The recent supply chain attack, in which a backdoor was introduced by bad actors into the widely deployed SolarWinds platform, has revealed several dimensions of cybersecurity that were lacking in organizations across the globe.
By Dick Bussiere, Technical Director, APAC,...
Ransomware attacks are not a common security incident anymore. Several countries are severely concerned about the rising sophistication of ransomware attacks. Some governments even announced ransomware attacks as a national threat, giving utmost attention to mitigate them. With a...
The Colorado State Senate approved the "Colorado Privacy Act" on June 8, becoming only the third state after California and Virginia to have a comprehensive data privacy law. The Senate Bill/Act 190 has now been sent to Governor Jared...
Virtual Private Network (VPN) applications that are meant to secure user privacy online are becoming an entry point for intrusions. Threat actors often exploit unpatched vulnerabilities in VPN devices. Recently, South Korea's state-run Korea Atomic Energy Research Institute (KAERI)...
The security community strives to mitigate zero-day attacks. Timely vulnerability disclosure and incident response/handling is the way to do this. But that depends on the relationship and communication between the security researcher and the product vendor/developer. The industry established...
Any organization’s vulnerability management program must be a cornerstone of its cybersecurity initiative. Security vulnerabilities, if left unidentified and/or unaddressed, can bring the business down like a house of cards. As your organization adopts emerging innovation and technology, it...
Recently, the U.S. Centers for Disease Control and Prevention (CDC) gave a green signal to Carnival Cruise Line to commence operations on the condition of meeting health safety protocols for its passengers. This came as a pleasant respite to...
Despite several notices and awareness programs, most organizations are still paying ransom for data decryption post a ransomware attack. Earlier, the FBI warned companies to avoid ransom payments as it encourages others to follow suit. Recently, the U.S. Department...
Unsecured databases are potential cyberthreats for organizations. Perpetrators often look for unprotected/misconfigured servers to infiltrate and compromise sensitive corporate data. A recent security research by Comparitech, led by cybersecurity researcher Bob Diachenko, revealed that cybercriminals attacked an unsecured ElasticSearch...
Cyberespionage campaigns by Chinese state-sponsored actors disrupted operations of several organizations globally. After targeting Indian organizations in the power sector earlier this year (RedEcho), the Chinese state actors are now targeting multiple sectors bordering China’s Western Theatre Command notably...
