Corporate VPN maker Ivanti disputed findings by the U.S. cybersecurity agency that said hackers can establish persistence on rooted appliances through a factory reset but nonetheless released an updated integrity checking tool Tuesday. Ivanti has been in emergency response mode since early January.
In his first week in his new role as interim CEO of SSH Communications Security, Rami Raulas shares insights on the company’s strategic focus on zero trust, operational technology security, and quantum-safe cryptography to address evolving cybersecurity challenges.
Zscaler CEO Jay Chaudhry said Palo Alto Networks' strategy of offering free products to new platform customers will "unravel over time" as firewalls become shelfware. Legacy vendors find themselves "in a defensive position" as the role of firewalls shrinks and demand for zero trust security grows.
The Change Healthcare mega hack has taken nearly 120 of the company's IT products and services offline since Feb. 21, and that cyber disruption is having serious, widespread impact on the entire healthcare industry including major players, said attorney Sara Goldstein of the law firm BakerHostetler.
North Korea's Lazarus hackers exploited a Windows AppLocker driver zero-day to gain kernel-level access and turn off security tools that could detect the group's bring-your-own-vulnerable-driver exploitation techniques. Microsoft fixed the bug in its February patch dump.
Officials from the U.S. Coast Guard Cyber Command told lawmakers Thursday the military branch is building out deployable teams of cybersecurity protection units and taking advantage of expanded authorities under a recent executive order to better protect Americas modern maritime infrastructure.
Ransomware group Rhysida is offering to sell "exclusive data" stolen from a Chicago children's hospital for $3.4 million on the dark web, while the hospital is still struggling to recover its IT systems, including its electronic health records and patient portal, one month after the attack.
Your supply chain is your new attack surface, according to Galit Lubetzky Sharon, the co-founder and CEO of Wing Security. She discusses Wing's solution - Secure SaaS Posture Management, or SSPM - that helps organizations ensure that all of their SaaS apps are safe and compliant.
Chinese threat actors are continuing to persist after exploiting the recent Ivanti Connect Secure VPN vulnerability even after factory resets, system upgrades and patches. The threat actor, UNC5325, is adept at "living off the land" techniques, warned threat intelligence firm Mandiant.
U.S. President Joe Biden is set to sign Wednesday an executive order aimed at preventing the large-scale transfer of Americans' sensitive personal data to countries including China. The order will set off a rule-making process spearheaded by the Department of Justice.
The Health Sector Coordinating Council has issued a five-year strategic plan - "a call to action" - for healthcare and public health organizations to implement cybersecurity programs that do a better job of protecting their patients against the ever-rising tide of threats.
In the latest "Proof of Concept," Jeff Brown, CISO for the state of Connecticut, and Lester Godsey, CISO for Maricopa County, Arizona, join ISMG editors to discuss AI-related threats to election security, safeguarding against cyber and physical threats and coordinating efforts for complete security.
Microsegmentation is a fundamental concept in zero trust security, but CISOs should assess its feasibility before diving in. This is particularly true in a public cloud environment where there is no real network policy, said David Holmes, principal research analyst at Forrester.
SSH Communications Security CEO Teemu Tunkelo left the Finnish cybersecurity vendor abruptly Monday after low license sales in late 2023 slowed the company's growth. No reason was given for Tunkelo's departure, which stems from an agreement between the CEO and SSH and will take effect immediately.
Cybersecurity guidance for the private sector published by the U.S. National Institute of Standards and Technology in 2014 has received its first major update. The revised Cybersecurity Framework focuses on governance and says cybersecurity threats are a major source of enterprise risk.