China's industrial and information technology ministry unveiled plans to classify data security incidents based on severity and the extent of damage to victims. It proposes color-coding incident types to help regulatory agencies respond appropriately to specific events faster.
A group known as Predatory Sparrow claimed responsibility for a Monday cyberattack that shut down a majority of gas stations across Iran as officials blamed the attack on foreign powers. The group has previously taken credit for a number of attacks targeting Iran's fuel supply and rail system.
The U.K. national institute for artificial intelligence urged the government to establish red lines against the use of generative AI in scenarios in which the technology could take an irreversible action without direct human oversight. The U.K. government has sought to cultivate responsible AI.
Co-chairs of the Cyberspace Solarium Commission praised the annual U.S. national defense bill for enacting recommendations from its 2020 report, saying the bill marks "meaningful" advancements for cybersecurity. With the bill, 58 out of the commission's 82 recommendations will have been enacted.
Attorney Jonathan Armstrong examines four cybersecurity legal trends that will shape 2024: heightened personal liability for security leaders, the impact of ransomware, legal and ethical concerns about AI, and the influence of shadow IT, especially regarding messaging apps.
To help organizations refine their use of cryptography and safer software and to smooth their adoption of quantum-resistant cryptography, a team of researchers has released tools that generate a cryptographic bill of materials, or CBOM, says long-time security researcher Daniel Cuthbert.
In the latest weekly update, editors at ISMG discuss whether police have seized ransomware group Alphv/BlackCat's data leak site, how fraudsters are adapting their tactics and techniques to exploit advancements in technology, and which cryptocurrency stories shaped the industry this year.
The Cybersecurity and Infrastructure and Security Agency is urging health sector entities to take critical steps in fortifying their environments based on findings from a risk and vulnerability assessment performed by the federal agency on a healthcare industry organization earlier this year.
The departments of Commerce, State and Justice are among the 20 agencies identified in a Government Accountability Office report as having failed to meet key cyberthreat incident response deadlines outlined in the 2021 cybersecurity executive order.
The Idaho National Laboratory said hackers stole personal data of more than 45,000 individuals connected with the facility following a self-proclaimed hacktivist group's claims of a breach. The data theft stems from a Nov. 20 incident affecting the organization's off-site Oracle HCM HR system.
Public companies must soon meet the SEC's material incident reporting requirements. Already, one ransomware threat actor has tried to report a victim for not reporting an attack. Veteran security leader Edna Conway opens up on how to approach materiality and the weaponization of reporting.
The Biden administration is heavily counting on "responsibly" leveraging AI as part of a five-year strategy that aims to harness data to enhance the health and wellness of Americans. That includes ambitions to drastically improve cancer care and reduce cancer deaths, among other top goals.
Criminal use of social engineering at scale continues to surge, as AI-driven automation and easy access to stolen personal information enables attackers to create ever-more sophisticated and tough-to-detect assaults, says Sharon Conheady of First Defense Information Security.
As Russia's all-out invasion of Ukraine continues, Moscow's strategy for targeting Ukrainian allies centers on "painting the picture of incompetent governments that can't protect from the Russian might" via misinformation and disinformation campaigns, said Ian Thornton-Trump, CISO of Cyjax.
Singapore's cybersecurity agency is asking for public comments on a proposed list of amendments to the country's Cybersecurity Act to enhance its ability to monitor supply chain security and digital technologies that fall outside the definition of critical information infrastructure.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.