Enterprises can enhance cloud security by taking several steps, including adopting the secure access service edge, or SASE, concept and using a proxy firewall, says Nick Savvides of Forcepoint.
While many details about the SolarWinds Orion hack and full victim list remain unknown, experts have ascribed the apparent espionage campaign to Russia. Now, however, Reuters reports that a separate group of Chinese hackers was also exploiting SolarWinds vulnerabilities to hack targets.
The U.S. federal government is increasingly using IoT devices across its agencies, which has raised concerns about security. NIST has published draft guidance to help federal agencies navigate safe IoT deployment and use, says Kat Megas, program manager in NIST's Cybersecurity for IoT Program.
The operators behind the Agent Tesla remote access Trojan have updated the malware to enable it to disable endpoint protection software and have added features to hide communications, according to a report from the security firm Sophos.
Ransomware attacks continue to pummel organizations, but fewer victims have been paying a ransom, and when they do, on average they're paying less than before, says ransomware incident response firm Coveware, which traces the decline to attackers failing to honor their data deletion promises.
Singapore is expanding a labelling program that allows buyers to see at a glance the cybersecurity readiness of a consumer IoT device. The country's Cyber Security Agency will extend the voluntary program to IP cameras as well as smart door locks, lights and printers.
Organizations in the APAC region are not immune to the impact of the SolarWinds supply chain hack, so it's essential that they reassess their risk management practices and audit their suppliers, two security experts stress.
With ransomware continuing to fuel a massive surge in illicit profits, some experts have been calling on governments to launch offensive hacking teams to target cybercrime cartels. They're also calling for a review of cyber insurance payouts being used to fund ransoms.
North Korean hackers have been "targeting security researchers working on vulnerability research and development at different companies and organizations" to trick them into installing backdoored software that gives attackers remote access to their systems, warns Google's Threat Analysis Group.
Good news on the cybercrime front: "Cryptocurrency-related crime fell significantly in 2020," compared to 2019, reports blockchain analysis firm Chainalysis. Unfortunately, in the same timeframe, ransomware profits surged 311%, stoking calls for a crackdown on ransom payments.
The CEO of security firm Malwarebytes says the hackers who attacked SolarWinds also targeted his company and gained access to a "limited subset of internal company emails."
CISOs are playing an even more critical role as a result of the proliferation of supply chain attacks, a surge in the use of insecure IoT devices and other emerging risks, says Lt. Gen (retired) Rajesh Pant, national cybersecurity coordinator at the Prime Minister's Office for the Government of India.
Manufacturing System Protection from Cyber Attacks Industry 4.0 drives manufacturing efficiency by connecting systems to automate, share data, consolidate operations, and streamline production.
Police have arrested Riley June Williams of Pennsylvania, who a tipster alleges stole a laptop or hard drive belonging to House Speaker Nancy Pelosi. But is the tipsters claim that she had planned to pass the device to a friend in Russia credible?
In defining an IAM strategy for the cloud, CISOs need to automate the processes of provisioning, de-provisioning, monitoring and auditing as well as implementing federated access and API integration, says Rushdhi Mohammad, information security officer at the Industrial Bank of Kuwait.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.