Is WordPress vulnerable or a victim of ubiquity? (Source: Bluehost)

3 Weeks, 6 Bugs: Experts Analyze, Advise on WordPress Flaws

Soumik Ghosh • January 21, 2022

Since Jan. 1, security researchers have identified six vulnerabilities affecting hundreds of thousands of WordPress websites. Cybersecurity experts say that the ubiquity of the content management platform makes it a prime target for attackers, and they offer holistic security solutions.

►

Application Security

Profiles in Leadership: Marcel Lehner, CISO, MM Group

Latest

3rd Party Risk Management

Why Third Parties are the Source of So Many Hacks

Isa Jones • January 14, 2022

Protecting your critical access points and assets should be the number one priority in your cybersecurity strategy.

Governance & Risk Management

Insider Threats are a Quiet Risk in your System

Isa Jones • January 14, 2022

No matter the root cause, the result is the same: reputation damage, fines, compliance issues, and of course the ripple effects that extend outward from a breach.

Governance & Risk Management

Zero Trust Is More Than A Buzzword

Isa Jones • January 14, 2022

Since no one is trusted in this model, insider and outsider access needs to be verified and authenticated each time a user logs into a system.

3rd Party Risk Management

Log4j Updates: Flaw Challenges Global Security Leaders

Devon Warren-Kachelein • January 12, 2022

The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.

Cybercrime

FIN7 Targets US Enterprises Via BadUSB

Prajeet Nair • January 11, 2022

Cybercrime gang FIN7 is impersonating the U.S. Department of Health and Human Services and Amazon to trick enterprises in the U.S. into using a malicious flash drive, according to the FBI. The threat actor targeted undisclosed companies in the transportation, defense and insurance sectors.

Fraud Management & Cybercrime

Ransomware's Threat to the Mainframe

Tom Field • January 10, 2022

One common misconception about the mainframe is that ransomware poses no significant threat to it. Edward Shim of BMC Software dispels this myth and offers insight on how to shore up some of the mainframe's inherent weaknesses that adversaries may target.

DevSecOps

Mainframe DevOps: What Modernization Means

Tom Field • January 10, 2022

"Mainframe" and "modernization" are not often used in the same sentence. But Eric Odell and Paul Allard of BMC Software share a mainframe DevOps strategy that can result in cost savings, automation efficiencies and reduced risk of mainframe defects.

Cryptocurrency Fraud

Coming Invasion? Russian Cyber Activity in Ukraine Escalates

Anna Delaney • January 7, 2022

The latest edition of the ISMG Security Report features an analysis of the recent surge in Russian cyber interference in Ukrainian government and civilian networks, the impact of China's privacy law, and the battle against cryptocurrency cybercrime.

Governance & Risk Management

FTC Threatens Action Against Orgs Failing to Mitigate Log4j

Dan Gunderman • January 5, 2022

The U.S. Federal Trade Commission, the nation's top consumer protection agency, issued notice that it "intends to use its full legal authority to pursue companies" failing to mitigate against Apache's Log4j vulnerabilities – or similar vulnerabilities in the future.

Breach Notification

T-Mobile: Some Customers Affected by SIM Swap Data Breach

Devon Warren-Kachelein • January 3, 2022

Mobile carrier T-Mobile fell victim to another data breach, this time linked to a SIM swap attack that affected "a very small number" of its 105 million customers. Details remain scarce, but T-Mobile says it has enacted proper incident response protocols to limit the number of people affected.

3rd Party Risk Management

ISMG Editors: 'Year in Review' Special

Anna Delaney • December 31, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how the ransomware-as-a-service model shifted in 2021, the rise of fraud in faster payments and how to prevent it, and one CISO's take on the state of the industry.

3rd Party Risk Management

ISMG's Greatest Hits: Top Cybersecurity Stories of 2021

Devon Warren-Kachelein • December 30, 2021

ISMG's global editorial team reflects on the top cybersecurity news and analysis from 2021 and looks ahead to the trends already shaping 2022. From ransomware to Log4j, here is a compilation of major news events, impacts and discussions with leading cybersecurity experts on what to expect in the new year.