How do we manage the risk of global supply chain attacks? Will a shift in cybersecurity liability to software providers help improve the problems of software vulnerabilities? Adam Isles, principal of The Chertoff Group, said mandating software bill of materials measures has its own challenges.
ISMG editors are live at RSA Conference 2023 in San Francisco with an overview of opening-day speakers and hot topics including the emergence of AI, the latest intel on nation-state threats, security product innovation and deals, and ransomware trends. Join us for daily updates from RSA.
According to findings from the Identity Theft Resource Center's 2023 Q1 Data Breach Report, the number of publicly reported data compromises decreased, but the number of data breaches with no actionable information about the root cause of the compromise grew.
Hardware-based authentication vendor Yubico plans to go public at an $800 million valuation by merging with a special purpose acquisition company. The Swedish firm said becoming publicly traded will accelerate Yubico's push to enter adjacent authentication markets and land clients in new verticals.
The North Korean software supply chain attack on a Chicago financial trading software developer infected additional victims besides 3CX, including organizations in the energy sector, says Symantec Threat Hunter Team. One organization is located in the United States, the other in Europe.
The Federal Reserve's FedNow Service will launch in July this year. Many banks, including community banks, will be able to leverage FedNow as an instant payment platform. How can these banks prepare for faster payments, and what security controls should they consider adding?
Palo Alto Networks and IBM have joined forces to create a strong partnership designed to deliver best-in-class security solutions and services. In an exclusive interview, Bob West of Palo Alto Networks joins IBM's Abhi Chakravorty to discuss the power of the partnership for customers.
A top HIPAA-enforcement priority for regulators is cracking down on entities that disclose patient information to third parties without permission through the use of website tracking codes, says Melanie Fontes Rainer, director of the Department of Health and Human Services' Office for Civil Rights.
Healthcare entities need to think more strategically about managing risk by implementing a robust cybersecurity framework such as the National Institute of Standards and Technology's CSF, said Bob Bastani, cybersecurity adviser at the Department of Health and Human Services.
Supply chain risk has become more critical in the post-pandemic world, and that means you need to ask "much more focused, targeted questions" about your partners, according to Sawan Joshi, director of information security at Cervest, a climate intelligence startup.
Hackers who turned a zero-day in Fortra's GoAnywhere software into a bonanza of ransomware attacks for Russian-speaking extortion group Clop first penetrated the company's software in January. Hackers exploited some on-premises instances of the file transfer software as early as Jan. 18.
Vendors should be more transparent and faster in communicating when they experience a breach or other security incident that affect clients' data, says Anahi Santiago, CISO at ChristianaCare. "Sometimes we find out about these incidents through our third-party monitoring systems," she said.
A cyber risk quantification startup backed by ex-Cisco CEO John Chambers has raised $50 million to apply ML technology and build more API adapters. The money will allow Safe Security to capitalize on generative AI to help nontechnical leaders better understand their organizations' security postures.
Major internet chat platforms are urging the United Kingdom government to reconsider a bill intended to decrease exposure to online harms but which opponents say would open the door to massive government surveillance. Proponents say online platforms should have a duty of care to protect users.
Hackers have seized on the API revolution to drive a surge in attacks that exploit poorly coded applications, reports Akamai, in a warning echoed by other cybersecurity experts. The vector driving the most growth in API attacks is local file inclusion.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.