Latest

3rd Party Risk Management

Philips, CISA Warn of Medical Device Product Security Flaws

Marianne Kolbasuk McGee  •  November 19, 2021

Federal regulators and Philips issued advisories pertaining to several security vulnerabilities in certain patient monitoring and medical device interface products from the manufacturer. Exploitation could allow attackers to access patient data, launch denial of service attacks and more, they warn.

CISO Trainings

Tips for Surviving Big Game Ransomware Attacks

Corey Nachreiner  •  November 16, 2021

Why has the cybercriminal underground put so much effort toward the professionalization of ransomware? Simply put, they are making tons of money from it.

Breach Notification

CISA Warns About Siemens, Philips Medical Device Flaws

Marianne Kolbasuk McGee  •  November 12, 2021

Federal authorities have issued alerts about security vulnerabilities identified in medical device products from manufacturers Siemens and Philips. The two advisories cover 13 flaws in Siemens' Nucleus Real-Time Operating System TCP/IP stack and three issues in certain Philips MRI products.

3rd Party Risk Management

Pace of Cybercrime Evolution Is Accelerating, Europol Warns

Mathew J. Schwartz  •  November 12, 2021

The top cybercrime threats facing organizations in Europe and beyond include ransomware affiliate programs, more sophisticated mobile malware and cryptocurrency-hawking investment fraud, among other types of crime, according to Europol's latest Internet Organized Crime Threat Assessment.

Application Security

Flaws Allow Unlimited Purchases on Apple, Samsung, Google

Prajeet Nair  •  November 11, 2021

Vulnerabilities in Apple Pay, Samsung Pay and Google Pay allow attackers to make unlimited purchases using stolen smartphones enabled with express transport schemes, according to a research report from Positive Technologies. These findings were presented at Black Hat Europe this week.

►

Access Management

Cybersecurity Leadership: Cut Through the Zero Trust Hype

Tom Field  •  November 11, 2021

Zero Trust: Is it the operational model that's going to propel us into a more secure future? Or just another marketing message to be tossed onto the pile of past campaigns? In this latest Cybersecurity Leadership panel, the top minds in the sector weigh in on the present and future of Zero Trust.

Endpoint Security

New Cybersecurity Norms for Wireless Device Makers in EU

Prajeet Nair  •  November 2, 2021

Wireless device makers in the European Union market will soon have to adhere to a new set of cybersecurity guidelines at the design and production stages of manufacturing, according to the European Commission. The guidelines target devices such as mobile phones, tablets and other products.

3rd Party Risk Management

REvil's Cybercrime Reputation in Tatters - Will It Reboot?

Mathew J. Schwartz  •  October 27, 2021

Will the notorious ransomware operation known as REvil, aka Sodinokibi, reboot yet again after someone apparently messed with its infrastructure? Experts suggest that the operation's brand is burned, and administrators will launch a new group. Many affiliates, meanwhile, already work with multiple groups.

Cybercrime

Memo to Ransomware Victims: Seeking Help May Save You Money

Mathew J. Schwartz  •  October 25, 2021

While ransomware might be today's top cybercrime boogeyman, attackers aren't infallible. The latest example: Errors in DarkSide - and its BlackMatter rebrand - enabled security experts to quietly decrypt many victims' files for free, saving millions in potential ransom payments.

3rd Party Risk Management

Ransomware Warning: Are Businesses Stepping Up?

Anna Delaney  •  October 22, 2021

The latest edition of the ISMG Security Report features an analysis of whether businesses are stepping up their ransomware defenses in response to several warnings released by the U.S. and U.K. governments highlighting the threat posed to infrastructure. Also featured are the Thingiverse data breach and airline fraud...

3rd Party Risk Management

Ransomware: Average Ransom Payment Stays Steady at $140,000

Mathew J. Schwartz  •  October 21, 2021

When a business, government agency or other organization hit by ransomware opted to pay a ransom to its attacker in Q3, the average payment was $140,000, reports ransomware incident response firm Coveware. It says the attack landscape has seen some notable shifts since the Colonial Pipeline attack.

Business Continuity Management / Disaster Recovery

US Agencies to Water Facilities: You May Be Next Target

Dan Gunderman  •  October 15, 2021

U.S. federal agencies issued a joint advisory around potential cyber threats to the nation's water facilities. They cite "ongoing malicious cyber activity - by both known and unknown actors - targeting the IT and OT technology networks, systems and devices" of U.S. water and wastewater systems.