This edition of the ISMG Security Report analyzes what prosecutors say is the biggest cryptocurrency seizure in U.S. history as well as the biggest financial seizure. It also details how a school district CISO resigned over the district's handling of a severe data breach and busts Zero Trust myths.
Are ransomware-wielding criminals running scared? That's one likely explanation for the sudden release this week of free, master decryption keys for three different strains of formerly prevalent ransomware: Maze, Sekhmet and Egregor.
The arrest of a married New Yorker couple, charged with laundering bitcoins worth $3.6 billion that were stolen from a currency exchange in 2016, highlights the risk facing anyone who wants to launder large amounts of cryptocurrency and stay free long enough to enjoy their alleged rap career.
Some of the biggest cybercrime-focused darknet markets selling stolen payment card data, passwords, malware and more have retired in the past year, with administrators oftentimes boasting it's because they've gotten rich. As they exit, other players remain ready to grab their market share, experts say.
Four ISMG editors discuss important cybersecurity issues, including misconceptions around Zero Trust implementation, lessons learned from the crippling NotPetya malware attack of 2017 that nearly sank logistics giant Maersk and how a Russian cyberwar in Ukraine could move beyond its borders.
A variety of underground markets exist to help malware-wielding criminals monetize their attacks, including via log marketplaces such as Genesis, Russian Market and 2easy, which offer for sale batches of data that can be used to emulate a victim, whether it's a consumer, an enterprise IT administrator or anyone in...
The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
The Log4j vulnerability exists in unpatched versions of Ubiquiti's UniFi Network applications, and is being actively targeted by attackers via a customized exploit, researchers at security firm Morphisec warn. While updates are available, systems remain at risk until patched.
Learn to understand the gray space in which malicious attack campaigns function in order to get ahead of attackers, and avoid data breaches or negative outcomes for your business.
Organizations today need to rethink how cloud security not only drives stronger predictions, but adds value with ease of use. Learn how you can stop the most evasive attacks automatically with adaptive security.
Change is afoot at Trellix, which is the new name of the cybersecurity software business formed from the merger of McAfee Enterprise and FireEye. CEO Bryan Palma says the extended detection and response - aka XDR - software imperative for his customers is to do more, but with fewer suppliers and management overhead.
In the first of a planned series of articles looking at strategies that have helped her and her teams over the years to not just survive a stressful environment, but thrive in it, cybersecurity executive and CyberEdBoard executive member Kerissa Varma offers this: Be a human, not a terminator.
Four ISMG editors discuss: how too many organizations fail to implement basic cybersecurity defenses - such as MFA; a proposed lawsuit against health insurer Excellus that calls for an improvement to its data security program; and strategies for securing open-source and other software components.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.