The U.S. Department of Justice has revised its policy on who it charges with violations under the Computer Fraud and Abuse Act. The DOJ now specifies that good-faith security research and researchers cannot be charged under the CFAA because they help improve cybersecurity standards.
Canada says it will no longer allow the use of products and services from China's Huawei Technologies and ZTE Corp. in its telecommunications systems. The government says its decision is based on reviews by independent security agencies and was made in consultation with its "closest allies."
Attackers who successfully infect targets with ransomware primarily first gain access by exploiting poorly secured remote desktop protocol or VPN connections or by using malware-laden phishing emails, reports security firm Group-IB, based on more than 700 attacks it investigated in 2021.
An emergency directive from the U.S. Cybersecurity and Infrastructure Security Agency advises all federal agencies in the country to immediately patch and address two vulnerabilities - one with a critical CVSS score and the other with a high score - that affect at least five VMware products.
North Korean information technology workers have been attempting to obtain employment in public and private sectors in the United States to fund their home country's weapons of mass destruction and ballistic missiles programs, according to an advisory from U.S. federal agencies.
Poor security configurations, weak controls and gaps in authentication protocols are among the common initial access vectors "routinely exploited" by threat actors, the Five Eyes cybersecurity alliance says. Firms offering cybersecurity services weigh in on the gaps and implementation challenges.
The U.S. Cybersecurity and Infrastructure Security Agency has announced that it is temporarily removing a Windows protection defect from its Known Exploited Vulnerability Catalog because of a risk of authentication failures after the recent Microsoft patch update.
Ransomware group Conti, which has been holding to ransom crypto-locked Costa Rican government systems since April, has claimed on its leak site Conti News that it has "insiders" in the country's government, and that they are working toward the compromise of "other systems."
Google will offer customers access to the same technology it uses to lock down developer workflows to ensure open-source dependencies are addressed. Assured Open Source Software will allow clients to ensure third-party software they're using is scanned, analyzed and fuzz-tested for vulnerabilities.
In this episode of "Cybersecurity Unplugged," Tim Danks of Global Risk Perspectives discusses issues around trusting our global supply chain, including the role of Huawei, the steps needed to secure critical infrastructure, and the process for determining a comfortable level of risk management.
In the latest "Proof of Concept," Lisa Sotto, Jeremy Grant and ISMG editors discuss the significance of Apple, Google and Microsoft supporting the FIDO protocol's passwordless sign-in standard, progress made on Biden's cybersecurity executive order and updates on U.S. cybersecurity and privacy laws.
Italian police reportedly thwarted attempts to disrupt online voting for the music competition Eurovision, allegedly perpetrated by a hacking group called Killnet in retaliation for Russia not being allowed to compete at this year's festival, due to its invasion of Ukraine.
The European Parliament and the Council of the European Union on Friday reached a provisional agreement to set a "baseline for cybersecurity risk management measures and reporting obligations." Called NIS2, it is a modernized framework based on the EU Network and Information Security Directive.
As attack surfaces have grown, so has risk - and adversaries are finding new ways to infiltrate organizations. Wade Ellery of Radiant Logic discusses the convergence of risk, identity management and zero trust security, spelling out new strategies to defend attack surfaces and minimize risk.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.