In the latest "Proof of Concept," DXC Technology IT CISO and CyberEdBoard member Mike Baker and Chris Hughes, co-founder and CISO of Aquia, join ISMG editors to discuss benefits, challenges and misconceptions of adopting open-source software in modern code bases - plus best practices for securing them.
A cyberattack on a shared IT services organization is forcing five member hospitals in Ontario to cancel or reschedule patient appointments and steer nonemergency patients to other facilities. Attacks against third-party vendors are rising, and many regional hospitals are unprepared.
Federal regulators issued new guidance materials for HIPAA-regulated entities, including a document stressing the importance of sanction policies for workforce members who violate HIPAA, plus two new resources for healthcare providers and patients regarding telehealth privacy and security risks.
ISMG recently concluded its Virtual Cybersecurity Summit: Africa, where cybersecurity leaders from across the globe came together to explore diverse security trends and challenges in the region, including the need for a collaborative defense strategy to counteract the changing threat landscape.
Threat actors are exploiting another zero-day flaw in Cisco's IOS XE software to implant a malicious backdoor. The IOS XE operating system runs on a wide range of Cisco networking devices, including routers, switches, wireless controllers, access points and more.
Attorneys general across 33 states have reached settlements for three health data breaches that affected nearly 2 million people, including a $1.4 million settlement for a clearinghouse that left patient data exposed for three years. The AGs accused the firms of violating state laws and HIPAA rules.
Cisco issued an urgent warning Monday about a critical vulnerability in one of its modular operating system's web interfaces that is designed for routers, switches and other appliances. Hackers exploited the IOS XE software UI to gain admin rights that give them full control of compromised devices.
Cloud compromises and supply chain attacks are overshadowing ransomware as the top cyberthreats worrying healthcare sector organizations - but all such incidents are still viewed as significant risks to patient outcomes and safety, said Ryan Witt of Proofpoint, citing new research findings.
Maintainers of the widely used open-source command-line tool cURL and libcurl library that supports key network protocols said two upcoming vulnerabilities are set to be disclosed this week. One flaw is probably "the worst curl security flaw in a long time," said curl founder Daniel Stenberg.
Hackers have weaponized a zero-day in a popular workspace collaboration tool to create administrator accounts and gain unrestricted access to their on-premises instances of the software, Atlassian's Confluence Data Center and Server products, which serves millions of daily active users.
Large enterprises, including government and educational organizations, are being warned to immediately update their WS_FTP Server, built by Progress Software, to fix serious flaws being actively exploited by attackers. Secure file transfer software remains a top target, especially for extortionists.
Detecting, prioritizing and remediating open source software supply chain vulnerabilities can be challenging. CISOs can build robust strategies by having near real-time visibility of all their hybrid assets and performing remediation engineering at scale, said Qualys' Debashish Jyotiprakash.
Growing reliance on both AI and generative AI is posing new challenges to CISOs. For example, CISOs have limited visibility into how certain large language models were packaged, making it difficult for them to spot security and privacy risks, said Chandan Pani, CISO at LTIMindtree.
The Clop ransomware group's zero-day attack on MOVEit software was its fourth data theft campaign targeting secure file transfer users. Organizations can combat such attacks by using data minimization and encryption - among other defenses, says Teresa Walsh, global head of intelligence for FS-ISAC.
A federal judge has given the green light for attorneys to proceed with a consolidated class action lawsuit against Meta that accuses the social media giant of intercepting sensitive health information with its Pixel tracking tools used in numerous healthcare websites and patient portals.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.in, you agree to our use of cookies.