The U.K. government is considering new measures to boost cybersecurity standards in the country. The proposed laws recommend levying large fines on essential digital service providers for noncompliance with strict cybersecurity rules, and improving incident reporting.
Data on more than 515,000 "highly vulnerable people" has been compromised as the result of a supply chain cyberattack, the International Committee of the Red Cross has disclosed. The organization's humanitarian activities are already being impacted.
In a span of just days, two prominent congressmen who have long advanced cybersecurity at the federal level announced that they will not be seeking reelection in 2022. Reps. Jim Langevin, D-R.I., and John Katko, R-N.Y., will, however, pursue a cyber agenda throughout the remainder of their terms.
GAO auditors say in a new report that the federal government's response to both the SolarWinds software supply chain attack and the exploitation of Microsoft Exchange Servers in 2021 sharpened its coordination efforts, but also exposed information-sharing gaps.
Risk management is essential to the existence of every business. It requires organizations to consider which risks they can accept and which risks they can mitigate. But the problem with risk acceptance is that attackers are "actively looking for risks that you haven't mitigated that they're able to exploit," says...
More than a year after the December 2020 cyberattack on Accellion's File Transfer Appliance, the company has agreed to an $ 8.1 million settlement to resolve a class action against it following the data exposure that resulted in the theft of both consumer and patient data.
The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.
The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
Third-party risk management is a key priority among businesses today. Risk leaders are being forced to quickly adjust to an evolving risk landscape and a growing number of vendors. As a result, companies need an efficient way to handle their vendor management process.
What are best-in-class organizations doing today...
Third-party risk management is a key priority among businesses today. Risk leaders are being forced to quickly adjust to an evolving risk landscape and a growing number of vendors. As a result, companies need an efficient way to handle their vendor management process.
What are best-in-class organizations doing today...
Sen. Gary Peters, D-Mich., who chairs the Homeland Security and Governmental Affairs Committee, said this week that his committee convened a virtual briefing with both CISA and National Cyber Director Chris Inglis to discuss efforts to mitigate the threat posed by the Log4j vulnerability.
The Apache Log4j vulnerability capped the end of a long year for CISOs and incident responders. Security leaders Pooja Shimpi and Deepayan Chanda discuss how they have tackled Log4j - and significant lessons learned about incident response and information sharing.
The JFrog research team discovered a new RCE vulnerability, which will be tracked by NIST as CVE-2021-42392, in the H2 database console. Although the researchers say the root cause of this critical flaw is similar to the flaw in Apache's Log4j, they believe the differences may lessen its impact.
The Apache Log4j vulnerability capped the end of a long year for CISOs and incident responders, and it left them with a mitigation project that carries them well into the New Year. CISOs John Bassett and Martin Dinel discuss how their teams have tackled Log4j - and significant lessons learned.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.
