Kyle Flaherty has worked with a range of companies, changing the worlds of big data, IoT, BYOD, SaaS, open-source software, network security, fraud detection, data analytics, marketing automation and network management. He weighs in on brands and how metrics feed different audiences.
The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.
Cybercrime gang FIN7 is impersonating the U.S. Department of Health and Human Services and Amazon to trick enterprises in the U.S. into using a malicious flash drive, according to the FBI. The threat actor targeted undisclosed companies in the transportation, defense and insurance sectors.
Where are security practitioners in their zero trust journeys, and what approach to zero trust have they taken? Three experts - Netskope's David Fairman, Exceture's Mario Demarillas, and Petronas' Soumo Mukherjee - share their thoughts in a panel discussion.
Morgan Stanley agreed to a $60 million settlement to resolve a class action lawsuit claiming the banking giant violated security compliance laws and provided negligent oversight when a third party did not properly decommission legacy IT systems in 2016 and 2019.
Mobile carrier T-Mobile fell victim to another data breach, this time linked to a SIM swap attack that affected "a very small number" of its 105 million customers. Details remain scarce, but T-Mobile says it has enacted proper incident response protocols to limit the number of people affected.
ISMG's global editorial team reflects on the top cybersecurity news and analysis from 2021 and looks ahead to the trends already shaping 2022. From ransomware to Log4j, here is a compilation of major news events, impacts and discussions with leading cybersecurity experts on what to expect in the new year.
The findings from a penetration test can help you identify risks and gaps in your security controls. Charles Gillman offers tips to maximize the value of your next pen test and, in the process, deliver better results.
A report analyzing the Conti ransomware attack on Ireland's Health Services Executive in May provides insights into factors that played into the attack's impact and offers a list of recommendations on how HSE, as well as other organizations, can be better prepared for such incidents.
A new ongoing malware campaign is currently being distributed in the wild targeting TP-link wireless routers, leveraging a post-authenticated remote command execution, or RCE, vulnerability, according to FortiGuard Labs researchers.
Since Emotet malware returned last month, it's been dropping the Cobalt Strike penetration-testing tool directly onto infected endpoints shortly after infection, researchers say. The move could be a bid to more rapidly identify high-value systems for targeting with ransomware, some experts warn.
Many ransomware-wielding attackers continue to rely on initial access brokers to easily gain deep access to victims' systems, allowing them to steal data and attempt to pressure victims into paying via data leak sites. Researchers say that the number of victims being listed on such sites has surged.
A new variant of the Aberebot banking Trojan has been discovered by Cyble's researchers. Christened Aberebot-2.0, the latest malware version not only uses more advanced spying capabilities, it also has increased its target list to 213 banking apps and nine crypto wallets in 22 countries.
A recently discovered botnet is infecting thousands of AT&T internet subscribers in the U.S., using a critical-severity blind command injection flaw first reported in 2017, according to new findings from China-based cybersecurity researchers.