A new self-assessment tool aims to help public and private sector organizations assess their level of vulnerability to insider threats, according to CISA. The agency also indicated this week it will keep its "rumor control" website active ahead of the 2022 midterm elections.
A bipartisan effort to implement cybersecurity incident reporting and the tracking of ransomware payments has been introduced by leaders of the Senate Homeland Security and Governmental Affairs Committee. While it differs from legislation introduced in July, lawmakers hope to reconcile the bills.
Of all the areas under his direction - business continuity, GRC, data governance - third-party risk is the most challenging, says Peter Gregory, senior director of cyber GRC at GCI General Communications Inc. "Their breach is my breach," he says, offering mitigation advice.
Cybersecurity vendor VMware has published a security advisory detailing 19 vulnerabilities affecting its vCenter server and Cloud Foundation products and has released fixes for all of them. One of the flaws has a high CVSS of 9.8, and CISA is warning of its "widespread exploitation."
Rant of the day: Are we getting hacked because we now work remotely in the new normal? No, we're being hacked because we're not managing our risks and being lazy - and because the CISO is not being heard.
All enterprises face potential losses due to insider threats, whether the threat actors are malicious or otherwise. This white paper delves into
All enterprises face potential losses due to insider threats, whether the threat actors are malicious or otherwise. This white paper delves into where insider threats come...
Trust but verify, privilege access and continuous monitoring with an "assume breach" mindset are the principles an enterprise must follow to begin its "zero trust" journey, says Terence Gomes, country head of Microsoft Security India.
In a bid to address security risks associated with the use of virtual private network solutions, the National Security Agency and the Cybersecurity and Infrastructure Security Agency on Tuesday offered government leaders guidance on selecting remote access VPNs and strengthening their security.
You can't decrease the motivation of ransomware attackers. But you can curb their success by bolstering your own enterprise's approach to access, credentials and privileges. Morey Haber and James Maude of BeyondTrust share insights on ransomware defense.
Cybersecurity and computer science experts testifying before Congress on Tuesday expressed concerns about their inability to access key social media data sets that could allow them to analyze and potentially counter the spread of misinformation.
To successfully adopt the "zero trust" model, it is not enough to have good access control, says David Fairman, CSO, APAC at Netskope. He discusses how to secure your network using zero trust, which is especially important when employees are working from anywhere.
The Russia-linked cyberespionage group Nobelium, which was responsible for the SolarWinds supply chain attack, has developed and deployed a new malware, dubbed FoggyWeb, according to a Microsoft Threat Intelligence Center security blog. Microsoft says FoggyWeb creates a backdoor to exfiltrate data.
The world is experiencing a cybercrime pandemic, which is a direct consequence of COVID-19, according to Amit Basu, CISO and CIO at International Seaways. He offers proactive prevention measures, based on his own experience, for how organizations can stay safe and secure.
The U.S. Department of Commerce is soliciting input on a Trump administration cybersecurity executive order that requires cloud providers to verify the identities of certain users - particularly cyber actors potentially operating abroad and leveraging U.S. cloud technologies.