The Food and Drug Administration's decision to incorporate "quality systems regulations" into its new draft guidance for premarket medical device cybersecurity is an important development in the scope of the agency's expectations for manufacturers, says Dr. Suzanne Schwartz of the FDA.
Recent security incidents involving third-party software, including Okta and Log4j, underscore the importance of healthcare entities taking steps to enhance their vendor risk management programs, says Chris Frenz, assistant vice president of IT security at Mount Sinai South Nassau.
AWS has fixed "severe security issues" in hot patches it released last December to address the Log4Shell vulnerability in Java applications and containers. Palo Alto Networks' Unit 42 researchers said containers in server or cluster environments can exploit the patch to take over its underlying host.
VMware's Tom Kellermann is out with Modern Bank Heists 5.0, his latest look at the attackers and attacks targeting financial services. Subtitled "The Escalation," this report looks at the increase in destructive attacks, ransomware and hits on cryptocurrency exchanges. Kellermann shares insights.
Researchers at security firm Eset have found three vulnerabilities affecting Lenovo laptops worldwide and targeting users who work from home. Two of the flaws affect UEFI firmware drivers meant for use only during the manufacturing process of Lenovo notebooks, and one is a memory corruption bug.
During its January cyberattack, Lapsus$ accessed tenants and viewed applications such as Slack and Jira for only two Okta customers. The threat actor actively controlled a single workstation used by a Sitel support engineer for 25 consecutive minutes on Jan. 21, according to a forensic report.
Leon Ravenna, CISO of KAR Global, starts each day on the job with the expectation that this could be his last. That's how urgent cybersecurity has become, and it's in part why he's driven to dispatch the image of the CISO as the bureaucratic "Dr. No."
Ransomware and nation-state threats are daunting. But the threat that concerns Mustapha Kebbeh the most is supply chain risk. The Brinks CISO discusses how he has tackled this, as well as the challenges of tool complexity and peer collaboration.
New guidance provides healthcare entities and medical device makers a jump-start for negotiating critical cybersecurity issues pertaining to procurement contracts, says Jim Jacobson of device manufacturer Siemens Healthineers, co-chair of an industry group that developed the contract template.
A surprising improvement in loss ratios for cyber insurance providers in 2021 means the rapid rise in premiums might at last subside later this year. The loss ratio declined for the first time since 2018 despite the frequency and severity of claims filed for cyberattacks increasing again in 2021.
Starting in July, the second Tuesday of every month will "just be another Tuesday," Microsoft says. After releasing patches for vulnerabilities in its software every second Tuesday of every month since 2016, Microsoft says it is now set to roll out automatic updates. Some security experts weigh in.
As market forces converge to make enterprises of all sizes more conscious of their own cybersecurity sophistication, John Randall of GoSecure proposes a road map to help assess where one is, where one needs to go - and to what degree third-party assistance is necessary.
At a time when applications are more business-critical than ever - and visibility is more challenging to achieve - we need to discuss new strategies and tools for maximizing application intelligence. Sujay Pathakji of Axiom Telecom and Srudi Dineshan of Gigamon share insights.
Hackers are exploiting third-party remote access. If you’re not taking third-party risk seriously, it’s just a matter of time until your company is the next headline.
The Food and Drug Administration on Thursday issued revamped draft guidance providing updated and detailed recommendations for how medical device makers should address cybersecurity risk in the premarket of their products, especially as the threat landscape continues to evolve.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.