U.S. DHS Secretary Alejandro Mayorkas confirmed on Thursday that the department is establishing a Cyber Safety Review Board, as directed by President Joe Biden's sweeping cybersecurity executive order signed in May 2021. The board aims to mirror the work of the National Transportation Safety Board.
The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
The House Oversight and Reform Committee today advanced its version of the Federal Information Security Modernization Act of 2022, which entails cybersecurity updates for federal civilian agencies. The bipartisan measure was sent to the full House on a voice vote.
Learn to understand the gray space in which malicious attack campaigns function in order to get ahead of attackers, and avoid data breaches or negative outcomes for your business.
Russia's threat to Ukraine is reshaping notions of what it means to employ cyber operations as part of a conflict. If Russian military forces do invade, experts warn that cyberattacks meant to support military operations and disrupt critical infrastructure may not be restricted to Ukrainian targets.
With tensions mounting in Ukraine, U.S. cybersecurity officials have grown increasingly concerned over the threat of direct cyberwarfare. As such, the U.S. has dispatched its top cyber official, Deputy National Security Adviser Anne Neuberger, to Europe to discuss the Russian threat.
The European Systemic Risk Board has proposed a new systemic cyber incident coordination framework called EU-SCICF. This framework will be designed to counter any major cross-border cyber incidents in the financial sector space with a coordinated response.
In just a month, the BlackCat cybercrime group has carried out high-impact ransomware attacks on international organizations and risen to seventh place in Unit 42's ranking of global ransomware groups. A key factor, researchers say: the use of the Rust language for coding its malware.
In 2021, there were 1,862 data compromises - a 68% increase over 2020, according to the Identity Theft Resource Center's Annual Data Breach Report. "In this past year, there were more cyberattack-related data breaches than there were all forms of data breaches in 2020," says ITRC COO James E. Lee.
A 29-year-old Canadian man has been sentenced to three years in prison for trading in stolen personal information, which included transactions with an aggressive hacking and extortion group known as The Dark Overlord. Slava Dmitriev sold identity information on the AlphaBay marketplace, prosecutors alleged.
Attack scans and attempts related to the Log4j flaw may have declined, but some security experts believe the attack vectors will continue to pose a problem up to two years. Also, the Ukraine Computer Emergency Response Team reports Log4j could be a possible attack vector in recent cyberattacks.
Fraud teams at many enterprises overlook refund fraud because it is considered part of customer service, says Brett Johnson, a consultant on cybersecurity, cybercrime and ID theft who was a central figure in the cybercrime world for over 20 years. He discusses why they should be addressing it.
Tal Prihar, a former administrator of the DeepDotWeb darknet market search engine, has been sentenced to serve eight years in a U.S. federal prison after pleading guilty to money laundering, tied to his having received more than $8 million in kickbacks from markets to which he referred buyers.
Four ISMG editors discuss: how too many organizations fail to implement basic cybersecurity defenses - such as MFA; a proposed lawsuit against health insurer Excellus that calls for an improvement to its data security program; and strategies for securing open-source and other software components.
All organizations in Britain are being urged by the government to immediately bolster their business resilience capabilities due to an increased risk of fallout from cyberattacks targeting Ukraine. In the past, such attacks have amassed victims outside Ukraine, causing billions in commercial damages.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.