This edition of the ISMG Security Report features an analysis of key takeaways from the breaches tied to flaws in the Accellion File Transfer appliance. Also featured: Equifax CISO Jamil Farshchi on transforming supply chain security, plus an analysis of how "work from anywhere" is affecting cybersecurity.
Researchers with Microsoft and FireEye are disclosing additional malware used by the hacking group that targeted SolarWinds last December. These second-stage malware variants appear to have been deployed after organizations downloaded the "Sunburst" backdoor hidden in a software update.
The Russian carding and fraud discussion forum Maza has been breached, and hackers have leaked what appear to be legitimate members' details, including email addresses and forum credentials, threat-intelligence firms report. The breach and data leak follows a recent wave of attacks against cybercrime forums.
The SolarWinds supply chain attack should prompt federal agencies and others to rethink how they approach security issues - especially identity and access management, according to a breakdown of the attack presented this week by NIST and CISA.
Qualys has confirmed that its Accellion File Transfer Appliance software was breached by zero-day-wielding attackers after stolen customer data appeared on the Clop ransomware gang's data leaks site. The security firm's public breach notification comes more than two months after the firm first learned it had been...
The security firm Okta shook up the identity and access management market Wednesday by announcing a $6.5 billion deal to acquire the customer IAM technology supplier Auth0. Two other cybersecurity M&A deals were also announced this week.
One day after Microsoft disclosed four serious flaws in Microsoft Exchange email servers, attackers are going on a wide hunt for vulnerable machines, some security experts say. The flaws could be exploited for creating backdoors for email accounts or installing ransomware and cryptominers.
New authentication models, including dynamic authorization and continuous authentication, that work well for consumers can be adopted for employees as well, says Thomas Malta, head of identity and access management at the Virginia-based Navy Federal Credit Union.
Endpoint security and management has become very complex. Despite investments in teams and tools, organizations still struggle with visibility gaps across their IT environment, organizational silos and broken workflows that leave businesses exposed to risk.
Tanium commissioned Forrester Consulting to survey more...
Cyber security has become a war of attrition where organizations, government agencies and the Department of Defense (DoD) are facing new threats every day. But years of poor IT hygiene have limited their visibility into the IT infrastructure. This is not only opening doors into the network for cyber criminals, but it...
2020 was a tumultuous year for IT security and operations (IT SecOps). They were faced with seemingly unsurmountable challenges. But the most forward-looking organizations are rising to the business risk and security readiness challenges imposed by the COVID-19 pandemic.
Download this analyst report, featuring...
Digital transformation is a way of life in today’s business world. It touches all corners of the enterprise in ways that were once unimaginable. CIO and IT executives at companies of all sizes and in all industries are quickly coming to realize that most legacy tools and processes are, at best, inefficient and are...
Microsoft issued emergency software patches on Tuesday for four zero-day vulnerabilities in its Exchange email server. The alarming vulnerabilities could allow a remote attacker into Exchange and possibly enable further lateral movement.
In this era of "work from anywhere," identity and access management solutions are challenged more than ever. What are the strategies and solutions recommended by top CEOs and CISOs in the cybersecurity sector? An expert panel weighs in.