The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
The House Oversight and Reform Committee today advanced its version of the Federal Information Security Modernization Act of 2022, which entails cybersecurity updates for federal civilian agencies. The bipartisan measure was sent to the full House on a voice vote.
Russia's threat to Ukraine is reshaping notions of what it means to employ cyber operations as part of a conflict. If Russian military forces do invade, experts warn that cyberattacks meant to support military operations and disrupt critical infrastructure may not be restricted to Ukrainian targets.
With tensions mounting in Ukraine, U.S. cybersecurity officials have grown increasingly concerned over the threat of direct cyberwarfare. As such, the U.S. has dispatched its top cyber official, Deputy National Security Adviser Anne Neuberger, to Europe to discuss the Russian threat.
In a report published Monday, Symantec's Threat Hunter Team outlines a specific Russian cyberespionage campaign conducted on a Ukrainian network in 2021 - which comes as Russia has amassed 100,000 or more troops at Ukraine's eastern border while it reportedly mulls invasion
U.S. authorities have mixed news for the healthcare and public health sector. The good news: The threat level posed by ransomware-as-a-service gang BlackMatter is reduced. The bad news: Other cybercriminals will undoubtedly fill the gap - if they haven't already.
In 2022, CISOs need to build an adaptive and cyber-resilient enterprise through hyperautomation in order to implement any kind of cybersecurity controls, says Vishal Salvi, CISO and head of the cybersecurity practice at Infosys.
North Korean advanced persistent threat group Lazarus - an entity sanctioned by the U.S. and the United Nations - has emerged with a fresh spear-phishing campaign that exploits Windows Updates to execute a malicious payload, using GitHub as a command-and-control server.
Citing "potential security threats," the U.S. Federal Communications Commission voted to ban Chinese telecommunications carrier China Unicom from providing services within the U.S. The FCC's Order on Revocation directs the company to discontinue its services within 60 days.
A new malware dubbed DazzleSpy has been found targeting macOS users in Hong Kong. The malware is being planted through pro-democracy radio station D100's news website, which was earlier compromised through a watering hole campaign, researchers from cybersecurity firm ESET report.
Four ISMG editors discuss: how too many organizations fail to implement basic cybersecurity defenses - such as MFA; a proposed lawsuit against health insurer Excellus that calls for an improvement to its data security program; and strategies for securing open-source and other software components.
All organizations in Britain are being urged by the government to immediately bolster their business resilience capabilities due to an increased risk of fallout from cyberattacks targeting Ukraine. In the past, such attacks have amassed victims outside Ukraine, causing billions in commercial damages.
The latest edition of the ISMG Security Report features an analysis of whether a new ransomware operation is a spinoff of the notorious REvil or simply copying the group's moves; how Maersk responded to the NotPetya wiper malware attack; and essential incident response skills.
U.S. Security and Exchange Commission Chair Gary Gensler wants to broaden cybersecurity regulations. Among his concerns are the rising threat of cyberattacks due to the tensions between Russia and Ukraine, and a need to harmonize communications between financial firms and third-party vendors.
CISA and the EPA today announced the Industrial Control Systems Cybersecurity Initiative, a 100-day cybersecurity plan to safeguard water and wastewater systems. Officials say their action plan "focuses on high-impact activities that can be surged to safeguard water resources."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.