Risk Management Archives - Page 5 of 18

Another Cybersecurity Awareness Month Has Passed and Little Has Changed

Issued by: Security Week

Last month we celebrated the 18th year of the Cybersecurity Awareness Month, which was previously known as National Cybersecurity Awareness Month. Under the slogan “Do Your Part. #BeCyberSmart”, the Cybersecurity and Infrastructure Security Agency (CISA) together with the National Cyber Security Alliance (NCSA) each year encourage individuals and organizations to own their role in protecting…

Malware & Threats

FBI: Ransomware Attacks Exploit Financial Business Events

Issued by: Security Week

Ransomware actors are known for performing extensive research prior to launching an attack on victims, using publicly available information, along with material non-public data. Should the victim refrain from paying the ransom, the attackers threaten to disclose the gathered information publicly, thus attempting to extort the victim, the FBI warned. “Ransomware actors are targeting companies…

Software Security

Remote Work Security: Handling Setbacks in the Time of COVID-19

Issued by: Security Intelligence

Most security experts, IT workers and leaders understand that the pandemic brought a decline in business and digital safety. A big part of that is the rush to get set up at home and establish remote work security. But why, exactly? It turns out that surprising factors degraded the security of the remote workforce. Let’s…

Malware & Threats

Ransomware Hit SCADA Systems at 3 Water Facilities in U.S.

Issued by: Security Week

The alert was issued by the FBI, CISA, the EPA and the NSA. The agencies are aware of attacks — launched by both known and unknown threat actors — against the IT and OT (operational technology) networks of water facilities. The agencies noted that while cyber threats are increasing across critical infrastructure sectors, the latest…

Malware & Threats

Nations Vow to Combat Ransomware at US-Led Summit

Issued by: Security Week

The United States gathered the countries — with the notable exception of Russia — to unify and boost efforts to fight a cybercrime that is transnational, on the rise and potentially devastating. “The threat of ransomware is complex and global in nature and requires a shared response,” the joint summit statement said, adding the nations…

Network Security

CISA Opens IPv6 Guidance to Public Feedback

Issued by: Security Week

Named IPv6 Considerations for TIC 3.0, the document was issued in line with Office of Management and Budget (OMB) Memorandum 21-07, which mandates CISA to enhance the Trusted Internet Connections (TIC) program to ensure Internet Protocol version 6 (IPv6) is implemented within federal IT systems. The new IPv6 guidance is meant to provide information on…

Software Security

A Journey in Organizational Cyber Resilience Part 2: Business Continuity

Issued by: Security Intelligence

Keeping a business up and running during a problem takes the right people for the job. When it comes to cyber resilience through tough times, many things come down to the human factor. We focused on that in the first piece in this series, but it also makes a big difference to the second topic:…

Software Security

How DevSecOps Can Secure Your CI/CD Pipeline

Issued by: Security Intelligence

Many companies today automate their software development life cycle with continuous integration and continuous delivery (CI/CD). It’s part of the broader DevOps movement to speed software development while reducing errors. Continuous integration builds and tests code automatically, while continuous delivery automates the entire software release process up to production. In order to secure it, industry…

Network Security

CISOs Faced With Friction, Resistance From Remote Workers Over Security Controls

Issued by: Security Week

The cyberthreat to working from home is well understood. Security teams are suddenly faced with hundreds and often thousands of new endpoints that are beyond the protection of the office system, and outside the reach of their visibility. While there are technological answers to this problem, new research from HP Wolf Security indicates that implementing…

Software Security

ICS Vendors Assess Impact of INFRA:HALT Vulnerabilities

Issued by: Security Week

Forescout Research Labs and JFrog Security Research found a total of 14 vulnerabilities in NicheStack, a TCP/IP stack used by many operational technology (OT) vendors. The flaws, a majority of which have been assigned critical and high severity ratings, can be exploited for remote code execution, denial of service (DoS) attacks, obtaining information, TCP spoofing,…