U.S. intelligence officials say a Russia-backed hacking group has compromised some state and local government computer systems since at least September and exfiltrated data. So far, however, the attackers do not appear to have attempted to otherwise interfere with or disrupt those networks.
The latest edition of the ISMG Security Report analyzes the U.S. indictment against Russian hackers who were allegedly behind NotPetya. Also featured: A discussion of nation-state adversaries and how they operate; an update on Instagram privacy investigation.
U.S. officials have blamed Iran for sending a barrage of fake emails and videos to American voters with a Democratic Party affiliation as part of a campaign to push misinformation and sow confusion in the days before the presidential election.
To mitigate the risks posed by ransomware attacks, enterprises need to move from file-based security to a behavior-based approach, says Jennifer Ayers, vice president of the OverWatch division of Crowdstrike.
A report from Google's Threat Analysis Group offers fresh details about the hacking group that targeted Democratic presidential candidate Joe Biden's campaign with phishing emails earlier this year. The phishing effort was linked to a little-known hacking group called APT31, which has connections to China.
Critical steps when implementing a privileged access management program include auditing of activities performed by administrators and continuous monitoring of user activity, says Sujit Christy, group CISO at John Keells Holdings, a conglomerate based in Sri Lanka.
CISA is warning that sophisticated hacking groups are chaining together vulnerabilities, such as the recent Zerologon bug and other flaws, to target state and local government networks. In some cases, attackers gained access to election support systems.
The Reserve Bank of India's "New Umbrella Entity" initiative, designed to support a digital retail payments system similar to National Payments Corp. of India, would be a game-changer to boost digital innovation in the payments industry, according to a panel of experts.
To help ensure security as India moves to digital payments, enterprises need to educate their customers to help them understand potential risks and take the right precautions, says payments expert Navin Surya.
This report enables a comprehensive, preventative approach to protecting all of the endpoints in your organization, whether office-based or remote. Enabling least privilege and allowing pragmatic application control are often overlooked but are crucial to achieving complete endpoint security.
Download this report...
The Secure Access Service Edge - or SASE - model can help CISOs make incremental progress on enhancing security while designing a long-term strategy, says Siddharth Deshpande, director of security strategy for Asia-Pacific and Japan at Akamai Technologies.
The U.S. Government Accountability Office is urging Congress to pass legislation to reestablish a White House cybersecurity coordinator role. The position would coordinate the government's response to online attacks and other cybersecurity challenges facing the nation.
Starting and maintaining an Anti-DDoS service is both expensive and challenging. Andy Ng and Donny Chong of Nexusguard share their insight and key takeaways from a recent roundtable discussion with ISMG.
CISOs are gaining additional discretionary powers to make risk-based decisions, especially as organizations implement the ISO 27035-3 incident response standard, says Khawaja Mohammad Ali, CISO of a large federal bank in Pakistan.
An organization has successfully implemented a "zero trust" framework when it can achieve context-aware resolution of a risk, says Dr. Siva Sivasubramanian, CISO of SingTel Optus, an Australian telecommunications firm.