The Centers for Medicare and Medicaid Services is considering new cybersecurity requirements for hospitals participating in Medicare after a watchdog agency recommended CMS should require the facilities to address the cybersecurity of their networked medical devices.
An unidentified hacking group is deploying a rootkit dubbed Netfilter, which is signed in as a legitimate Microsoft driver but used to affect gaming outcomes, researchers at German security firm G Data CyberDefense say.
NIST has published its definition of "critical software" for the U.S. federal government as the standards agency begins fulfilling requirements laid out in President Biden's executive order on cybersecurity. The software part of the executive order looks to reduce the threat of supply chain attacks.
The Russian-linked cyberespionage group behind the supply chain attack against SolarWinds targeted Microsoft's customer support system as part of a new campaign, the company disclosed in a report. The group, called Nobelium, has been linked to recent attacks against a marketing firm used by USAID.
This edition of the ISMG Security Report features an analysis of CISA's finding that agencies could have prevented follow-on attacks after the SolarWinds supply chain attack by properly configuring firewalls. Also featured: Congressman discusses deterring nation-state attacks; insider threat mitigation tips.
When medical device makers provide a software bill of materials for components contained in their products, it's critical to make that voluminous security information actionable for healthcare customers, says Rob Suárez, CISO at medical device maker Becton Dickinson and Co.
Criminals tricked into using an FBI-run encrypted messaging app, Verizon's 2021 Breach Investigations Report and overcoming the challenges of recruiting cybersecurity professionals are among the latest cybersecurity topics to be featured for analysis by a panel of Information Security Media Group editors.
The latest edition of the ISMG Security Report features an analysis of lawmakers' grilling of Colonial Pipeline CEO Joseph Blount over his handling of the DarkSide ransomware attack. Also featured: How the FBI helped trick criminals into using an encrypted communications service that it was able to monitor.
President Joe Biden's nominees for White House cyber director and CISA director faced questions from senators during their confirmation hearing Thursday, including how the federal government should respond to a recent spate of ransomware attacks and other cyberthreats.
President Biden's recent executive order for bolstering cybersecurity of the federal government contains provisions for enhancing supply chain security that are similar to proposals by the Food and Drug Administration to improve medical device security. But how are the FDA's healthcare-related provisions doing?
Election security improvements, the push for all software to ship with a "bill of materials" and the results of a long-running investigation into a lucrative digital advertising scam are among the latest cybersecurity topics to be featured for analysis by a panel of Information Security Media Group editors.
The White House officially released its fiscal year 2022 budget proposal on Friday. The Biden administration is seeking to spend billions on cybersecurity, including $750 million for "lessons learned" from the SolarWinds attack. Officials also want to boost CISA's budget by $110 million.
"They’re playing games," is how one security expert describes Conti ransomware-wielding attackers' "gift" of a decryptor to Ireland's crypto-locked health service, while still demanding a ransom to not leak stolen health data. The same could be said of the DarkSide gang's promised retirement.
In the wake of recent attacks on supply chains and critical infrastructure, Adrian Mayers says it's time for cybersecurity to be seen as an issue of national defense, and that cybersecurity leaders throughout the private and public sectors must embrace their role to protect national interests.