Data security and privacy
Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.
Top Stories
-
Feature
19 Dec 2024
10 cybersecurity predictions for 2025
AI will still be a hot topic in 2025, but don't miss out on other trends, including initial access broker growth, the rise of vCISOs, tech rationalization and more. Continue Reading
By- Kyle Johnson, Technology Editor
-
Answer
19 Dec 2024
How bad is generative AI data leakage and how can you stop it?
Mismanaged training data, weak models, prompt injection attacks can all lead to data leakage in GenAI, with serious costs for companies. The good news? Risks can be mitigated. Continue Reading
By
-
Tip
20 Jun 2023
Implement zero trust to improve API security
Not all organizations have an API security strategy in place. Using zero trust in API security is one way to protect APIs and reduce their changes of being attacked. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
Definition
19 Jun 2023
PCI compliance
PCI compliance is adherence to the set of policies and procedures developed to protect credit, debit and cash card transactions and prevent the misuse of cardholders' personal information. Continue Reading
By- Nick Barney, Technology Writer
- Ben Cole, Executive Editor
-
News
16 Jun 2023
U.S. government agencies breached via MoveIt Transfer flaw
CISA Director Jen Easterly said 'several' U.S. agencies suffered intrusions via their MoveIt Transfer instances, but have not seen significant effects from the attacks. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
15 Jun 2023
Chinese nation-state actor behind Barracuda ESG attacks
Mandiant said the zero-day attacks on Barracuda Email Security Gateway appliances were part of a 'wide-ranging campaign in support of the People's Republic of China.' Continue Reading
By- Arielle Waldman, News Writer
-
News
14 Jun 2023
State governments among victims of MoveIT Transfer breach
The Clop ransomware gang, which claimed responsibility for multiple data breaches tied to the MoveIT Transfer flaw, said it would delete data stolen from government agencies. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
12 Jun 2023
MoveIT Transfer attacks highlight SQL injection risks
Security vendors say SQL injection flaws, like the zero-day vulnerability recently disclosed by Progress Software, can be challenging for companies to identify and resolve. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
09 Jun 2023
Pros and cons of blockchain for ERP
ERP's longevity reaches back to the 1960s, but thanks to blockchain, an old dog may well learn some new business tricks in this ever-changing and modernizing world of technology. Continue Reading
By- Christine Campbell, The Alpha Content Company
-
Podcast
08 Jun 2023
Risk & Repeat: Moveit Transfer flaw triggers data breaches
Several organizations, predominantly in the U.K., have confirmed data breaches that stemmed from exploitation of the critical Moveit Transfer zero-day vulnerability. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
08 Jun 2023
MoveIt Transfer flaw leads to wave of data breach disclosures
Organizations that have confirmed a data breach tied to the critical MoveIt flaw disclosed in May include the government of Nova Scotia, the BBC and HR software firm Zellis. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
08 Jun 2023
How to secure blockchain: 10 best practices
Blockchain has huge potential in the enterprise, but remember all emerging technologies come with their own risks. Consider these 10 best practices for securing blockchain. Continue Reading
By- Jessica Groopman, Kaleido Insights
-
News
07 Jun 2023
What generative AI's rise means for the cybersecurity industry
ChatGPT's moment in cybersecurity is significant for both technological and marketing reasons. Security analysts and experts have their own reasons why. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
07 Jun 2023
Top blockchain attacks, hacks and security issues explained
Blockchain is an attractive target for malicious actors. From blockchain-specific attacks to human vulnerabilities to lack of regulations, these are the top blockchain issues. Continue Reading
By- Jessica Groopman, Kaleido Insights
-
Definition
06 Jun 2023
digital ecosystem
A digital ecosystem is a group of interconnected information technology resources that can function as a unit. Continue Reading
By -
Tip
06 Jun 2023
9 benefits of cryptocurrency in business
Businesses adopting cryptocurrency can potentially improve their financial liquidity, attract new customers, ensure transaction transparency, reduce fraud and align with Web 3.0. Continue Reading
