This week, the U.S. sanctioned Russians running influence campaigns, the owner of the Monopoly darknet drug market was charged, CISA ordered federal agencies to patch flaws before July 13, Suncor Energy suffered a cyberattack and Petro-Canada gas stations were affected.
Cyberattackers have hit Ukraine's critical infrastructure over 3,000 times since the beginning of the Russian invasion in 2022, according to Ukraine's national incident response team, which warned that such attacks may continue for years even after the fighting on the ground is over.
A finalist at this year's RSA Innovation Sandbox contest landed Series A funding to detect threats and secure access for nonhuman identities. The $25 million will enable Astrix Security to expand from managing access for nonhuman identities to understanding threats to services and applications.
The tally of organizations affected by the Clop ransomware group's supply chain attack against users of Progress Software's popular MOVEit file transfer software continues to grow. UCLA and New York City schools - including students and staff - are the most recently named victims.
Socure has purchased a document verification startup founded by former members of Airbnb's Trust and Safety Team for $70 million to better detect fake identities. The deal will help Socure optimize the digital capturing and back-end processing of driver's licenses and passports at faster speeds.
Application security testing, or AST, and API security testing are important components of a comprehensive cybersecurity strategy. We'll discuss the application and API security best practices for each type of testing, the use cases, and how they protect your business from cyberattacks.
A Berlin, Maryland-based hospital recently told regulators that a ransomware breach discovered in January had compromised the sensitive information of nearly 137,000 patients, about five times the number of people originally estimated as having been affected by the incident.
Are unsolicited smartwatches the new USB thumb drive? The U.S. Army warns that service members are being sent free wearables preloaded with malware designed to steal data from mobile devices as well as intercept voice communications and hijack cameras.
Millions of GitHub repositories are vulnerable to a repository renaming flaw that could enable supply chain attacks, a new report by security firm Aqua said. It found 36,983 GitHub repositories vulnerable to repo jacking attacks, including Google and Lyft.
Every week, ISMG rounds up cybersecurity incidents around the world. This week, attackers hit European Investment Bank; a California pension fund suffered a cyberattack related to MOVEit; UPS Canada disclosed a data breach; and a new Android malware campaign spread GravityRAT spyware.
Exabeam will have its third CEO since June 2021 after promoting Chief Product Officer Adam Geller to take over as its top leader. The security operations vendor elevated Geller to replace Michael DeCesare, 57, who joined Exabeam as president and CEO two years ago after leading Forescout for years.
The security benefits of public cloud outweigh the drawbacks since cyber controls can be applied much earlier in the application development life cycle. Palo Alto Networks founder and Chief Technology Officer Nir Zuk said development procedures in traditional data centers are "a complete mess."
The first step in managing risk is recognizing it as a boardroom matter, and it demands that directors be prepared to understand and discuss the cyber issue and strategically guide C-level executives on this complex topic. It requires cyber competence in the boardroom, said CISO Marco Túlio Moraes.
A service selling DDoS disruptions via a Mirai-based botnet called Condi is the latest to target consumer-grade Wi-Fi routers made by TP-Link with firmware not yet patched to fix a known flaw. Unusually, a recently spotted sample of Condi has been stripped down to target only that flaw.
Federal market regulators delayed until October a decision on rules mandating private sector disclosure of cybersecurity incidents and cyber expertise on public boards. The delay comes amid pushback to a mandate to disclose a "material cybersecurity incident" within four business days of discovery.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.