A previously documented cryptomining worm dubbed Gitpaste-12 has returned with a wide-ranging series of attacks targeting web applications and IoT devices that exploit at least 31 vulnerabilities, according to Juniper Threat Labs.
Implementing the "zero trust" model in a hybrid cloud environment presents challenges, says Rajpreet Kaur, senior principal analyst at Gartner, who recommends a phased approach.
A mighty effort is underway to figure out which organizations may have been deeply infiltrated by a suspected Russian hacking group following the SolarWinds hack. The hunt is difficult for many reasons, some experts say, and may never result in definitive answers about whether data was stolen.
The shortage of trained cybersecurity workers has substantially declined this year as many more individuals entered the field, says Clar Rosso, CEO of (ISC)², the U.S.-based nonprofit association that offers training to cybersecurity professionals.
Secure Code Warrior's Director of the Americas, Stephen Allor, hosts a webinar with Russ Wolfe of Capital One, in which they discuss the cybersecurity landscape in the BFSI sector.
They reveal why financial institutions are the new innovators when it comes to rolling out new initiatives, tools and training in the...
In 2011, Sam Curry headed the response team for RSA's then-landmark breach. Today, as CSO at Cybereason, he looks at the SolarWinds supply chain attack and sees similarities - but also is struck by "the scale, the scope, the subtlety" of the incident.
An evolving workplace, greater reliance on IoT and the cloud, and already we have seen the new face of supply chain attacks. This is the backdrop for 2021, and Imperva's Brian Anderson offers insights into the cyber-attack outlook.
Philip Reitinger has held senior cybersecurity leadership roles in both the public and private sectors. He's seen big breaches. And he says what he sees so far in the SolarWinds attack may be just the "tip of the iceberg" in terms of government and business entities that have been compromised.
Point-of-sale device manufacturers Verifone and Ingenico have released fixes for flaws in some of their devices after researchers found the vulnerabilities could have enabled attackers to steal payment card data, clone cards or install malware.
Security teams must explain to business leaders how customer identity and access management can help with customer retention, says cybercrime and fraud expert Lenny Gusel.
Following the discovery that attackers Trojanized SolarWinds' Orion software, expect the list of organizations that were running the backdoored network-monitoring tool to keep increasing. But with this being a suspected cyberespionage operation, attackers likely focused on only the juiciest targets.
He was the first U.S. federal CISO, and before that he was an Air Force general. So when Gregory Touhill reacts to the coordinated supply chain attack on SolarWinds, he does so in military terms. His message to the global cybersecurity community: "Shields up."
What should incident responders grappling with the complex online attack campaign that successfully distributed a Trojanized version of SolarWinds Orion network monitoring software to customers focus on first? See these four essential alerts, which are already being updated.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.