-
News
06 Jun 2023
Ransomware takes down multiple municipalities in May
City and local governments experienced severe disruptions to public services due to ransomware attacks in May, particularly from the Royal ransomware group. Continue Reading
By- Arielle Waldman, News Writer
-
News
06 Jun 2023
Verizon 2023 DBIR: Ransomware remains steady but complicated
Chris Novak, managing director of cybersecurity consulting at Verizon Business, said 2023 was a "retooling year" for ransomware threat actors adapted to improved defenses. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
05 Jun 2023
Attack surface reduction rules for Microsoft productivity apps
Attack surface reduction rules in Microsoft Defender for Endpoint help prevent apps from launching executable files and scripts, running suspicious scripts and more. Continue Reading
By- Kyle Johnson, Technology Editor
- Packt Publishing
-
News
01 Jun 2023
Zero-day vulnerability in MoveIt Transfer under attack
Rapid7 observed exploitation of a SQL injection vulnerability in Progress Software's managed file transfer product, which was disclosed this week but has not been patched. Continue Reading
By- Rob Wright, Senior News Director
-
Opinion
01 Jun 2023
6 ways Amazon Security Lake could boost security analytics
Amazon's new security-focused data lake holds promise -- including possibly changing the economics around secure data storage. Continue Reading
By- Jon Oltsik, Analyst Emeritus
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
Definition
30 May 2023
eavesdropping
Eavesdropping is the act of listening to, recording or intercepting private communications. Continue Reading
By- Robert Sheldon
- Gary Audin, Delphi Inc.
-
Podcast
25 May 2023
Risk & Repeat: A troubling trend of poor breach disclosures
This Risk & Repeat episode covers three data breach disclosures from Dish Network, Gentex Corporation and Clarke County Hospital and the troubling trends that connect all three. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
24 May 2023
Updated 'StopRansomware Guide' warns of shifting tactics
CISA's updates to the 'StopRansomware Guide' address shifts in the threat landscape as more threat actors skip the encryption step and focus on data theft and extortion. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
23 May 2023
How the 3-2-1-1-0 backup rule reflects modern needs
The 3-2-1-1-0 backup rule addresses modern data protection requirements, such as ransomware protection and cloud backup. Find out how it builds on the 3-2-1 rule in this tip. Continue Reading
By -
News
22 May 2023
Iowa hospital discloses breach following Royal ransomware leak
Clarke County Hospital revealed that it took network services offline after an attack in April, but did not address the reported data leak by the Royal ransomware gang. Continue Reading
By- Arielle Waldman, News Writer
-
News
19 May 2023
Dish 'received confirmation' ransomware gang deleted stolen data
A line in Dish Network's breach notification sent to affected employees this week suggested the satellite TV provider had paid a ransomware gang to delete stolen data. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
18 May 2023
Gentex confirms data breach by Dunghill ransomware actors
The Dunghill ransomware gang last month claimed responsibility for an attack against Gentex Corporation, which confirmed this week that it suffered a breach several months ago. Continue Reading
By- Arielle Waldman, News Writer
-
News
17 May 2023
KeePass vulnerability enables master password theft
KeePass developer Dominik Reichl said the vulnerability should be fixed in KeePass version 2.54, which is expected to release in July along with other security updates. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
16 May 2023
Chinese APT exploits TP-Link router firmware via implant
Check Point Software Technologies said the malicious implant, which it attributed to Chinese APT "Camaro Dragon," was firmware agnostic and could be used against other vendors. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Opinion
16 May 2023
Protect against current and future threats with encryption
Current and future cyber threats, such as ransomware, generative AI, quantum computing and an increase in surveillance, are driving the need to secure all data with encryption. Continue Reading
By- Jack Poller
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
12 May 2023
Bl00dy ransomware gang targets schools via PaperCut flaw
The Bl00dy ransomware gang is targeting schools via a critical remote code execution flaw present in unpatched instances of PaperCut MF and NG print management software. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
