Weeks after VMware issued patches to address vulnerabilities in its vSphere Client (HTML5), threat intelligence firm Bad Packets says threat actors are mass scanning for vSphere hosts vulnerable to remote code execution.
President Biden's recent executive order for bolstering cybersecurity of the federal government contains provisions for enhancing supply chain security that are similar to proposals by the Food and Drug Administration to improve medical device security. But how are the FDA's healthcare-related provisions doing?
Ransomware attacks have evolved over the years as attackers have come out with new strategies for digital extortion, says Chris Novak, global director of the Threat Research Advisory Center at Verizon Business Group. He shares insight from the Verizon 2021 Data Breach Investigations Report.
Australian spies should be allowed to take offensive action against some of the world's most prominent ransomware gangs, says Tim Watts, a member of Australia's Parliament who says the move, proposed under the Labor Party's push for a national ransomware strategy, would deter attackers.
Investigators have found that ransomware operators gained access to Colonial Pipeline via a VPN account that was no longer used and didn't have two-step verification enabled. The credentials turned up in a data breach, but security researchers say it's unclear if that's how the attackers sourced them.
Symphony Technology Group's acquisition of FireEye Products Business in a $1.2 billion deal will set up the private equity group to better compete with security giants such as Microsoft and Cisco, while unlocking profit potential for FireEye and the now stand-alone Mandiant Solutions, analysts say.
The White House has written to business leaders, urging them to prioritize having robust ransomware defenses in place. The move comes as the Biden administration pursues multiple strategies to combat ransomware and digital extortion, including ordering a new task force to coordinate all federal investigations.
Internet of things security professionals are expressing concern over Amazon's new Sidewalk - a low-bandwidth network program that will allow some of the company's connected and IoT devices to share Wi-Fi access even outside an owner's home.
Organizations are connecting to industrial control networks at an increasing pace. The need to connect to the IT environment, cloud applications and remote workers has created a definitive gap by eroding the demilitarized zone. Because of this, organizations must deploy new ways to secure operational technology...
XDR - cross-layered detection and response - should be implemented exclusively in the cloud or on premises, says Jason Cavallaro, national IT manager at CJD Equipment, a distributor of construction equipment in Australia.
After the ransomware attack against meat-processing giant JBS, the White House says it has contacted Russia, putting it on notice that "responsible states do not harbor ransomware criminals." Experts say that despite the chaos caused by the Colonial Pipeline hit, the pace of ransomware attacks hasn't slowed.
Former customers of the now-defunct encrypted communications service EncroChat, which was infiltrated by police last year, continue to get busted, including members of a crime syndicate that operated "an industrial-scale cocaine laboratory" in the Netherlands, Europol says.
A newly uncovered ransomware variant dubbed 'Epsilon Red' is targeting organizations in the U.S. hospitality sector, with the threat actor successfully extorting $210,000 from one of its victims, a new report by security firm Sophos notes.
The White House officially released its fiscal year 2022 budget proposal on Friday. The Biden administration is seeking to spend billions on cybersecurity, including $750 million for "lessons learned" from the SolarWinds attack. Officials also want to boost CISA's budget by $110 million.