Third-party targeting by attackers has intensified due to the interconnectedness of the business world, enabling adversaries to exploit intermediaries for access. With the surge in cloud adoption, visibility in the cloud is paramount, advised Levi Gundert, chief security officer at Recorded Future.
Organizations engaged in software production often run their applications and services within cloud environments. CEO Ganesh Pai advocates the "shift-up" approach for enhanced cloud security, which focuses on operational visibility extending from software composition to production workloads.
This year's massive exploitation of managed file transfer products such as Fortra's GoAnywhere and Progress Software's MOVEit proves that MFTs are a hacker's paradise. Research by John Dwyer of IBM Security X-Force shows why and also reveals a path toward protecting MFTs in the future.
While consolidating third-party risks into one document is important, it is equally vital to introduce artificial intelligence into various elements of your third-party risk management program, said Jonathan Pineda, CISO and DPO at the Government Service Insurance System in the Philippines.
The federal agency that enforces HIPAA is heavily focused on investigations of potential violations involving online tracking tools in healthcare websites that impermissibly transmit sensitive patient information to third parties, said Susan Rhodes of the Department of Health and Human Services.
Recently acquired RiskLens edged out startup Axio and incumbent ThreatConnect for the top spot in Forrester's first-ever cyber risk quantification rankings. Cyber risk quantification focused on theoretical methodology for about 10 years but shifted to practical applications over the past five years.
In the latest weekly update, ISMG editors discuss the White House's debut of a $20 million contest to exterminate bugs with AI, a New York man admitting to being behind the Bitfinex hack, and a new malware campaign that is targeting newbie cybercriminals in order to steal sensitive information.
In the latest "Proof of Concept," Mike Baker, VP/IT CISO at DXC Technology and a CyberEdBoard member, and Chris Hughes, co-founder and CISO at Aquia, join ISMG editors to explore the state of the software supply chain, MOVEit breaches and the role of SBOMs and transparency in software development.
In the latest weekly update, Troy Leach, chief strategy officer at Cloud Security Alliance, joins ISMG editors to discuss preparing for new regulations, new requirements for third-party cloud penetration testing, and the opportunities and risks of AI in the financial sector.
A contractor that provides claims processing and other services says several of its community health plan customers - including 1.7 million members of the Oregon Health Plan - are victims of the zero-day MOVEit vulnerability, which has affected more than 500 organizations worldwide.
How much of a risk do hacktivists pose? Hacktivism's heyday was arguably a decade ago. While activists do keep using chaotic online attacks to loudly promote their cause, they're tough to distinguish from fake operations run by governments, including Russia and Iran.
Threat actors who recently attacked a dozen Norwegian ministries by exploiting a zero-day vulnerability in Ivanti's endpoint management software appeared to have another zero-day flaw that tied to the overall attack exploit chain, Ivanti confirmed on Friday.
More details about victims of the Clop crime group's zero-day attacks on users of the widely used MOVEit file transfer software continue to come to light. Researchers now report that at least 455 organizations were hit directly or indirectly, exposing data for at least 23 million individuals.
A mobile security vendor patched a critically rated zero-day vulnerability in its endpoint management platform that had been used by unknown hackers to attack the Norwegian government. The flaw is rated 10 on the CVSS scale. Multiple governments use the platform - the Ivanti Endpoint Manager Mobile.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.