The Russian-linked group that targeted SolarWinds using a supply chain attack compromised at least one email account at 27 U.S. attorneys' offices in 15 states and Washington, D.C., throughout 2020, according to an update posted by the Justice Department.
Virtual visits transformed the healthcare industry, making care accessible to remote patients online. This change, while beneficial, also meant that millions of healthcare workers and patients began to exchange sensitive healthcare issues over unvetted cloud apps that weren’t built to secure health...
This edition of the ISMG Security Report features an analysis of ongoing investigations into the use of NSO Group's Pegasus spyware to spy on dissidents, journalists, political rivals, business leaders and even heads of state - and discussion of whether the commercial spyware business model should be banned.
As much as public cloud use is growing, both in total volume and in diversification of services, it is not a one-way trend. To meet evolving business needs, organizations are moving applications and workloads back and forth between cloud and on-premises environments.
A patch is forthcoming for a privilege escalation vulnerability in the Windows operating system that can allow hackers to gain a foothold. Meanwhile, Linux OS users also need to adopt system upgrades to fix a flaw, and Oracle and Juniper have announced product patches.
Organizations of all sizes and in all industries are modernizing their applications to remain competitive in the digital economy. Often, these organizations find themselves in various stages of modernization requiring diverse tools and management capabilities for secure and efficient development and deployment. Attend...
A new exposé tracking how spyware has been used to target journalists and human rights advocates suggests attackers have been exploiting zero-day flaws in Apple applications and devices. Apple says the flaws, while serious, likely pose no risk to the vast majority of its users.
Attackers have been exploiting a zero-day flaw in SolarWinds' Serv-U Managed File Transfer Server and Serv-U Secured FTP software, the security software vendor warns. The company has released patched versions that mitigate the flaw, discovered by Microsoft, and is urging users to update.
Kubernetes is a portable, extensible, open-source platform for managing containerized workloads and services that facilitates
both declarative configuration and automation. The name Kubernetes originates from Greek, meaning helmsman
or pilot. Kubernetes software was developed by Google and open sourced in 2014....
Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP) are foundations for good
cloud security, but with more and more organizations adopting microservices and Kubernetes orchestration using cloud
and hybrid cloud infrastructure, they are unwittingly expanding their significant...
Investment banking giant Morgan Stanley is the latest company to report a data breach tied to zero-day attacks on Accellion's legacy File Transfer Appliance - yet another indicator of the sustained impact of supply chain attacks.
This edition of the ISMG Security Report features three segments on battling ransomware. It includes insights on the Biden administration's efforts to curtail ransomware attacks, comments on risk mitigation from the acting director of CISA, plus suggestions for disrupting the ransomware business model.
In the latest weekly update, a panel of Information Security Media Group editors discusses key topics, including cybersecurity trends for the second half of the year, IoT device security and the planned security features for Windows 11.
NIST has published its definition of "critical software" for the U.S. federal government as the standards agency begins fulfilling requirements laid out in President Biden's executive order on cybersecurity. The software part of the executive order looks to reduce the threat of supply chain attacks.
The Russian-linked cyberespionage group behind the supply chain attack against SolarWinds targeted Microsoft's customer support system as part of a new campaign, the company disclosed in a report. The group, called Nobelium, has been linked to recent attacks against a marketing firm used by USAID.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.
