The U.S. National Institute of Standards and Technology has revised its guidance for organizations to counter supply chain risks. The new document addresses how to identify, assess and respond to cybersecurity risks throughout the supply chain at all levels of an organization.
Financially motivated and state-sponsored threat actors continue to evolve their tactics, techniques and procedures for successful attacks against healthcare and public health sector entities, federal authorities warn in a new report on the latest ransomware trends in healthcare.
Cybersecurity companies took Thursday's sell-off on the chin, with Rapid7, Cloudflare and SentinelOne experiencing double-digit stock price drops in Wall Street's worst day of 2022. The Nasdaq Composite Index fell 5% Thursday amid concerns around inflation and soft earnings from online retailers.
Two signs that the tide may finally, if slowly, be turning on ransomware: The number of victims who choose to pay continues to decline, while the amount they pay - when they choose to do so - recently dropped by one-third, reports ransomware incident response firm Coveware.
Don't stockpile cryptocurrency in case your organization falls victim to ransomware-wielding attackers and opts to pay a ransom. This might seem obvious to anyone aware of the volatility in Bitcoin's value, but some organizations reportedly used to employ this incident response strategy.
Forrester analysts Allie Mellen and Jeff Pollard discuss their new research on the analyst experience, or AX. AX involves how security analysts perceive their interactions with security products, services and processes, and Mellen and Pollard say it can improve the SOC and security analyst workflow.
Michael Lines is working with ISMG to promote awareness of the need for cyber risk management, and the CyberEdBoard is posting draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself." This chapter is titled "Recognize Their Attacks."
Almost all ransomware-wielding attackers accept Bitcoin for ransom payments, but many prefer Monero, thanks to the privacy-preserving coin being tougher for law enforcement officials to track. But advanced intelligence efforts to try and unmask criminal users of both Bitcoin and Monero are ongoing.
SonarSource has raised $412 million on a $4.7 billion valuation to establish a physical presence in Asia and increase its wallet share with existing customers. The company wants to open an office in Singapore and pursue opportunities in China, South Korea, Taiwan, Singapore, Japan and Australia.
Gartner heaped praise on Synopsys for having the most complete vision and strongest execution ability around application security testing, while Checkmarx took the silver. Veracode was awarded bronze for its execution ability, while HCL Software took the bronze for completeness of vision.
The Food and Drug Administration's decision to incorporate "quality systems regulations" into its new draft guidance for premarket medical device cybersecurity is an important development in the scope of the agency's expectations for manufacturers, says Dr. Suzanne Schwartz of the FDA.
Sophos bought early-stage vendor SOC.OS to help customers detect abnormalities in their IT environment earlier by ingesting data from third-party platforms. SOC.OS will allow customers to extract information sooner from non-Sophos firewalls, network proxies and endpoint security technology.
VMware's Tom Kellermann is out with Modern Bank Heists 5.0, his latest look at the attackers and attacks targeting financial services. Subtitled "The Escalation," this report looks at the increase in destructive attacks, ransomware and hits on cryptocurrency exchanges. Kellermann shares insights.
A week after Microsoft announced the Windows Autopatch feature and declared that, come July, the tradition of Patch Tuesday will end, it's Patch Tuesday again, and the company has issued more than 100 security fixes for software that resolve critical issues, including two zero-day vulnerabilities.
Targeted attacks on a Ukrainian energy facility have been confirmed by CERT-UA. In a joint operation carried out by the Ukrainian CERT with security companies Microsoft and ESET, it was found that an ICS-capable malware and several regular disk wipers were used in the attack.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.
