In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity and privacy issues, including why being a CISO is like being the first family doctor in a small village, why you can’t trust ransomware gangs such as LockBit, and why cloud security vendor Netskope took on $401 million in debt…

BlueVoyant has strengthened its ability to monitor the remediation of supply chain issues and integrate that with questionnaire activity, co-founder and CEO Jim Rosenthal says. Existing supply chain security tools tend to generate lots of risk information but then put the burden on the client to interact with their suppliers about remediating that risk, Rosenthal…

Researchers analyzing data associated with a recently disclosed zero-day vulnerability in Fortinet’s FortiOS SSL-VPN technology have identified a sophisticated new backdoor specifically designed to run on Fortinet’s FortiGate firewalls. The malware appears to be the work of a China-based threat actor engaged in cyber-espionage operations targeting government organizations and those working with these organizations. It…

The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The issue also impacts products that had the feature enabled in the past. The root cause of the problem is that ManageEngine products use an outdated third-party dependency, Apache Santuario. “This vulnerability…

Microsoft has worked to illuminate the evolving digital threat landscape with in-depth security reports for more than 15 years. Our mission first began with the Microsoft Security Intelligence Report, which ran from 2005 to 2018. It has since evolved into the Microsoft Digital Defense Report, which was first released in 2020. This latest edition explores…

QuSecure, a quantum-computing technology company based in Silicon Valley, today announced the latest version of its security platform, called QuEverywhere — designed to allow organizations to extend quantum-safe security all the way to endpoints like laptops and smartphones, the company said in a statement. QuEverywhere, according to the company, is an app- or browser-based method…

Ransomware continues to be the United Kingdom’s most prominent cybersecurity threat, and the country can expect to see a surge in destructive attacks in 2023, warns the former head of the U.K.’s national cybersecurity agency. Oxford University professor Ciaran Martin says that while overall ransomware activities across the world slumped in 2022, attacks are likely…

Healthcare entities should be on high alert for signs of the BlackCat and Royal ransomware-as-a-service groups, warns the U.S. government, which characterizes the groups as “relatively new but highly capable” threats. The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center in a Thursday threat brief warns that BlackCat conducts triple extortion, meaning…

Network management company Remote.it today announced new features for its core SaaS-based service, including support for the Okta user identification platform and Docker containers, and what it’s describing as “programmatic deployment” of zero trust networks. Essentially, the company said, the idea is to provide automated provisioning and deployment of network access to managed assetts —…