U.S. regulators have proposed that Colonial Pipeline, which was hit by a cyberattack in May 2021, be fined $986,400 over a series of federal pipeline safety regulation violations. The ransomware attack caused fuel shortages along the U.S. East Coast, where the firm operates a 5,500-mile pipeline.
The "financial burden" of a December 2021 cyberattack and the aftereffects of the COVID-19 pandemic forced 157-year-old Lincoln College in Illinois to cease operations on Friday, its president, David Gerlach, says. The school underwent a three-month-long recovery period during enrollment season.
CERT-In has mandated that starting June 28, both government and private organizations in the country must inform the agency within six hours of discovering a cybersecurity incident. What do CISOs feel about this, and how are they planning to approach this new requirement?
An exploit has been created using critical remote code execution vulnerability CVE-2022-1388 in BIG-IP network traffic security management appliances. F5 BIG-IP admins are advised to immediately implement the patches for this vulnerability, which were released last week.
The Ukrainian CERT has issued a statement saying that a "massive" Jester Stealer malware distribution campaign, designed to steal authentication data, is currently underway. The malware, operated by an unknown attacker, self-destructs after its operation is complete, the agency's statement says.
The massive leak of internal communications from the Conti ransomware group has highlighted the extent to which cybercrime syndicates regularly beg, borrow, steal or sometimes even partner or collaborate, all in pursuit of increasing their illicit profits.
Microsoft plans to roll out new managed services that give organizations the expertise needed to proactively hunt for threats and extend XDR beyond the endpoint. Microsoft Security Experts features new managed services as well as existing services around incident response and modernization.
The U.S. Department of State is offering rewards of up to $10 million for information that leads to the identification or location of any individual who holds a key leadership position in the Conti ransomware variant transnational organized crime group.
Apple, Google and Microsoft are joining forces to back a standard that will allow websites and apps to offers passwordless sign-ins across devices and platforms. The three OS and browsing giants have put their weight behind a common passwordless sign-in standard created by the FIDO Alliance.
Virtual currency mixer Blender.io has been sanctioned by the U.S. for enabling North Korea to conduct "malicious cyber activities and money laundering of stolen virtual currency," the U.S. Treasury Department’s Office of Foreign Assets Control says in its first sanctioning of a currency mixer.
The European Parliament has granted Europol permission to receive and process datasets from private parties and pursue research projects for better handling of security-related cases. Use of these powers will be overseen by the European Data Protection Supervisor and the Fundamental Rights Officer.
The U.S. National Institute of Standards and Technology has revised its guidance for organizations to counter supply chain risks. The new document addresses how to identify, assess and respond to cybersecurity risks throughout the supply chain at all levels of an organization.
U.S. President Joe Biden on Thursday signed into the law the Better Cybercrime Metrics Act, which aims to improve data collection on cybercrimes. The law requires the DOJ and the FBI to compile detailed statistics about cybercrime and develop a taxonomy to help contextualize and sort this data.
John Kindervag, creator of Zero Trust, and two ISMG editors discuss whether we have advanced or regressed in security technology, implementing Zero Trust security in OT environments, and how federal agencies are progressing with Zero Trust adoption a year after the cybersecurity executive order.
Financially motivated and state-sponsored threat actors continue to evolve their tactics, techniques and procedures for successful attacks against healthcare and public health sector entities, federal authorities warn in a new report on the latest ransomware trends in healthcare.