A bombshell news report suggests that Dutch mobile network provider KPN in 2010 didn't know if one of its major equipment suppliers - China's Huawei - was spying on users. Viewed 11 years later, the report stands as a reminder to constantly review and address risks posed by suppliers.
In an unprecedented action, the FBI is removing web shells from on-premises Microsoft Exchange servers at organizations in at least eight states that were infected in a wave of attacks earlier this year. Security experts offer an analysis of the bold move that the FBI took without notifying the organizations.
Dave DeWalt, former CEO of FireEye and McAfee, has been appointed vice chair of the board of LogDNA, a log management company, and he’s committed to the popular “shift left” movement. But he’s also got a keen eye on the broader cybersecurity marketplace and shares insights on its seismic changes.
Citing national security concerns, the U.S. Commerce Department has placed seven Chinese supercomputer organizations on the Entity List, which effectively bars them from receiving supplies or components from U.S. companies.
To help prevent and defend against emerging cyberthreats, CISOs must develop a multi-line defense strategy and invest in threat-hunting capabilities and orchestration, a panel of cybersecurity experts advises.
After the 2008 financial crisis, reform was developed to strengthen the financial resilience of the financial sector but broadly omitted cyber threats and risks.
Yet cyber threats pose a significant challenge to the operational resilience, performance and stability of the financial sector.
Join this session and...
The CyberArk Blueprint Rapid Risk Reduction Playbook helps organizations quickly implement the most critical elements of the CyberArk Blueprint to rapidly strengthen security and reduce risk. This paper reviews the CyberArk Blueprint and explains how the Rapid Risk Reduction Playbook can help jumpstart your privileged...
This multinational pharmaceutical
company’s supply chain was distributed
across multiple manufacturing plants
and countries. While it had a good
understanding of the number of OT devices
on its networks, it wasn’t able to clearly
see how assets were communicating and
where vulnerabilities and risks...
A critical authentication bypass vulnerability could enable hackers to remotely compromise programmable logic controllers made by industrial automation giant Rockwell Automation, according to the cybersecurity company Claroty. Rockwell has issued mitigation recommendations.
Ransomware continues to sting numerous organizations, and the problem only seems to be getting worse. More than ever, the onus is on potential victims to ensure they have essential defenses in place - and if possible, to proactively hunt for attackers who may already be inside their network.
The Senate Intelligence Committee's hearing about the supply chain attack that affected SolarWinds and dozens of other companies and federal agencies answered some questions about what went wrong but also raised four key issues.
As the investigation into the hacking of a water treatment facility in Florida continues, cybersecurity experts say the incident points to the urgent need to enhance operational technology security. Here are five key questions the incident raises.
Organizations in the APAC region are not immune to the impact of the SolarWinds supply chain hack, so it's essential that they reassess their risk management practices and audit their suppliers, two security experts stress.
In defining an IAM strategy for the cloud, CISOs need to automate the processes of provisioning, de-provisioning, monitoring and auditing as well as implementing federated access and API integration, says Rushdhi Mohammad, information security officer at the Industrial Bank of Kuwait.