The use of software-as-a-service applications has dramatically increased since the onset of the COVID-19 pandemic, and the changing consumption patterns have ushered in a new set of security challenges, according to Obsidian Security co-founder and chief product officer Glenn Chisholm.
Since joining Forescout 15 months ago as CEO, Wael Mohamed has aggressively pursued acquisitions, scooping up CyberMDX in February to safeguard internet of medical things devices and Cysiv in June to help OT and IoT customers analyze, detect and respond to threats using cloud-native data analytics.
Former Rockwell Automation CISO Dawn Cappelli discusses the mission of the new Dragos OT-CERT - a cybersecurity resource designed to help industrial asset owners and operators build their OT cybersecurity programs, improve their security postures and reduce OT risk - and her role as its director.
The COVID-19 pandemic has accelerated the migration to the cloud for many organizations, and there have also been challenges associated with securing hybrid or multi-cloud environments, according to Omdia Senior Principal Analyst Fernando Montenegro.
BSI Group has expanded its consulting practice beyond just cybersecurity to take on broader questions around digital trust, helping customers address everything from digital supply chain risk to the ethics of artificial intelligence, according to Mark Brown of BSI Group.
While ransomware, third-party risk, phishing scams and insiders continue as the top threats facing healthcare and public health entities, the sector overall is becoming better prepared to deal with these issues than it was just a few years ago, says Denise Anderson, president and CEO of H-ISAC.
Software bills of material, or SBOMs, are still "years away" from being ubiquitous, says Grant Schneider, senior director for cybersecurity services at Venable. He says it will take time for them to catch on, and a set of standards and other critical components for industry need to be defined.
Effective cyber risk management of vendors is critical to the success of organizations that are increasingly relying on these third parties, says Dave Stapleton, CISO of CyberGRX, who describes the importance of using a "true" third-party risk exchange.
CISA says Chinese state-sponsored threat actors are exploiting known vulnerabilities to target public and private companies in the United States, and a related joint advisory from CISA, the FBI and the NSA describes how major telcos and network service providers have been exploited since 2020.
Billions of dollars have already been lost in crypto exchanges, and some of the some losses have been due to "basic" security failures, including third parties not implementing common controls, says Troy Leach, security executive in residence at Cloud Security Alliance.
Atlassian has issued a patch for its Confluence workspace collaboration tool, which is being targeted in the wild with a zero-day vulnerability that gives attackers unauthenticated remote code execution privileges. The vulnerability has a CVSS score of 10 out of 10 for criticality.
A zero-day vulnerability in Atlassian Confluence, a workspace collaboration tool that serves millions of daily active users, is being targeted in the wild. The flaw, according to the company's security advisory, gives attackers unauthenticated remote code execution privileges.
The 15th edition of the annual Verizon Data Breach Investigations Report examines the rapid growth in ransomware, along with other threat vectors. Chris Novak, global director of the Threat Research Advisory Center at Verizon Business Group, discusses key findings and reviews the security landscape.
A data breach at Turkish firm Pegasus Airlines has put more than 6.5TB of sensitive electronic flight bag data at risk, including sensitive flight details, source code and staff data, researchers say. The misconfigured AWS S3 bucket that led to the incident has now been secured.
The U.S. Cybersecurity and Infrastructure Security Agency has added 75 flaws to its catalog of known exploited software vulnerabilities. The vulnerabilities were disclosed in three separate batches of 21, 20 and 34 vulnerabilities on Monday, Tuesday and Wednesday, respectively.