Researchers have uncovered a full-time initial access broker group that serves both Conti and Diavol ransomware groups. Google's Threat Analysis Group - TAG - observed this financially motivated threat actor, dubbed Exotic Lily, exploiting a zero-day in Microsoft MSHTML tracked as CVE-2021-40444.
SentinelOne plans to buy security firm Attivo Networks, and the acquisition is scheduled to close sometime this summer. Some cybersecurity analysts and experts speak with Information Security Media Group about the gains and possible pitfalls of this $615.5 million deal.
As the Ukrainian military resists Russian advances toward its major population centers, its IT security teams are contending with record cyber incidents - although the same is true of their eastern neighbors, with Russia reporting "unprecedented" cyberattacks on its networks.
Federal authorities are advising healthcare sector entities to take precautions, including enhancing their cybersecurity posture and being prepared to implement four- to six-week business continuity plans, as they continue to face potential cyber incidents related to the Russia-Ukraine war.
In the latest weekly update, four editors at ISMG discuss how Russia's invasion of Ukraine complicates cybercrime ransomware payments, a former U.S. Treasury senior adviser's take on Biden's cryptocurrency executive order, and important points regarding the upcoming identity theft executive order.
If Russia uses hack attacks to support its invasion, would Western governments want to immediately attribute those attacks or disruptions? Enter a Thursday alert from the U.S. government warning that it is "aware of possible threats to U.S. and international satellite communication networks."
Two trends that have only grown over the past two years: Hybrid workforce and adoption of the zero trust architecture. Peter Newton of Fortinet shares how zero trust network access is now key to helping ensure security with workers now balancing on-premise and remote work.
Michael Lines is working with ISMG to promote awareness of the need for cyber risk management. As a part of that initiative, CyberEdBoard posts draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself." This chapter is "Recognize the Threats."
Cyber insurance: It's both more necessary than ever and harder to acquire. Erin Meyers of Bitdefender talks about the new marketplace and how deploying MDR and XDR can help enterprises be better prepared and more attractive to prospective cyber insurers.
U.S. lawmakers on Thursday again discussed illicit finance with regard to cryptocurrencies - in light of recent warnings that the Russian government may increasingly rely on digital currencies to stabilize its sanctioned economy. And Sen. Elizabeth Warren introduced a sanctions-related bill.
The pandemic has raised the ante significantly for the attack surface and the level of insider threats facing healthcare sector entities, according to Dave Bailey, vice president of security services, and attorney Andrew Mahler, vice president of privacy and compliance, of consultancy CynergisTek.
A security researcher found two critical vulnerabilities and one high-severity vulnerability in two separate Veeam products that may allow attackers to perform remote code execution and allow local privilege execution on victims' systems, respectively. Veeam has issued patches for all three bugs.
Cybersecurity company NortonLifeLock's $8.6 billion plan to purchase rival Avast has hit a snag. On Thursday, the U.K.'s regulatory body expressed anti-competition concerns about the proposed deal. The Competition and Markets Authority has given the firms five days to provide a "clear-cut solution."
The current and former owners of CafePress, a site for selling customizable merchandise, have agreed to a draft Federal Trade Commission settlement tied to multiple security shortcomings that failed to prevent or detect a 2019 data breach that exposed 22 million users' account details.
This report analyzes how sanctions levied against Russia and Belarus for the invasion of Ukraine are affecting security researchers in those countries who participate in bug bounty programs. It also examines lessons to be learned from data breaches and developments in passwordless authentication.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.