Worst-case scenario: Ransomware gets through defenses. It's now a game of "Beat the Clock." David Finley of Dell Technologies and Andrew Peters of Unisys detail the cyber recovery road map and how to generate a plan to both respond to and recover from the attack.
Fraud teams at many enterprises overlook refund fraud because it is considered part of customer service, says Brett Johnson, a consultant on cybersecurity, cybercrime and ID theft who was a central figure in the cybercrime world for over 20 years. He discusses why they should be addressing it.
Tal Prihar, a former administrator of the DeepDotWeb darknet market search engine, has been sentenced to serve eight years in a U.S. federal prison after pleading guilty to money laundering, tied to his having received more than $8 million in kickbacks from markets to which he referred buyers.
Four ISMG editors discuss: how too many organizations fail to implement basic cybersecurity defenses - such as MFA; a proposed lawsuit against health insurer Excellus that calls for an improvement to its data security program; and strategies for securing open-source and other software components.
All organizations in Britain are being urged by the government to immediately bolster their business resilience capabilities due to an increased risk of fallout from cyberattacks targeting Ukraine. In the past, such attacks have amassed victims outside Ukraine, causing billions in commercial damages.
Eva Velasquez, CEO of the Identity Theft Resource Center, shares six predictions for 2022 that show a shift from identity theft to identity fraud as cybercriminals continue to refine who they target, what information they steal and what they do with it.
The latest edition of the ISMG Security Report features an analysis of whether a new ransomware operation is a spinoff of the notorious REvil or simply copying the group's moves; how Maersk responded to the NotPetya wiper malware attack; and essential incident response skills.
Lawmakers on the House Committee on Financial Services this week announced nine provisions of its America COMPETES Act of 2022 - one of which has been criticized by cryptocurrency proponents for potential privacy and due process concerns.
U.S. Security and Exchange Commission Chair Gary Gensler wants to broaden cybersecurity regulations. Among his concerns are the rising threat of cyberattacks due to the tensions between Russia and Ukraine, and a need to harmonize communications between financial firms and third-party vendors.
CISA and the EPA today announced the Industrial Control Systems Cybersecurity Initiative, a 100-day cybersecurity plan to safeguard water and wastewater systems. Officials say their action plan "focuses on high-impact activities that can be surged to safeguard water resources."
Britain's National Cyber Security Center has launched a trial vulnerability management project called Scanning Made Easy, designed to empower small and midsize organizations to identify if critical software flaws are present in their IT infrastructure, so they can be targeted for remediation.
The risks posed by Apache Log4j continue, as a previously seen initial access broker group with the codename Prophet Spider IAB appears to be targeting vulnerabilities in Apache's logging utility to infiltrate the virtualization solution VMware Horizon, researchers at BlackBerry warn.
OMB on Wednesday released a federal strategy to move the U.S. government toward mature zero trust architectures. White House officials say the new strategy - with a focus on MFA, asset inventories, traffic encryption, and more - is a key step in delivering on Biden's May 2021 executive order.
Despite Western governments' increased focus on disrupting ransomware, the quantity of new victims doesn't appear to have declined, at least so far. But multiple experts say that nation-state efforts to combat cybercrime syndicates are still picking up speed and may well yet have an impact.
A hacktivist group named Belarusian Cyber-Partisans says it has successfully attacked the country's railroad systems and encrypted some servers, databases and workstations to disrupt its operations. The group says its aim is "preventing the presence of Russian troops on the territory of Belarus."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.