Advanced persistent threat groups are continuing to exploit unpatched flaws in Fortinet products, the FBI warns in a flash alert. For example, an APT group apparently recently exploited a Fortigate appliance to access a web server hosting the domain for a U.S. municipal government, the bureau says.
The latest edition of the ISMG Security Report features an analysis of the city of Tulsa's decision to refuse to pay a ransom following an attack. Also featured: Johnson & Johnson's CISO on shifting priorities; mitigating quantum computing risks.
Myths and misconceptions about software supply chain risk are incredibly common. They undermine software
development and put companies at risk.
This whitepaper reviews the four common myths, why they are untrue, and how you can inoculate your organization against risk.
The key to reducing "alert fatigue" is to make sure alerts are repeatedly validated before they're distributed, says Chris Kubic, CISO at Fidelis Cybersecurity, who formerly served as CISO at the U.S. National Security Agency.
There's growing momentum around the use of software bills of materials, which allow for automated supply chain risk analysis. Patrick Dwyer of OWASP says that SBOMs and automation mean organizations can make better risk-based decisions on emerging security threats.
A threat group likely operating from Iran has been attacking Israeli targets for more than a year with the wiper variants Apostle and Deadwood, masking the intrusions as ransomware attacks to confuse defenders, according to SentinelOne.
Get proven success factors for your security program based on data from 4,800 security experts
We asked respondents about their organization’s adherence to 25 security practices spanning governance, strategy, spending, architecture, and operations.
We then asked about each program’s level of success across...
If recent attacks have taught anything, it’s that defenses are insufficient, and no entity can stand alone against the forces of nation-state adversaries. It’s time for enhanced data sharing under the umbrella of collective defense, says Brett Williams, co-founder of IronNet Cybersecurity.
In this eBook with...
Network intrusion displaced phishing as the leading hack-attack tactic last year, while ransomware continued to surge as the pandemic complicated incident response efforts, says BakerHostetler's Craig A. Hoffman, who describes trends from the 1,250 incidents his firm helped manage.
Iran is using its abundance of oil to generate electricity that powers a massive bitcoin cryptomining operation that enables the country to turn its greatest natural resource into money, offsetting some of its income lost as a result of economic sanctions, according to cryptocurrency analysis firm Elliptic.
How can you possibly protect your applications if you can’t react with the same speed?
Real-time attack prevention requires a security solution that enables both speed of visibility and control.
API-enabled security workflows are critical to gaining visibility and fast response to threats: alerts and...
Alors que le travail à distance se poursuit, les organisations en France - et au-delà - doivent s'assurer que leurs employés peuvent travailler à distance facilement en toute sécurité, sans rien sacrifier sur le plan des performances, de la stabilité ou de la productivité.
Pour y parvenir, de nombreuses...
Thanks to cloud-native technologies and versatile microservices, organizations are innovating and performing at warp speed — and their stakeholders expect no less. But to stay at the top, achieving observability into increasingly complex systems is more important than ever.
Read the 12 Immutable Rules for...