By issuing a sweeping cybersecurity executive order on Wednesday, the Biden administration is attempting to take a critical step to address security issues that have come to light after recent cyberattacks. Here's an analysis of the order's key elements.
President Joe Biden says the Russian government was not behind the ransomware attack that struck Colonial Pipeline Co. May 7, but he said attackers living in Russia were involved.
President Joe Biden signed an extensive executive order Wednesday that describes the government's plan to increase cybersecurity protection across the public and private sectors as well as secure the nation's infrastructure against the type of attack that targeted SolarWinds and its customers.
U.S. and U.K. cybersecurity, law enforcement and intelligence agencies issued a joint advisory Friday offering detailed information on how to defend against the activities of the Russian Foreign Intelligence Service, or SVR, in the wake of the 2020 SolarWinds supply chain attack.
The latest edition of the ISMG Security Report features an analysis of whether courts can trust evidence collected by Cellebrite's mobile device forensic tools. Also featured: Report shows attackers' dwell times plummeting; a call for partnership with law enforcement.
Security researchers say API flaws could have exposed the private data of millions of Peloton fitness equipment online service users for months before they were recently patched.
Attackers are increasingly using malicious OAuth 2.0 applications to siphon data and access sensitive information from cloud platforms, and mitigating the risks is proving challenging, according to the security firm Proofpoint.
The average amount of time that online attackers camp out in a victim's network - or "dwell time" - has been declining, FireEye's Mandiant incident response group reports. But the surge in ransomware accounts for some attacks coming to light more quickly because those attackers announce their presence.
Attackers are using a freshly updated variant of the Buer first-stage malware loader rewritten in the Rust programming language to help evade detection, Proofpoint reports.
CISA is investigating whether five U.S. government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to a senior official. Security researchers believe that at least two nation-state groups have been attempting to exploit these flaws.
The latest edition of the ISMG Security Report features an analysis of British spy chief Jeremy Fleming’s "cybersecurity call to arms." Also featured: Insights on COVID-19 business continuity planning; the wisdom of the late Dan Kaminsky.
Some security experts are questioning whether Experian is doing enough to ensure security after a researcher discovered that an API the credit reporting firm uses to allow lenders to check the credit score of prospective borrowers could expose customer's scores.
A lawsuit alleges that a security flaw in a Google COVID-19 contact-tracing tool is exposing personal and medical information of millions of users to third parties through device system logs. But Google says it reviewed the issue, updated code and is ensuring the fix is rolled out to users.
A Chinese advanced persistent threat group known as Naikon deployed a new malware backdoor to wage a lengthy cyberespionage campaign against military organizations in Southeast Asia, security firm Bitdefender reports.
Apple has patched a zero-day flaw in macOS 11.3 that attackers have been exploiting since at least January to install advertising software on victims' systems. The flaw enables a malicious script to be deployed that bypasses Notarization, Gatekeeper and File Quarantine security defenses.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.
