In a span of just days, two prominent congressmen who have long advanced cybersecurity at the federal level announced that they will not be seeking reelection in 2022. Reps. Jim Langevin, D-R.I., and John Katko, R-N.Y., will, however, pursue a cyber agenda throughout the remainder of their terms.
Attackers have been actively targeting Log4j vulnerabilities, or Log4Shell, vulnerabilities in the servers of virtualization solution VMware Horizon to establish persistent access via web shells, according to an alert by the U.K. National Health Service.
JPMorgan Chase will earmark $12 billion for technological updates - including cloud migration, upgrading legacy architecture, data strategy, and emerging technologies. About half of this budget will go toward security modernization, while the other half will be invested into digital innovation.
Privacy regulators in Europe last year imposed known fines totaling more than $1.2 billion under the EU's General Data Protection Regulation, including two record-breaking sanctions, law firm DLA Piper finds. The total value of fines in 2021 was nearly a sevenfold increase from that seen in 2020.
After the defacement of multiple Ukrainian government websites last week and subsequent deployment of destructive malware against Ukraine over the weekend, Lithuanian officials have offered to deploy the EU's Cyber Rapid Response Team to help Ukraine deal with cyberattacks.
GAO auditors say in a new report that the federal government's response to both the SolarWinds software supply chain attack and the exploitation of Microsoft Exchange Servers in 2021 sharpened its coordination efforts, but also exposed information-sharing gaps.
Threat actors who use data-sharing website Doxbin have had passwords, decryptor keys, multifactor authentication codes and stealer log information leaked online, according to some security experts. Doxbin is used by threat actors to dump victims' personally identifiable information.
More than a year after the December 2020 cyberattack on Accellion's File Transfer Appliance, the company has agreed to an $ 8.1 million settlement to resolve a class action against it following the data exposure that resulted in the theft of both consumer and patient data.
The FCC is considering changes to its breach notification requirements for telecommunication companies. FCC Chairwoman Jessica Rosenworcel confirmed in a statement this week that the agency is strengthening its rules for both customer and federal law enforcement notification of breaches involving customer proprietary...
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of incident repose planning; the worldwide impact of the LOg4j flaw, which may lead to 2022 being the year of the SBOM; and the increasingly blurred line between conventional...
Multiple government sites in Ukraine, as well as Swedish, U.K. and U.S. embassy websites, have been defaced with warnings to "be afraid and expect the worst." The defacements occurred after a week of "intensive" but unresolved talks between NATO and Russia, which continues to mass troops on Ukraine's border.
The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.