Recently acquired RiskLens edged out startup Axio and incumbent ThreatConnect for the top spot in Forrester's first-ever cyber risk quantification rankings. Cyber risk quantification focused on theoretical methodology for about 10 years but shifted to practical applications over the past five years.
Advocate Aurora Health has agreed to pay $12.25 million to settle consolidated class action claims that the Illinois-based hospital chain invaded patient privacy by using tracking codes on its websites and patient portal, according to a preliminary settlement plan in Wisconsin federal court.
Hackers moved faster than system administrators to exploit a zero-day vulnerability in Citrix NetScaler appliances by dropping web shells that remain active even after a patch, warn Dutch security researchers. Dutch firm Fox-IT says researchers "could not discern a pattern in the targeting."
U.K. authorities recently reprimanded health service provider NHS Lanarkshire after staff members shared patient data on messaging service WhatsApp. That privacy lapse demonstrates the risks of shadow IT and the legacy of COVID-19 practices, said attorney Jonathan Armstrong of Cordery Compliance.
Multiple vulnerabilities in data center power management systems and supply technologies enable threat actors to gain unauthorized access and perform remote code injection. The attackers can chain multiple vulnerabilities to gain full access to data center systems.
Protect AI bought one of the world's largest certified naming authorities to create a bug bounty platform focused exclusively on AI and ML open-source software. The acquisition will allow customers to discover exploits in the AI or ML supply chain weeks before they're publicly revealed.
Security researchers from Microsoft disclosed flaws in a software development kit used for industrial applications, warning that hackers could attempt remote code execution. The computer giant says the flaws are in the Codesys software environment developed by the Germany company of the same name.
Public companies disclosing a cyber incident under the new U.S. reporting requirements should focus on the business impact and stay away from the technical pieces, said Venable's Grant Schneider. The disclosure should examine how the incident will affect revenue, profitability and public perception.
In the latest weekly update, ISMG editors discuss the White House's debut of a $20 million contest to exterminate bugs with AI, a New York man admitting to being behind the Bitfinex hack, and a new malware campaign that is targeting newbie cybercriminals in order to steal sensitive information.
In an after-action report on how the Lapsus$ crime group hacked "dozens of well-defended companies with low-complexity attacks," the U.S. Cyber Safety Review Board urges organizations to implement more robust two-factor authentication systems, plus regulations to combat SIM swapping.
In this episode of CyberEd.io's podcast series "Cybersecurity Insights," Aaron Cockerill of Lookout discussed the benefits and concerns associated with generative AI and how to solve challenges related to zero-day attacks, misconfigurations, the cyber skills gap and privacy.
A nonprofit firm that administers government dental programs in Canada paid a "substantial" ransom for a decryptor key and the destruction of data stolen in a recent ransomware attack. But the company is now notifying nearly 1.5 million individuals that the hack compromised their data.
In the latest "Proof of Concept," Mike Baker, VP/IT CISO at DXC Technology and a CyberEdBoard member, and Chris Hughes, co-founder and CISO at Aquia, join ISMG editors to explore the state of the software supply chain, MOVEit breaches and the role of SBOMs and transparency in software development.
Perimeter 81 will be sold to Check Point for $490 million, but it had to slash its valuation by more than half to seal the deal. Check Point said its proposed buy of New York-based Perimeter 81 will fuel the adoption of secure access across remote users, sites, cloud, data centers and the internet.
Changing technologies and markets require adapting an organization's overall cybersecurity strategy, including the scope of our risk management, and then reviewing and adjusting our operational program to deliver the revised vision, said Akm Hasan, head of cybersecurity at Hays PLC.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.