Fears that cyber insurance coverage drives companies into paying ransomware demands more easily than not appear unfounded, concludes a British think tank study that also suggests insurers should do more to enact corporate discipline. Cyber insurance has been dogged by accusations of moral hazard.
A malware downloader is spoofing Italian organizations, including the tax agency, to deliver a banking Trojan to target Italian companies, said researchers. Proofpoint callsthe downloader WikiLoader; it ultimately leads to the Ursnif banking Trojan.
The shifting of information to data warehouses such as Snowflake and Databricks has created oversight challenges around access and ownership, said Immuta CEO Matthew Carroll. Customers should be able to scan and analyze where their cloud data lives and identify and fix flaws or abnormalities.
Today's CISO must have close communication with the C-suite, understand the business needs of the organization as well as its objectives and risks, and to be able to articulately translate those business objectives into technology, said Dion Alexopoulos, head of security at Camelot.
Ukraine blocked an illicit money laundering network operating across the country that made use of sanctioned Russian payment systems and cryptocurrency exchanges to convert Russian rubles into Ukrainian hryvnia. The "black money exchanges" network processed more than $4 million monthly.
We have moved from cybersecurity strategy to cyber resilience strategy, said Fene Osakwe, a board member of the Forbes Technology Council. As a result, he said, we still start with identifying assets, but we keep going until we achieve recovery.
The rapid pace of API development has created major risk for companies given the amount of data that's being exposed, said Salt Security CEO Roey Eliyahu. The security industry hasn't adapted quickly to address these problems since it's still used to relatively static APIs that were easy to guard.
A Russian intelligence hacking campaign actively targeted European diplomats and think tanks as part of an espionage operation that lasted nearly six months. One characteristic of APT29 is how it blends in malicious traffic with legitimate traffic in order to evade detection.
ISMG's Healthcare Security Summit 2023, held in New York City on July 18, brought together leaders from the cybersecurity and healthcare industries to engage in a dynamic exchange of ideas and address pressing challenges faced by the healthcare community.
The number of organizations and individuals affected by the Clop ransomware group's data-stealing attack on MOVEit servers continues to rise. So far, at least 545 organizations have been affected and data from 38 million individuals has been stolen.
The Biden administration on Monday released a national strategy addressing cyber workforce shortages and calling long-standing vacancies a national security imperative. The White House says the U.S. needs more cyber professionals and should augment cyber literacy in jobs throughout the economy.
In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Morphisec's Michael Gorelik discussed automated moving target defense - or AMTD, which is a risk-reduction strategy and preventive measure that reduces adversary success rates and provides "the final layer of defense."
Why are so many fresh zero-day vulnerabilities being exploited in the wild? Google reported that attackers often discover variants of previously exploited flaws, which suggests that vendors aren't doing enough to fix the root cause of flaws - or to avoid introducing fresh ones with their fixes.
Threat actors who recently attacked a dozen Norwegian ministries by exploiting a zero-day vulnerability in Ivanti's endpoint management software appeared to have another zero-day flaw that tied to the overall attack exploit chain, Ivanti confirmed on Friday.
Government-backed North Korean hackers are posting convincing U.S. military job recruitment documents to lure Korean-speaking victims into downloading malware staged from legitimate but compromised South Korean websites, according to security researchers.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.