Organizations expect the IT security landscape to be consistent - from builds and hardware to operating systems - but for product security, everything Honeywell makes is a snowflake with flexible, highly tailored design across many technologies, says Honeywell Product Security Chief James DeLuccia.
Software as a service - it's the new shadow IT, says Phyllis Woodruff of Global Payments. And it highlights the new challenges arising for security leaders overseeing their organizations' cloud migrations. She discusses how to make cloud "bulletproof" for business teams.
North Korean state hacking group Kimsuky is developing Android malware targeted at South Korean users by disguising the apps as legitimate apps including a Google security plug-in and a document viewer. Seoul-based cybersecurity company S2W dubs the apps FastFire, FastSpy and FastViewer.
Threat actors are using Internet Information Services - Microsoft's extensible web server software - to deliver a previously undocumented dropper that is being used to install a new backdoor and other tools. The group dubbed Cranefly uses a new backdoor called Danfuan, researchers say.
Customer engagement platform Twilio says the number of customers affected by a phishing campaign that coaxed employees of the San Francisco company into permitting attackers to bypass multifactor authentication protections will stand at a final tally of 209.
Fallout from the hack of Australian health insurer Medibank continues to worsen as the company twice this week acknowledged a wider set of affected individuals. Hackers had access to the personal data of 4 million individuals and significant amounts of health claims data.
A surging Microsoft has leapfrogged to the top of the SIEM Gartner Magic Quadrant, catapulting past security operations stalwarts IBM, Splunk, Securonix and Exabeam. Microsoft has climbed from being named a visionary by Gartner last year to crushing the SIEM market in execution ability this year.
Nearly one month after a ransomware attack on the nation's fourth-largest hospital network, CommonSpirit Health is still struggling to bring online the various IT systems - including electronic medical records, prescriptions and patient appointment scheduling - affected at many of its facilities.
Parliament IT systems in two East European capitals were disrupted Thursday. The Poland Senate said a distributed denial-of-service attack partially originated from inside Russia. In Slovakia, a Parliament speaker postponed voting after telling lawmakers that vote-counting systems were not working.
One of Australia's largest private testing laboratories announced a data breach affecting 223,000 Australians. Ransomware-as-a-service group Quantum took credit for the incident, posting an 86-gigabyte file in June. "There is no evidence of misuse of any of the information," says Medlab Pathology.
The Department of Homeland Security released a set of cybersecurity practices for critical infrastructure containing basic measures such as requiring multifactor authentication and disabling AutoRun. The word "voluntary" was in heavy rotation during the Thursday rollout.
Forescout will get its fourth CEO since September 2020 as the IoT security firm lays off an unspecified numbers of employees. Wael Mohamed will exit day-to-day management after just 19 months in the top role in a tenure punctuated by the acquisitions of CyberMDX and Cysiv.
Healthcare entities need to rehearse breach response playbooks to avoid paying fines to the Department of Health and Human Services for poor incident response after a severe breach. Well-tested security incident response plans ensure the security of patient data, says the HHS Office of Civil Rights.
Synthetic identity fraud is the fastest-growing financial crime in the country. By combining real and fabricated personal information, a synthetic identity is specifically designed to look and act like a valid identity - until it doesn’t, leaving financial losses and criminal activity in its wake.
A Chinese disinformation campaign seeks to dissuade U.S. voters from participating in the November midterm elections, finds research from Mandiant. The campaign, nicknamed Dragonbridge, also likely impersonated researches unmasking Chinese threat actors.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.