Advertisement
Breach reporting required for health apps and devices, FTC says
A new policy statement makes it clear that the US Federal Trade Commission will hold healthcare app and device makers accountable for reporting data breaches.
10 top API security testing tools
Application programming interfaces have become a favorite target for attackers. These tools and platforms (both commercial and open source) will help identify errors, vulnerabilities, and excessive permissions.
Exchange Autodiscover feature can cause Outlook to leak credentials
A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers. Here’s what companies can do now to...
Advertisement
Yes, the FBI held back REvil ransomware keys
The ransomware keys might have been acquired by an ally, which would invoke the third-party doctrine where the decision to release was not the FBI's alone.
US cryptocurrency exchange sanctions over ransomware likely not the last
The sanctions are aimed to cut ransomware gangs off from their revenue. Advisory on sanctions risks regarding ransomware payments also updated.
How to mitigate the Microsoft Office zero-day attack
Follow this advice to block malicious Office files from doing harm to your network even if you've implemented Microsoft's recommended actions.
Software cybersecurity labels face practical, cost challenges
The federal government wants consumer software to have cybersecurity labels; experts question the feasibility of the mandate.
The Kaseya ransomware attack: A timeline
REvil's ransomware attack on software provider Kaseya underscored the threats to supply chains that ransomware groups pose. Here is an up-to-date timeline of the attack.
Biden sanctions Suex cryptocurrency exchange to stifle ransomware payments
In the wake of significant ransomware attacks, President Biden has sanctioned cryptocurrency exchange Suex in a clear attempt to prevent ransomware payments.
The new math of cybersecurity value
An increasing number of CISOs are devising a new set of metrics to show how they’re impacting risk at their organizations.
Advertisement
CRISC certification: Your ticket to the C-suite?
Certified in Risk and Information Systems Control (CRISC) is a certification that focuses on enterprise IT risk management. Learn about the exam, prerequisites, study guides, and potential salary.
APT actors exploit flaw in ManageEngine single sign-on solution
US government agencies urge immediate action to look for indicators of compromise and, if found, take recommended steps to mitigate.
Cybersecurity Snippets
5 observations about XDR
The technology is evolving, so security professionals and pundits must be open-minded and closely track market developments.
7 unexpected ransomware costs
Indirect costs related to a ransomware attack can add up over time. These are the expenses and financial risks that CISOs should be aware of.
Top cybersecurity M&A deals for 2021
The cybersecurity market is hot, and vendors are buying competitors to solidify their position or acquiring other firms to expand their offerings.
From Our Advertisers
-
![HP Wolf Security]()
Featured Sponsor HP Wolf SecurityThe Need for Endpoint Security Rooted In Zero Trust -
![cyber security with man using a laptop picture id1136383351]()
Sponsored by FortinetKeeping Your Hybrid Workforce Secure with Cyber Hygiene Training -
![group working]()
Sponsored by CISThe 5 Ws for Building a Strong Cybersecurity Plan -
![network protection its more than a secops imperative copy 1200x800 1]()
Sponsored by NetscoutNetwork Protection: It’s More Than a SecOps Imperative
