Critical steps when implementing a privileged access management program include auditing of activities performed by administrators and continuous monitoring of user activity, says Sujit Christy, group CISO at John Keells Holdings, a conglomerate based in Sri Lanka.
The Office of the Comptroller of the Currency has fined Morgan Stanley $60 million for the investment bank's failure to properly oversee the decommissioning of several data centers, putting customer data at risk of exposure.
Microsoft collaborated with cybersecurity companies and government agencies to take down the million-device Trickbot botnet in an effort to help protect the Nov. 3 U.S. election and stop the global spread of ransomware and other malware.
Two types of autopilot systems can be tricked into reacting after seeing split-second images, according to new research into autonomous vehicles. Although this could pose a risk, deep-learning software could keep the systems from being tricked.
Plaintiffs in the patent infringement case Centripetal Networks v. Cisco Networks won the day thanks to clear testimony and using Cisco's own technical documents in unaltered form. By contrast, the judge slammed Cisco for offering disagreeing witnesses and attempting to focus on old, irrelevant technology.
CISA is warning that sophisticated hacking groups are chaining together vulnerabilities, such as the recent Zerologon bug and other flaws, to target state and local government networks. In some cases, attackers gained access to election support systems.
Steve Jobs once said: "Marketing is about values." But how well is the cybersecurity solutions message being received amid the convergence of pandemic and economic strains? We brought an outspoken group of CMOs and CISOs together to discuss the topic.
The latest edition of the ISMG Security Report analyzes why clothing retailer H&M was hit with a hefty fine for violating the EU's General Data Protection Rule. Also featured: The coming of age of digital identities; deputy CSO at Mastercard on top priorities for 2021.
Microsoft's IoT platform, Azure Sphere, which launched in February, is the company's bet to address the growing security and management problems around connected devices. A three-month bug bounty program for the platform resulted in resolving a number of vulnerabilities and awarding $374,000 in bounties.
When it comes to a breach and exposed data, a Digital Risk Protection program represents a way to reduce the potential damage. Tyler Carbone of Terbium Labs outlines the essential elements and use cases of a mature DRP program.
Ransomware has emerged as the No. 1 online threat targeting public and private organizations this year. Seeking maximum returns, more gangs have moved beyond opportunistic attacks to target organizations with "post-intrusion ransomware." Meanwhile, many victims fail to report such crimes to police.
Microsoft is warning that hackers with connections to Iran, as well as other threat actors, are attempting to exploit a critical vulnerability in Windows Server dubbed Zerologon, for which it has issued a partial patch.
Security researchers with the Chinese company Qihoo say they've spotted a new IoT botnet that brute forces telnet ports on routers and other devices and is coded with a command to erase infected devices.