A popular line of portable electrocardiographs contains vulnerabilities that allow hackers to execute commands and access sensitive information, federal authorities warn. Device manufacturer Hillrom Medical has released a patch and coordinated disclosure with CISA.
The latest edition of the ISMG Security Report investigates the reboot of ransomware group Conti, which supports Russia's invasion of Ukraine. It also discusses why paying ransomware actors is a "business decision" and how to respond to the talent shortage in the financial sector.
A massive Cloudflare outage that left many of the world's most popular websites inaccessible for 75 minutes was caused by a network configuration change gone awry. The change was meant to increase resilience in 19 of Cloudflare's busiest data centers that handle much of the global traffic.
EDR, MEDR, MDR, XDR - How does one begin to make sense of this alphabet soup that attempts to spell "detection and response?" Nirav Shah of Cisco discusses the merits of each of these options, as well as how one can start to make the decision on which is right for one's own organization.
"Credential phishing is off the charts," says Tonia Dudley of Cofense. She discusses the challenge for organizations to strike a balance between having the right controls in place to block malicious emails and stopping the business from receiving legitimate emails.
CISO Patricia "Patti" Titus says the cybersecurity sector is "still struggling" with the diversity and inclusion it requires. "The things we do really impact all of our end users, employees and customers," she says, so you need "the broadest skill set possible when you're making decisions."
Former ISACA board chair Rob Clyde shares highlights from ISACA's "Supply Chain Security Gaps: A 2022 Global Research Report," in which 25% of respondents say they experienced a supply chain attack last year, and offers recommendations for assessments and testing of software.
Zscaler is unveiling a posture control offering that allows customers to address everything from unpatched vulnerabilities in containers and VMs to excessive entitlements and permissions. The tool combines CSPM and CIEM with native IAC and vulnerability and patch management capabilities.
The U.S. Cybersecurity and Infrastructure Security Agency has begun issuing alerts about 56 flaws across operational technology equipment built by 10 different vendors. Researchers at Forescout Technologies say the flaws trace to poor design decisions by vendors.
The Canadian government is backing bills aimed at improving critical infrastructure cybersecurity and consumer privacy. "Cybersecurity is national security," says Minister of Public Safety Marco Mendicino. New privacy measures will ensure Canadians trust online services, government officials say.
Having to decide whether to pay a ransom to cybercriminals is a decision no one wants to make. But Gartner's Paul Furtado and Hearing Australia CISO Daniel Smith say practitioners should stay objective and leave the decision - and the subsequent moral implications - to the business.
In the latest "Proof of Concept," Lisa Sotto of Hunton Andrews Kurth LLP and former CISO David Pollino of PNC Bank join ISMG editors to discuss the many new privacy laws in the U.S., current ransomware and scam trends, and handling the potential corporate risk of sharing information on social media.
Belgian and Dutch police with the support of Europol dismantled an organized crime gang involved in carrying out phishing, money laundering and other scams. Nine suspects are in detention after stealing several million euros, authorities say.
A publicly traded issuer of home mortgages is notifying 1.5 million consumers of a December cyber incident on its network that leaked PII, including customers' Social Security numbers. Flagstar Bank discovered the breach on June 2 and there has been no evidence of data misuse so far.
Two U.S. senators are backing a bipartisan proposal requiring the Food and Drug Administration to update its medical device cybersecurity guidance every two years. The bill is the latest move by Congress aimed at improving medical device security.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.