increased cyber threats just complicate things more. For employees to work efficiently and securely, you need to know who they are and what they need to access, so employees can connect seamlessly to the tools they need while you maintain oversight and...
Modern software applications contain many complexities that challenge testing requirements and security teams. A variety of elements including custom/proprietary code, open source components, and application configuration pose challenges for independent verification and validation (IV&V) and audit and testing teams.
...
Gone are the days when an organization’s applications ran behind a firewall protected by a secure network perimeter. Today, web and mobile applications are the perimeter. But at many organizations, this change has not been supported by increased investment in application security. Instead, the emphasis remains on...
The onslaught of account takeover attacks from insecure passwords is driving the rapid adoption of passwordless solutions. While the risk reduction benefits are substantial, eliminating passwords is just the first step on the path to fundamentally strong authentication. In the “new normal” era of work from...
Penetration testing. Bleeding-edge technology solutions. A huge budget. Are these enterprise cybersecurity essentials … or could you ignore them and still have a comprehensive and effective cyber defense?
We all know that cybersecurity is an increasingly important part of our business life, and that it requires...
The Federal Reserve's online money transfer system, including Fedwire Funds and FedCash, suffered an outage for more than three hours Wednesday afternoon, with the Fed citing technical issues as the cause and not a cyber incident. Systems were restored by late afternoon.
The Senate Intelligence Committee's hearing about the supply chain attack that affected SolarWinds and dozens of other companies and federal agencies answered some questions about what went wrong but also raised four key issues.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
