In an emergency directive issued on Friday regarding the explosive Apache Log4j vulnerabilities, CISA has required federal civilian departments and agencies to assess their internet-facing network assets and immediately patch the systems or implement appropriate mitigation measures.
Six U.S. senators sent a letter to the Treasury Dept. regarding new cryptocurrency regulation stemming from the infrastructure bill. The lawmakers urge Treasury Secretary Janet Yellen to address concerns around the law, which requires a broad group of professionals to report information to the IRS.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including mitigating the Apache Log4j zero-day vulnerability, findings from a new report analyzing the Conti ransomware attack on Ireland's Health Services Executive and President Biden's drive to...
The latest edition of the ISMG Security Report features an analysis of the Log4j security flaw, including the risks and mitigation techniques, how to patch Log4j, and CISO Dawn Cappelli on Log4j response.
The effort and cost involved in staying safe in this environment is driving many organizations to work with IT and managed security service providers (MSSPs).
From the rain forest of northern Brazil to the business hub of Sao Paulo, Marco Túlio has built an impressive career in cybersecurity. He discusses the opportunity and challenge of enabling people to step up, succeed and eventually rise to be leaders in their own right.
The U.S. Department of Homeland Security this week announced a "Hack DHS" bug bounty program to identify potential cybersecurity vulnerabilities within its systems and to increase DHS' overall cyber resilience. Hackers uncovering vulnerabilities will be compensated by the department.
Attackers tied to China, Iran, North Korea and Turkey have been targeting or testing exploits of the ubiquitous Apache Log4j vulnerability. Vendors are rushing to identify and patch supported software and hardware as cybersecurity agencies urge organizations to mitigate the threat and beware exploit attempts.
It’s no secret that the recent large-scale ransomware attacks are a call to action for greater federal cybersecurity regulations. As it stands, security policies are not mandated and are largely a voluntary mechanism. But it has become apparent that at-will standards are not getting the job done. According to a...
The White House is requiring federal agencies, including CISA and the FBI, to report cyber incidents that pose a significant threat to national security to White House advisers within 24 hours. Some security experts are questioning the merits of this new mandate.
The must-pass annual defense spending bill, authorizing nearly $770 billion in funding for the Pentagon, passed the Senate in a bipartisan vote on Wednesday, with several cybersecurity provisions, including measures to "empower and expand" CISA.
Following the devastating ransomware attack on Colonial Pipeline in May 2021, North American propane supplier Superior Plus, which has 780,000 customers across the U.S. and Canada, has now acknowledged having suffered a ransomware attack on Sunday. The scale and impact of the attack are unknown.
Security and IT teams racing to mitigate the threat posed by the ubiquitous Apache Log4j 2.14 flaw are facing a new problem: Which version of the patched software should they deploy - 2.15.0 or the newly released 2.16.0?
What's in store for defenders as attackers increasingly try to target the ubiquitous Apache Log4j vulnerability? "Everyone is a target," says veteran cybersecurity leader Etay Maor, whose team at Cato Networks has been analyzing hundreds of attacks that already attempt to exploit the flaw.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.