The latest edition of the ISMG Security Report features an analysis of what we know so far about the impact of the SolarWinds supply chain hack and how to respond.
Intel and Cisco are among the thousands of SolarWinds Orion customers that were running a Trojanized version of the security software. FireEye, together with Microsoft and GoDaddy, have devised a "kill switch" to disrupt attackers' ability to access the malware on at least some infected systems.
Implementing the "zero trust" model in a hybrid cloud environment presents challenges, says Rajpreet Kaur, senior principal analyst at Gartner, who recommends a phased approach.
A mighty effort is underway to figure out which organizations may have been deeply infiltrated by a suspected Russian hacking group following the SolarWinds hack. The hunt is difficult for many reasons, some experts say, and may never result in definitive answers about whether data was stolen.
As we near the end of one year of living with COVID-19, the pandemic is creating new U.S. daily records for infections, hospitalizations and deaths. "The whole country is on fire," says pandemic expert Regina Phelps.
Point-of-sale device manufacturers Verifone and Ingenico have released fixes for flaws in some of their devices after researchers found the vulnerabilities could have enabled attackers to steal payment card data, clone cards or install malware.
Vulnerability management is vulnerable. This year's transformation has revealed new gaps in processes and tools, inspiring a new evolution to the discipline of Vulnerability Management, Detection and Response. Mehul Revankar of Qualys discusses VMDR and how to embrace it.
Following the discovery that attackers Trojanized SolarWinds' Orion software, expect the list of organizations that were running the backdoored network-monitoring tool to keep increasing. But with this being a suspected cyberespionage operation, attackers likely focused on only the juiciest targets.
What should incident responders grappling with the complex online attack campaign that successfully distributed a Trojanized version of SolarWinds Orion network monitoring software to customers focus on first? See these four essential alerts, which are already being updated.
Cybersecurity is a legitimate - and significant - business risk, and it's time to frame the topic appropriately, says Robert Hill, CEO of Cyturus. He shares insight on how to discuss cyber risk appropriately with C-level leadership and the board of directors.
Warning: The breach of FireEye disclosed last week traces to a sophisticated campaign involving Trojanized versions of SolarWinds Orion software used by hundreds of large businesses and government agencies. Experts are urging users to immediately upgrade the software and begin looking for signs of compromise.
The adoption of the SASE model is being driven by numerous factors, including the need for enhanced business agility and network transformation, according to a panel of experts.
In light of the widespread apparent impact of the hack of SolarWinds' network management tools, it's time for a frank assessment of the lack of cybersecurity progress in recent years. Consider a "60 Minutes" report from 2015 - and where we're at today.
Five U.S. government agencies have been hit so far via a sophisticated supply chain attack. The intrusions appear linked to subverted software updates for SolarWinds' Orion network monitoring product, which is widely used by businesses and the U.S. government.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.