For its 25th year, Black Hat USA presented a “unique hybrid event experience, offering the cybersecurity community a choice in how they wish to participate” virtually or in person. It was a jam-packed four days of trainings, conferences, briefings, special events, and cybersecurity solutions.
If you’re like many organizations that have heavily invested in Microsoft 365, you may be considering, or already attempting, to use SharePoint Online as your company file server. After all, it’s “free” since it’s included in the service, right? While Microsoft has made improvements on the front-end with OneDrive for Business and Teams, there are still many challenges and hidden costs associated with using SharePoint as your primary company file system.
Software supply chain is anything and everything that contributes to making software functional. This includes code in the developer system, the CICD pipeline, dependencies, binaries, and deployed software in production, as well as people, processes, and the technology space. With the growing adoption of assembling software from distributed, unmanaged components rather than building it from scratch, more often than not, organizations are not aware whose, or what, code is running within their software.
Distributed containerized systems compose applications, resources, services, databases, and other artifacts. These components often need sensitive information such as user keys, passwords, API keys, and certificates to function properly. Secrets management is critical for adequately handling sensitive information and Kubernetes deployments often utilize their built-in Secrets resource type and associated RBAC controls but what if you aren’t deploying on Kubernetes?
With Cyber Security Awareness month fast approaching, information security professionals and data protection managers will be looking at how to secure board-level buy-in for company-wide cybersecurity awareness campaigns. Often, this is the biggest hurdle for any cyber awareness campaign as senior leadership weighs the costs and benefits of investing in the security of their business. Today we will be looking at some top tips for changing the tide on board-level buy-in.
Medical imaging cybersecurity needs to evolve to meet today’s security threats. Cyberthreats specifically targeting health care institutions have increased over recent years. More data is also at risk since patients have begun widely using telemedicine services. In addition to the risk of information theft, there is a very serious risk to patients, including the potential for physical harm due to compromised medical imaging equipment.
In the past, purchasing cybersecurity insurance was considered a luxury rather than a necessity. However, as the number of cyber attacks continues to grow, many educational institutions have started to buy insurance policies to cover the damaging costs of malware and ransomware attacks. The education sector saw the most cyber attacks in 2021 and 2022 compared to every other industry, including healthcare and finance.
While PCI compliance sets an industry benchmark surrounding cybersecurity for the financial sector, organizations shouldn’t rely on it to protect themselves against data breaches. The harsh truth is that cybercriminals will exploit any weakness in an organization’s IT infrastructure to gain unauthorized access to sensitive data, not just those covered by PCI DSS compliance requirements.
Observing the ongoing conflict between Russia and Ukraine, we can clearly see that cyberattacks leveraging malware are an important part of modern hybrid war strategy. Reports from Trustwave and other security researchers show that Russian cyberattackers have maintained pressure on Ukraine throughout the conflict. This article covers malware that has been used against organizations in Ukraine to destroy systems and data or gain control over targeted systems for surveillance and data staling.