12 May 2023
Experts question San Bernardino's $1.1M ransom payment
While no public safety services were compromised in the ransomware attack on San Bernardino County's Sheriff's Department, the government opted to $1.1 million to threat actors. Continue Reading
By- Alexis Zacharakos, Student Co-op
-
News
10 May 2023
CISOs face mounting pressures, expectations post-pandemic
Proofpoint's 2023 Voice of the CISO report shows deep concern among executives about impending data loss and exposure from negligent -- and malicious -- employees. Continue Reading
By- Alexis Zacharakos, Student Co-op
-
News
10 May 2023
Dragos discloses blocked ransomware attack, extortion attempt
Dragos Inc. published a blog post that outlined a likely ransomware attack it stopped this week, though a threat actor obtained 'general use data' for new hires. Continue Reading
By- Arielle Waldman, News Writer
-
Podcast
09 May 2023
Risk & Repeat: Ex-Uber CSO Joe Sullivan sentenced
This podcast episode covers the sentencing of former Uber CSO Joe Sullivan over the 2016 breach cover-up, and what it means for other security executives and the industry at large. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
09 May 2023
5 major data backup trends to watch
As IT becomes more sophisticated, data backup grows to incorporate, and protect against, the latest advances. Find out which five data backup trends are top of mind for IT teams. Continue Reading
By -
News
08 May 2023
Intel BootGuard private keys leaked following MSI hack
Intel said it was "actively investigating" reports that OEM BootGuard keys were stolen and leaked by ransomware actors following a breach at motherboard maker MSI Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
08 May 2023
Western Digital confirms ransomware actors stole customer data
Western Digital issued an update late Friday that confirmed customer data was stolen in an attack for which Alphv ransomware actors claimed responsibility. Continue Reading
By- Arielle Waldman, News Writer
-
News
05 May 2023
Former Uber CSO Joe Sullivan avoids jail for breach cover-up
A U.S. district judge sentenced former Uber security chief Joe Sullivan to three years of probation and 200 hours of community service for his role in the 2016 breach cover-up. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
04 May 2023
Ransomware attack disrupts Dallas police, city services
The city said less than 200 government devices were compromised by the Royal ransomware attack, though it's unclear if threat actors exfiltrated sensitive data. Continue Reading
By- Alexis Zacharakos, Student Co-op
-
News
04 May 2023
Ransomware gangs display ruthless extortion tactics in April
Ransomware groups are pressuring enterprises into paying with harsher extortion tactics, contacting individual victims directly and leaking stolen photos and video footage. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
02 May 2023
Hash-based Message Authentication Code (HMAC)
Hash-based Message Authentication Code (HMAC) is a message encryption method that uses a cryptographic key in conjunction with a hash function. Continue Reading
By -
News
01 May 2023
1Password execs outline shift to passwordless authentication
1Password CEO Jeff Shiner and Anna Pobletts, head of passwordless, discuss the power of passkeys, the adoption challenges ahead, and the threat of generative AI attacks. Continue Reading
By- Arielle Waldman, News Writer
-
Feature
28 Apr 2023
It's time to harden AI and ML for cybersecurity
An RSA Conference panel said that now is the time to become proactive against AI and ML adversarial attacks -- before they become more sophisticated. Continue Reading
By- Kyle Johnson, Technology Editor
-
Definition
26 Apr 2023
TrickBot malware
TrickBot is sophisticated modular malware that started as a banking Trojan but has evolved to support many different types of attacks, including ransomware. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
News
20 Apr 2023
Fortra completes GoAnywhere MFT investigation
An investigation around the zero-day attack that affected a growing number of victims revealed that activity started earlier than Fortra initially reported. Continue Reading
By- Arielle Waldman, News Writer
-
News
20 Apr 2023
DC Health Link breach caused by misconfigured server
Mila Kofman, executive director of the District of Columbia Health Benefit Exchange Authority, blames "human error" for the DC Health Link breach. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
19 Apr 2023
