Zero Trust deployment - the acts of moving apps and data to the cloud and assuming no user or device is trustworthy until proven otherwise - came into vogue in response to COVID-19. A lot has changed since Zero Trust first appeared in 2014, so our concept of Zero Trust must also evolve. Stephen Banda of Lookout...
U.S. SEC Commissioner Caroline Crenshaw urges DeFi developers to approach the financial regulator in an effort to bring projects in line with existing securities laws. Though praising the DeFi's innovative nature, the commissioner says it lacks transparency and is hindered by on-chain pseudonymity.
The U.S. Department of the Treasury has blacklisted cryptocurrency exchange Chatex, along with a network of entities the department says support it, for allegedly facilitating ransomware-related financial transactions. This action effectively bars Americans from doing business with the company.
The calculus facing cybercrime practitioners is simple: Can they stay out of jail long enough to enjoy their ill-gotten gains? A push by the U.S. government and allies aims to blunt the ongoing ransomware scourge. But will practitioners quit the cybercrime life?
Threat actors have breached critical systems internationally by exploiting a recently patched vulnerability in Zoho’s ManageEngine product ADSelfService Plus, with a suspected Chinese threat group leveraging leased infrastructure to scan hundreds of vulnerable organizations.
Marcus Rameke of Nikko Asset Management Group in New Zealand shares how he led the digital transformation journey to enable it to fulfill new business requirements using an agile approach that made staff more mobile and able to achieve better productivity and revenue and improve client satisfaction.
The U.S. deputy attorney general said this week that the nation is ramping up efforts to cripple ransomware operations and other cybercrime through arrests and seizures of ransom payments. The Biden administration has called ransomware a threat to national security and an economic threat.
ISMG editors discuss: U.S. Sen. Angus King on the need for the federal government to form a clear, declarative cyber deterrence strategy, how CISA is ramping up efforts to support critical infrastructure defenses and the potential implications of the U.S. blacklisting of Israeli spyware firms.
OK, so the trend is away from endpoint detection and response to extended detection and response. What does that even mean, and how can organizations get maximum cybersecurity protection from this shift? Cisco's Brian McMahon shares insight.
The latest edition of the ISMG Security Report features insight from U.S. Sen. Angus King on why the federal government needs to declare a clear response to cybercriminals in order to deter them. Also featured: Ransomware affiliates gain power and promoting diversity of thought in cybersecurity.
Two researchers from the University of Cambridge have discovered a vulnerability that affects most computer code compilers and many software development environments, according to a new research paper. The bug could cause a SolarWinds-like open-source supply chain attack scenario, they say.
CISA Director Jen Easterly and congressional leader John Katko, R-N.Y., agree that officials must take precautionary steps to identify "systemically important critical infrastructure" to reduce risks of pervasive supply chain cyberattacks.
While doing digital transformation, CISOs tend to look more at technology and try to adapt it without making the distinction between technologies that are must-have and good to have. Krishnamurthy Rajesh of ICRA says CISOs must analyze risks, update security, and change the mindset of employees.
In ransomware attacks, cybercriminals attack through the backups because they know that security practitioners rely on backups to save themselves after a ransomware attack. Therefore, it is essential to have multiple backups, says Tom Kellermann, head of cybersecurity strategy at VMware.
Six national data protection and privacy authorities – from Australia, Canada, Gibraltar, Hong Kong SAR, China and Switzerland - have joined with the U.K. information Commissioner’s Office to issue guidance to video teleconferencing companies on privacy, calling for end-to-end encryption.