Homepage

Watch

More conversation: How the right questions can lead to less friction with vendors

ciso stories

devops

Ransomware

Listen: Panelists discuss the cost of ransomware to the business

In this episode of the CISO Stories Podcast, a panel of experts examine the findings of a ransomware report and how organizations can better prepare to defend against and respond to the attacks.

Russian law enforcement took down more than a dozen members of the REvil ransomware gang Jan. 14, but U.S. experts are skeptical that the moves represent a true change of heart from Moscow when it comes to tolerating cybercriminal groups operating within their borders. (Adam Berry/Getty Images)

Russian authorities move to take down members of REvil, but what does it mean?

Derek B. JohnsonJanuary 14, 2022

The arrests of REvil members are viewed as "significant" and have all but wiped out the group's remaining IT infrastructure, but they're also likely part of a broader conversation happening between Russia and the United States over Ukraine, a potential Russian invasion and the threat of sanctions.

Ransomware

Accellion claims no ‘guarantee’ of security in $8.1M breach settlement

Jessica DavisJanuary 14, 2022

The settlement with the 9.2 million individuals whose data was stolen during a longstanding undetected hack on the vendor included denial by liability by Accellion, which maintains that the company held no legal duty of care to individuals, and that customers were responsible for managing their own software instances – despite security flaws in the product.

Zero trust

Statutory restrictions hindered federal response to SolarWinds, Microsoft Exchange

Derek B. JohnsonJanuary 13, 2022

The SolarWinds and Microsoft Exchange incidents improved coordination between the government and private industry, but also exposed worrying gaps in the government’s information sharing, auditors concluded in a new Government Accountability Office report released Thursday.

Ransomware

Maryland Department of Health confirms ransomware spurred monthlong outage

Jessica DavisJanuary 13, 2022

A ransomware attack struck the Maryland Department of Health on Dec. 4, driving the systems offline in an effort to contain the spread. The outage has spurred manual COVID-19 reporting.

Intrusion detection

Trustwave releases tool to aid financial institutions with resurgent QakBot malware

Karen HoffmanJanuary 13, 2022

Attacks using QakBot, the persistent "Swiss Army knife" of banking malware, increased by 65% in 2021, according to cybersecurity and anti-virus firm Kaspersky.

Breach

After hack, BioPlus faces class-action lawsuit, allegations into security measures

Jessica DavisJanuary 12, 2022

BioPlus notified 350,000 patients that their data was accessed during a systems hack. A lawsuit provides further details of the incident, while blaming the breach on inadequate security.

Legislation

Senate passes cyber bills to address supply chain security, aid state and local governments

Derek B. JohnsonJanuary 12, 2022

The Supply Chain Security Training Act and State and Local Government Cybersecurity Act now head to the House, where companion legislation has been introduced.

Legislation

Congress looks to reform FISMA while avoiding a ‘massive bureaucracy’

Derek B. JohnsonJanuary 11, 2022

Proposed legislation would elevate the roles of CISA and the National Cyber Director's Office when it comes to overseeing federal cybersecurity, but some members of Congress and the OMB are wary of changes that could add new bureaucratic complexities.

Breach

213K Florida Digestive Health patients informed of 2020 data compromise

Jessica DavisJanuary 11, 2022

This week’s healthcare breach roundup includes multiple breach disclosures that may not comply with the 60-day breach disclosure timeline required by HIPAA.

SC EVENTS

Coming Soon

Third-party Risk and the Supply Chain

Preventing Ransomware and Data Exfiltration

The Future of Identity & Access

Watch

More conversation: How the right questions can lead to less friction with vendors

ciso stories

devops

Listen: Panelists discuss the cost of ransomware to the business

In Brief

Windows Server updates hit snag after Patch Tuesday security release

AWS Glue misconfiguration potentially exposes account data to other customers

Cyber Command: Iranian-backed MuddyWater targets networks in the Mideast, Europe and North America

Iranian-linked APT35 leverages PowerShell on attempted Log4j exploits

Threat actor sends RATs via popular AWS and Azure cloud services

Perspectives

Burnout has reached crisis levels — but CISOs have the power to do something about it

How zero-trust may conflict with PCI DSS v4.0

Why file-borne malware has become the weapon of choice for attackers

The challenges RoPA presents and how data discovery helps IT security teams

Three takeaways from Google Cloud’s acquisition of Siemplify

Russian authorities move to take down members of REvil, but what does it mean?

Accellion claims no ‘guarantee’ of security in $8.1M breach settlement

Statutory restrictions hindered federal response to SolarWinds, Microsoft Exchange

Maryland Department of Health confirms ransomware spurred monthlong outage

Trustwave releases tool to aid financial institutions with resurgent QakBot malware

After hack, BioPlus faces class-action lawsuit, allegations into security measures

Senate passes cyber bills to address supply chain security, aid state and local governments

Congress looks to reform FISMA while avoiding a ‘massive bureaucracy’

213K Florida Digestive Health patients informed of 2020 data compromise