Zombie APIs are becoming more common, just because of the sheer number APIs and third-party vendors that organizations rely on. Joshua Scott, head of information security and IT at API platform Postman, says businesses need to identify "what is critical to the business and map backward."
Russian military intelligence hackers active in Poland are exploiting a patched flaw in Microsoft Outlook, say cyber defenders from Redmond and Warsaw. Microsoft in a Monday post identifies the hackers as Forest Blizzard, also known as APT28 and Fancy Bear.
A senior Democrat on the Senate Intelligence Committee pledged to block Air Force Lt. Gen. Timothy Haugh from serving as director of the National Security Agency until the agency says whether it is purchasing data on U.S. citizens from data brokers, including location data and web browsing history.
A large, Seattle-based surgical group is notifying nearly 437,400 individuals that their information was potentially compromised in a ransomware and data theft incident earlier this year. The breach is part of a larger, disturbing trend in the healthcare sector in 2023.
New Jersey-based hospital group Capital Health is dealing with a network outage, caused by a cyberattack earlier this week, which is affecting some patient services. Capital Health is at least the second healthcare provider in the Garden State responding to a cyberattack this week.
New York regulators are warning millions of individuals of identity theft risks involving a data theft at a medical transcriber that has now affected patients of at least two major healthcare groups, including Crouse Health and Northwell Health in the state. Lawsuits in the case are also piling up.
A National Institute of Standards and Technology official said agencies are facing a variety of challenges in implementing enterprisewide zero trust architectures, from a lack of insight into their network components to difficult decisions around legacy systems and costly procurement initiatives.
In the constant struggle to manage the other five pillars - identify, protect, detect, respond and recover - security leaders often do not have governance at top of mind, said Netography CEO Martin Roesch, but he added, "Good governance is the root of having good security."
Government-imposed rules on incident reporting by organizations impacted by cyberattacks are not new – many sectors have been subjected to them for decades. What is new is that governments are introducing new, more stringent incident reporting rules that will affect a broader set of organizations.
BlueVoyant purchased a risk management vendor led by an Army veteran to expand its SaaS footprint with U.S. government and defense industrial organizations. Buying Conquest Cyber will allow BlueVoyant to provide cyber risk maturity and compliance assessments to both federal and commercial customers.
Security researchers say attackers are actively attempting to exploit a critical vulnerability in unpatched ownCloud implementations, which they can use to steal credentials and other secret information. Last month, ownCloud said it had sent all users a security alert and updates to fix the flaws.
In this episode of "Cybersecurity Insights," Eyal Fisher discussed Sweet Security's Cloud Runtime Security Suite, which helps CISOS and security teams defend against all stages of a cyberattack by gathering data, generating insights, baselining the normal environment and looking for deviations.
Patient services - including emergency care and telehealth appointments - are still affected at dozens of hospitals and other care facilities in several states operated by Ardent Health Services as the Tennessee-based organization continues to respond to a Thanksgiving Day ransomware attack.
DDoS and other cyberattacks against media outlets and critical services are what Guy Shafir, CTO of Israeli tech vendor WideOps, has been dealing with since the start of the terrorist attacks in Israel on Oct. 7. Shafir shared details about the response to these intense attacks.