July 10, 2024 at 07:48AM The author reflects on their 100 columns for SecurityWeek and the lack of progress in cybersecurity. They note the increasing frequency and severity of cyber breaches and emphasize the human element in security vulnerabilities. They advocate for enhancing identity management, endpoint security, cloud and supply chain risk management, risk-based prioritization, … Read more
June 24, 2024 at 04:38AM The IT world’s diverse issues converge on the importance of software and services supply chain integrity. Despite its critical role, end-of-life database software receives inadequate attention, contrasting with the prominent AI and cybercrime coverage. Parallels are drawn with the food standards regulatory system, advocating for a similar approach to software … Read more
June 20, 2024 at 10:40AM The NIST Cybersecurity Framework 2.0 (NIST CSF 2.0) arrives at a critical moment, as ransomware attacks and other cybersecurity threats are on the rise. It emphasizes the need for organizations to reevaluate their security measures, make targeted investments, and prioritize organization-wide security hygiene to effectively combat evolving cyber threats. Based … Read more
June 7, 2024 at 12:06PM In 2023, cyberattacks caused substantial damage, but many could have been prevented with basic cyber hygiene. An upcoming webinar, “Better Basics Win the Cybersecurity Threat War: Defend, Deter, and Save,” will cover the latest cybersecurity trends, the power of CIS Controls and Benchmarks, and the benefits of CIS SecureSuite Membership. … Read more
May 28, 2024 at 09:31AM Generative artificial intelligence (GenAI) is being adopted by over 55% of organizations, yet concerns remain about secure implementation. A recent poll found five main concerns, and recommends steps to ensure safe implementation. These include implementing a Zero-Trust Security Model, adopting Cyber Hygiene Standards, establishing a Data Security and Protection Plan, … Read more
May 17, 2024 at 08:33AM A new report by XM Cyber has revealed a significant disparity between organizations’ security efforts and actual threats, uncovering 40 million exposures affecting business-critical assets. It emphasizes the need to prioritize high-impact exposures over traditional focus on CVE-based vulnerabilities. The report also underscores the importance of industry-specific security approaches and … Read more
May 7, 2024 at 07:09AM FBI Director Christopher Wray warned Congress about foreign cyber-agents pre-positioned in US critical infrastructure networks, emphasizing the potential for Chinese hackers to cause real harm. He urged a wake-up call for organizations managing America’s infrastructure to prioritize cybersecurity, as previous warnings have gone unheeded. The urgency to act now to … Read more
May 3, 2024 at 05:09PM The 2024 Paris Olympics face cybersecurity challenges despite improved protection compared to previous events. Outpost24 identified security gaps including open ports, SSL misconfigurations, and domain squatting, giving attackers opportunities. France’s ANSSI agency is preparing for cyber threats, but diverse, sophisticated attacks are expected, influenced by geopolitics. Securing the rapidly changing … Read more
April 15, 2024 at 10:41AM A Russian threat actor is targeting game developers with fraudulent Web3 gaming projects, spreading infostealers on MacOS and Windows. The goal is to defraud and steal cryptocurrency wallets. The campaign uses fake social media accounts and impersonates legitimate projects. The report recommends maintaining vigilance, providing training to recognize social engineering … Read more
March 11, 2024 at 08:09PM The Biden administration and lawmakers are pressuring UnitedHealth Group to help medical providers affected by a ransomware attack on Change Healthcare. The attack caused disruptions and cash flow issues for providers, with the hackers receiving over $22 million in ransom. Lawmakers are calling for stronger cybersecurity standards in the healthcare … Read more