Point32Health confirms service disruption due to ransomware
A ransomware attack interrupted access to services provided by one of New England's largest healthcare insurers, though the scope of affected customers and data remains unknown. Continue Reading
By- Arielle Waldman, News Writer
-
Guest Post
18 Apr 2023
Standardized data collection methods can help fight cybercrime
Implementing standards similar to NERC CIP for the entire cybersecurity industry could make it easier for law enforcement to investigate and prosecute cyber attackers. Continue Reading
By- Juan Vargas
-
News
18 Apr 2023
Mandiant: 63% of breaches were discovered externally in 2022
Mandiant said the 2022 increase is most likely affected by the threat intelligence firm proactively investigating threat activity targeting Ukraine last year. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
17 Apr 2023
11 cybersecurity tips for business travelers
Don't put your sensitive information at risk when you travel. Learn how to take a few extra precautions with these cybersecurity tips. Continue Reading
By- Amanda Hetler, Senior Editor
-
News
13 Apr 2023
Western Digital restores service; attack details remain unclear
While Western Digital confirmed that it suffered a data breach on March 26, the storage company has not offered details about the attack scope or whether ransomware was involved. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
13 Apr 2023
private CA (private PKI)
A private CA is an enterprise-specific certificate authority that functions like a publicly trusted CA. Continue Reading
By- Jason Soroko, Sectigo
-
News
12 Apr 2023
Cisco provides extra-secure Webex for U.S. government
Cisco will provide a higher-security cloud-based unified communications platform for U.S. national security and defense personnel to monitor classified data, starting in 2024. Continue Reading
By- Mary Reines, News Writer
-
Answer
12 Apr 2023
How to use a public key and private key in digital signatures
Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures to manage electronic documents. Continue Reading
By- Joel Dubin
- Katie Donegan, Social Media Manager
-
News
11 Apr 2023
FTX bankruptcy filing highlights security failures
Debtors claim that defunct cryptocurrency exchange FTX lacked any dedicated security personnel and failed to implement critical access controls for billions of dollars in assets. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
07 Apr 2023
5 ChatGPT security risks in the enterprise
Whether in the hands of cybercriminals or oblivious end users, ChatGPT introduces new security risks. Continue Reading
By- Alissa Irei, Senior Site Editor
- Ashwin Krishnan, StandOutin90Sec
-
News
06 Apr 2023
119 arrested in Genesis Market takedown
The FBI and Dutch National Police led the takedown of Genesis Market alongside more than a dozen partners, including the U.K., Italy, Spain and Romania. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
05 Apr 2023
post-quantum cryptography
Post-quantum cryptography, also known as quantum encryption, is the development of cryptographic systems for classical computers that can prevent attacks launched by quantum computers. Continue Reading
By- Rob Clyde, Isaca
- Alexander S. Gillis, Technical Writer and Editor
-
News
05 Apr 2023
42% of IT leaders told to maintain breach confidentiality
While transparency and prompt reporting are important steps following an attack, Bitdefender found that many IT professionals were told to maintain confidentiality after a breach. Continue Reading
By- Arielle Waldman, News Writer
-
News
04 Apr 2023
March ransomware disclosures spike behind Clop attacks
The Clop ransomware gang claimed responsibility for several disclosed ransomware attacks on major enterprises, which stemmed from a zero-day flaw in Fortra's GoAnywhere software. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
30 Mar 2023
Use backup encryption to protect data from would-be thieves
Encryption is a powerful tool to keep sensitive data out of the wrong hands. To ensure recoverability after a disruption, data backup encryption is vital. Continue Reading
By -
Definition
30 Mar 2023
CSR (Certificate Signing Request)
A Certificate Signing Request (CSR) is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA). Continue Reading
By- Sharon Shea, Executive Editor
-
Tip
29 Mar 2023
Vulnerability management vs. risk management, compared
Vulnerability management seeks out security weaknesses in an organization, while risk management involves looking holistically at how the company is running. Continue Reading
By- Ravi Das, ML Tech Inc.
