Ukraine traced a cyberattack that delayed a press briefing by the nation's information protection agency Tuesday to Russian Sandworm hackers. The group, which is accused of using wiper malware to disrupt the Ukrainian national Media Center, has close ties to the Russian GRU, investigators say.
BlueVoyant has strengthened its ability to monitor the remediation of supply chain issues and integrate that with questionnaire activity, CEO Jim Rosenthal says. Existing supply chain tools tend to generate lots of risk information but then put the burden on the client to interact with suppliers.
Identity and access management company Okta revealed that its private GitHub repositories were accessed earlier in the month, resulting in the theft of its source code in its Workforce Identity Cloud code repositories. "No customer data was impacted," Okta says.
The latest edition of the ISMG Security Report discusses why it is always a bad idea for organizations to pay hackers for data deletion, practical steps organizations can and should take to avoid being at the heart of a data subject complaint, and the latest efforts to tackle the ransomware threat.
Cloud vendors from Amazon, Microsoft and Google to IBM and Sumo Logic have turned to Sysdig's Falco open-source threat detection engine to secure their environments. Sysdig CEO Suresh Vasudevan says Falco has become the standard for threat detection in the industry.
Ransomware gangs rely on shotgun-style attacks using phishing or stolen remote access credentials to target individuals. This strategy snares less poorly prepared organizations, and that often means healthcare entities. Experts share insights on this plague on healthcare and what to do about it.
Especially for healthcare organizations, repelling ransomware attacks hinges on having robust monitoring and defenses in place to spot the signs of an unfolding attack and shut it down before crypto-locking malware gets unleashed, says Peter Mackenzie, director of incident response at Sophos.
The need for AWS security has increased as S3 buckets have evolved from a dumping ground for data to the home for critical cloud-native applications, says Clumio co-founder and CEO Poojan Kumar. Information in S3 buckets is susceptible to both accidental deletions and cyberattacks.
The push to migrate applications to cloud-native architectures has driven increased use of containers and created the need for more security, says Veracode CEO Sam King. Veracode's expertise in application security helps the company identify open-source code and known vulnerabilities in containers.
ExtraHop has snagged high-profile Check Point, Cylance and Optiv executive Chris Scanlan to help the network security provider reach $500 million in annual recurring revenue. The Seattle-based network detection and response vendor has tasked Scanlan with strengthening ExtraHop's go-to-market motion.
Cyberattackers love to strike on weekends and holidays - that's not news. What is news: These attacks cost more than weekday incidents, and they take a heavy toll on defenders. Cybereason's Sam Curry shares insight from the new study "Organizations at Risk: Ransomware Attackers Don’t Take Holidays."
Complexity is the enemy of security, and information technology grows ever more complex. Have we created a problem space in computing so complicated that we will be unable to safely operate in it for its intended purposes? Fred Cohen says that's unlikely. He discusses managing risk in the future.
A startup that was reportedly almost acquired by Palo Alto Networks for $600 million has instead raised $100 million to forge ahead on its own. App security vendor Apiiro plans to use the proceeds to strengthen its ability to analyze code and developer activities across the software supply chain.
Organizations expect the IT security landscape to be consistent - from builds and hardware to operating systems - but for product security, everything Honeywell makes is a snowflake with flexible, highly tailored design across many technologies, says Honeywell Product Security Chief James DeLuccia.
A surging Microsoft has leapfrogged to the top of the SIEM Gartner Magic Quadrant, catapulting past security operations stalwarts IBM, Splunk, Securonix and Exabeam. Microsoft has climbed from being named a visionary by Gartner last year to crushing the SIEM market in execution ability this year.