Cyberattackers love to strike on weekends and holidays - that's not news. What is news: These attacks cost more than weekday incidents, and they take a heavy toll on defenders. Cybereason's Sam Curry shares insight from the new study "Organizations at Risk: Ransomware Attackers Don’t Take Holidays."
Complexity is the enemy of security, and information technology grows ever more complex. Have we created a problem space in computing so complicated that we will be unable to safely operate in it for its intended purposes? Fred Cohen says that's unlikely. He discusses managing risk in the future.
The arrest of a Ukrainian national long wanted on cybercrime charges in the U.S. shows that with much patience, law enforcement can nab suspects. A key member of the JabberZeus gang, which stole tens of millions of dollars, was arrested in Geneva.
The U.S. Federal Trade Commission pushed until June 9 the date for nonbanking financial firms to follow cybersecurity mandates in the updated Safeguards Rule. The agency approved the update in a partisan vote in October 2021, imposing requirements such as a written information security program.
Federal officials released updated guidance for medical device cybersecurity incidents, including ransomware, as cyberattacks against the healthcare sector continue to surge. From mid-2020 through 2021, 82% of healthcare systems reported a cyber incident, 34% of which involved ransomware.
Hospitals face attacks from nation-states seeking medical research and cybercriminals using pediatric patient data to apply for loans, says Stoddard Manikin. Adversaries target pediatric records to exploit the patient's credit and adult records when pursuing insurance or prescription fraud.
Twitter accounts that use SMS for two-factor authentication are at a heightened risk of account takeover with the disclosure that texting "STOP" to the verification service results in it being turned off. The vulnerability opens the door to a password reset attack or a password stuffing attack.
Pro-Kremlin hackers claimed credit for a denial-of-service attack against FBI websites, marking the latest in a series of nuisance attacks. The FBI earlier said it is aware of "pro-Russian hacktivist groups employing DDoS attacks to target critical infrastructure companies with limited success."
Apple, Google and Microsoft supported a new common passwordless sign-in standard, and a key Senate committee approved the Improving Digital Identity Act of 2022. How will these moves pay off in 2023? Identity security expert Jeremy Grant weighs in on trends and predictions for the new year.
Russian hackers have a campaign to maliciously encrypt files of Ukrainian victims. But unlike other ransomware groups, they are doing so without the possibility of offering a decryptor. Ukraine’s Computer Emergency Response Team identifies the group as UAC-0118, also known as From Russia with Love.
A New York-based firm that provides anesthesiology administrative services to 100 surgery centers and medical offices across the U.S. is facing at least five proposed federal class action lawsuits following a July hacking incident that affected some of its clients and over 450,000 of their patients.
Bankrupt cryptocurrency exchange platform FTX says unsanctioned actors made off with customers' digital assets, causing a scramble to secure digital wallets. Estimates of the amount of stolen money are in the hundreds of millions. FTX filed for bankruptcy Friday after entering a liquidity crunch.
President and CEO Sudhakar Ramakrishna says SolarWinds has done massive work implementing security into the build process since the company was hacked in late 2020. Testing, validating and qualifying the integrity of the company's source code has required significant effort, Ramakrishna tells ISMG.
The shift to remote work during COVID-19 has prompted hackers to dramatically boost phishing attacks. The pandemic has led to users reading more corporate email on personal devices and opening messages while distracted by children or pets, increasing the chances they'll click on something malicious.
French defense multinational Thales confirmed that ransomware-as-a-service group LockBit published internal documents but emphasized its operations remain unaffected by the hack. The company says the source of the leak is likely a compromised user account of an online partner collaboration site.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.