Apple released patches Thursday to close three actively exploited vulnerabilities that researchers say commercial spyware maker Cytrox used to infect the iPhone of Egyptian politician Ahmed Eltantawy with Predator malware. The Citizen Lab attributes the attacks to the Egyptian government.
SentinelOne observed suspected cyberespionage actors of unknown origin using modular backdoors and highly stealthy tactics in August to target telecommunication companies in the Middle East, Western Europe and South Asia. The group, tracked as Sandman, is using the novel backdoor LuaJIT.
Executives and board members always want the answer to be “yes,” but CISOs know it’s irresponsible to make such a blanket statement. An adversary could be any potential threat — whether external or internal, intentional or unintentional. So, the question CISOs should be answering is: “Are we...
Federal authorities are warning of "significant risk" for potential attacks on healthcare and public health sector entities by the North Korean state-sponsored Lazarus Group involving exploitation of a critical vulnerability in 24 Zoho ManageEngine products.
Authorities are warning of threats posed by Akira, a ransomware group that surfaced in March and has been linked to dozens of attacks on small and midsized entities. The group is targeting many industries, including healthcare, and seems to favor entities that lack MFA on VPNs.
Multiple nation-state hacking groups have been exploiting known flaws in Zoho ManageEngine software and Fortinet firewalls to steal data, cybersecurity officials warn. A new alert details exploits of each vulnerability by separate groups that targeted the same aeronautical firm.
IronNet's board authorized the company to furlough nearly all its workers and substantially curtail business operations as the board evaluates seeking bankruptcy protection. The furlough and cessation of business operations constitute an event of default under the terms of the company's borrowing.
Exposure management is a paradigm shift in how organizations approach security. Organizations require complete visibility of their complex attack surface in order to address threat exposure and cyber risk beyond software vulnerabilities alone, to include cloud resources, web apps, identity systems and operational...
In the evolving threat landscape, small-time threat actors are entering the ransomware space and targeting small and medium-sized businesses. These organizations must adopt a defense-in-depth approach to defend themselves, said Nick Biasini, head of outreach at Cisco Talos.
The number of major health data breaches is decreasing, but a recent disturbing trend reflects the vulnerability of critical vendors and the tenacity of cybercriminals, say John Delano, a vice president of Christus Health, and Mike Hamilton, CISO and co-founder of security firm Critical Insight.
Public-private cybersecurity councils urged the healthcare industry to be more expansive in sharing signs of hacking, warning that traditional indicators aren't enough. Fending off hackers requires additional shared data, such as SIEM rules and automated response playbooks.
Chen Burshan, the CEO of Skyhawk Security, wants to use the power of generative AI as part of the threat detection flow. Organizations with risk management tools in place and risk reduction occurring are still getting breached and therefore need to focus more on threat detection, he said.
Recorded Future has joined CrowdStrike and Google atop Forrester's external threat intelligence services rankings, while Kaspersky tumbled from the leaders category. Leading threat intelligence providers have expanded into adjacent use cases such as brand protection and vulnerability management.
As per Gartner, by 2026, organizations prioritizing their security investments based on a continuous exposure management programme will be three times less likely to suffer from a breach.
As organizations struggle to keep up with a constantly evolving threat landscape, many often resort to a reactive approach,...
The complexity of the modern attack surface is the key driver behind the emergence of exposure management programs. Security teams are challenged to keep up with the constant influx of data from the array of point solutions they are using to manage vulnerabilities, web applications, identity systems and cloud assets....