The U.S. Department of Defense uncovered almost 350 vulnerabilities in the department's networks as part of its experimental bug bounty program launched on American Independence Day. The weeklong bug bounty challenge called "Hack U.S." ran from July Fourth to July 11.
With 63% of global security decision-makers suffering from at least one breach in 2021, it’s apparent that incident response involves so much more than just response. The work of rebuilding trust with both internal and external stakeholders post-breach is equally as important for building future security and...
The chief executive of Portugal's state-owned airline said she will not negotiate with hackers even as the Ragnar Locker ransomware-as-a-service group posted online the data of 1.5 million customers. "We hope you support us in this ethical attitude," said Christine Ourmières-Widener.
Uber is fingering adolescent extortion hacking group Lapsus$ for the disruption to its internal systems. A self-proclaimed 18-year-old last week spammed the company with vulgar messages and shared online screenshots of the company's cloud storage and code repositories. The FBI is investigating.
Existing security operations tools focus too much on detecting threats and creating alerts rather than stopping attacks before they happen, says Check Point CEO Gil Shwed, who claims the firm's new MPR and XPR tools will reduce the number of events security analysts handle by at least 90%.
The California Department of Corrections and Rehabilitation reported a hacking incident that affected 236,000 individuals, potentially including any current or former inmate who since 2008 received a mental health diagnosis while incarcerated.
Last year, Rowland Johnson took on the role of president of CREST, the international not-for-profit membership body representing the global cybersecurity industry. Over the past 12 months, he says, he's taken time to "pause and reflect" and "define a new vision and mission" for CREST.
As ransomware continues to pummel organizations left, right and center, two states have responded by banning certain types of ransom payments, and more look set to soon follow suit. But experts warn such bans could have "terrible consequences," leading to costlier and more complicated recovery.
Ransomware karma: The notorious LockBit 3.0 ransomware gang's site has been disrupted via a days-long distributed-denial-of-service attack, with administrator LockBitSupp reporting that it appears to be retribution for the gang leaking files stolen from a recent victim: security firm Entrust.
As the Russia-Ukraine war continues, Ukrainian government cybersecurity official Victor Zhora says that the country's computer emergency response team has tracked more than 1,600 online attacks and that defensively, "wipers continue to be the biggest challenge."
Infoblox has invested in shifting left in the cybersecurity kill chain with on-premises, cloud and hybrid versions of its BloxOne Threat Defense tools, which help security practitioners find and identify threats earlier and mitigate risks, says President and CEO Jesper Andersen.
Research by Dun & Bradstreet says business identity fraud jumped 254% in 2020. Tools can help prevent this fraud but may create greater friction, say Andrew La Marca, senior director at Dun & Bradstreet, and Ralph Gagliardi, agent in charge, High Tech Crimes Unit, Colorado Bureau of Investigation.
The Cl0p ransomware group has been attempting to extort Thames Water, a public utility in England. Just one problem: the group attacked an entirely different water provider. Through ineptitude or outright lying, this isn't the first time that a ransomware group has claimed the wrong victim.
In the latest weekly update, four ISMG editors discuss the breach of customer engagement platform Twilio, a cyberattack on the U.K.'s NHS that has reignited concerns about supply chain security in the healthcare sector, and the U.S. Treasury clamping down on shady cryptocurrency mixers.