A review of internet of things manufacturers by Copper Horse shows that European companies fared the worst in having vulnerability disclosure policies. The European Commission has proposed legislation known as the Cyber Resilience Act that would make vulnerability disclosure policies mandatory.
The increased physical connectivity of digital assets has expanded the attack surface and added complexity for engineers in industrial environments, says Dragos CEO Robert Lee. More industrial automation and new systems have made it tougher for plant operators to conduct root cause analysis.
Microsoft blamed an internal network configuration change for outages that disrupted access to Microsoft 365 services, including Microsoft Teams and Outlook, for users around the world. The change has been rolled back and additional infrastructure added to speed restoration, it says.
The European Parliament's Pegasus spyware committee heard draft recommendations calling for a ban on the commercial buying and selling of zero-day exploits and for an immediate moratorium on the sale and use of advanced spyware. The committee expects to finalize the recommendations this spring.
Forescout will have its fourth CEO since September 2020. It tapped former Malwarebytes COO and MobileIron CEO Barry Mainz to take over as its top leader. The company brought in Mainz to replace Wael Mohamed, who started as Forescout's CEO in March 2021 and announced his departure in October 2022.
How does a CISO map his goals to the security investments made by a company long before he came onboard? How can you balance the short-term and long-terms goals at a new organization? Aditya Vardhan, CISO of Jindal Power & Steel, shares his insights on ensuring a smooth transition.
Android malware highlighted by Dutch cybersecurity firm ThreatFabric shows the line between a banking Trojan and advanced spyware. The Trojan, dubbed Hook, can take a screenshot, simulate clicks and input swipe gesture commands. It can also take control of WhatsApp.
Legislation requiring vendors to design cybersecurity into their medical devices is a great first step to help healthcare entities, but organizations will still face major risks involving legacy medical gear for many years to come, says Daniel dos Santos, research leader at security firm Forescout.
Sophos will execute the second-largest round of layoffs of any security company in the current economic downturn, axing 450 workers amid a shift to MDR services. Sophos plans to reduce its staff by 10% in a move to balance growth and profitability in a challenging and uncertain economic environment.
Cybereason has gone all-in on helping customers mitigate threats beyond the endpoint to minimize the impact of ongoing SOC staffing challenges, CEO Lior Div says. The company's focus on tracking and following malicious operations sets Cybereason's approach to XDR apart from rivals.
A high-severity vulnerability patched by Google Chrome a few months ago allowed hackers to steal sensitive files such as crypto wallets. Hackers increasingly are targeting individuals and organizations that hold cryptocurrencies, writes Imperva security researcher Ron Masas, who discovered the flaw.
Microsoft fixed an actively exploited zero-day vulnerability in 2023's first Patch Tuesday dump. The Redmond giant also issued fixes for 98 other vulnerabilities, including 11 classified as critical and 87 as important. The zero-day vulnerability could be used as part of a ransomware attack.
Industrial control vendors such as Honeywell are increasingly adopting Nozomi Networks within their security portfolio, says CEO Edgard Capdevielle. Firms such as Siemens can actually run Nozomi's products inside their platform, while others have incorporated its tool into a managed service bundle.