-
News
28 Mar 2023
Microsoft launches AI-powered Security Copilot
Microsoft Security Copilot is an AI assistant for infosec professionals that combines OpenAI's GPT-4 technology with the software giant's own cybersecurity-trained model. Continue Reading
By- Rob Wright, Senior News Director
-
Definition
24 Mar 2023
three-factor authentication (3FA)
Three-factor authentication (3FA) is the use of identity-confirming credentials from three separate categories of authentication factors -- typically, the knowledge, possession and inherence categories. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
News
23 Mar 2023
More victims emerge from Fortra GoAnywhere zero-day attacks
Threat actors began exploiting a zero-day vulnerability in Fortra's GoAnywhere file sharing software in late January, victimizing several large enterprises. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
23 Mar 2023
forensic image
A forensic image (forensic copy) is a bit-by-bit, sector-by-sector direct copy of a physical storage device, including all files, folders and unallocated, free and slack space. Continue Reading
By -
Podcast
22 Mar 2023
BreachForums taken down after arrest of alleged owner
This Risk & Repeat podcast episode covers the arrest of BreachForums' alleged owner and the site's subsequent closure, as well as possible connections to the DC Health Link breach. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
22 Mar 2023
Cyber insurance carriers expanding role in incident response
While cyber insurance has its benefits, infosec professionals expressed concern that carriers have too much influence over incident response decisions, especially with ransomware. Continue Reading
By- Arielle Waldman, News Writer
-
News
20 Mar 2023
FBI arrests suspected BreachForums owner in New York
The BreachForums arrest occurred days after DC Health Link's data went up for sale on the dark web message board, though the affidavit did not cite the breach in the arrest. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
16 Mar 2023
How to approach data loss prevention in virtual servers
As security risks evolve, organizations are turning to data loss prevention tools and methods to combat external and internal risks. Learn how to get started with DLP. Continue Reading
By- Brian Kirsch, Milwaukee Area Technical College
-
News
15 Mar 2023
Secureworks IR team saw BEC attacks double in 2022
Vendor and incident response firm Secureworks referred to business email compromise, or BEC attacks, as 'the largest monetary threat to organizations.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
15 Mar 2023
quantum supremacy
Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classical computers by performing calculations previously impossible at unmatched speeds. Continue Reading
By -
News
15 Mar 2023
Rubrik discloses data breach, blames Fortra zero-day
The cybersecurity vendor said it is investigating a data breach after attackers exploited a zero-day vulnerability in Fortra's GoAnywhere managed file transfer software. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
15 Mar 2023
antivirus software (antivirus program)
Antivirus software (antivirus program) is a security program designed to prevent, detect, search and remove viruses and other types of malware from computers, networks and other devices. Continue Reading
By- Kinza Yasar, Technical Writer
- Linda Rosencrance
-
Podcast
15 Mar 2023
Hacker claims exposed database led to DC Health Link breach
This Risk & Repeat podcast episode covers the breach of health insurance exchange DC Health Link, as well as a hacker's claim that the breach was caused by an exposed database. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
14 Mar 2023
information security (infosec)
Information security (infosec) is a set of policies, procedures and principles for safeguarding digital data and other kinds of information. Continue Reading
By- Kinza Yasar, Technical Writer
- Gavin Wright
- Taina Teravainen
-
News
13 Mar 2023
DC Health Link confirms breach, but questions remain
While DC Health Link confirmed the breach, it is unknown how threat actors obtained the personal health data of more than 56,000 customers, including members of Congress. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
09 Mar 2023
Is ransomware declining? Not so fast, experts say
While some 2022 ransomware statistics indicate a possible 'decline' in activity, threat researchers warn there's more to the picture than the numbers suggest. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
02 Mar 2023
New National Cybersecurity Strategy takes aim at ransomware
The Biden-Harris administration's 39-page National Cybersecurity Strategy covers multiple areas, including disrupting ransomware operations and addressing vulnerable software. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
02 Mar 2023
Ransomware attacks ravaged big names in February
While ransomware incidents appear to be decreasing, several high-profile organizations, including Dole, Dish Network and the U.S. Marshals Service, suffered notable attacks. Continue Reading
By- Arielle Waldman, News Writer
-
Opinion
02 Mar 2023
Accurately assessing the success of zero-trust initiatives
Zero-trust preparation can be difficult. Measuring how well the model provides security and business benefits after implementation is even more difficult. Continue Reading
By- John Grady, Principal Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
28 Feb 2023
LastPass breach tied to hack of engineer's home computer
LastPass said a threat actor hacked an employee's home computer to access a corporate password vault and steal decryption keys for its product backups and cloud storage resources. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
28 Feb 2023
Bitdefender releases decryptor for MortalKombat ransomware
MortalKombat ransomware was first spotted in January, but Bitdefender has already cracked the new variant and released a free decryptor to help victims recover data. Continue Reading
By- Rob Wright, Senior News Director
-
News
28 Feb 2023
U.S. Marshals Service suffers ransomware attack, data breach
Ransomware actors breached the U.S. Marshals Service earlier this month and stole sensitive information pertaining to agency investigations, though many questions remain. Continue Reading
By- Arielle Waldman, News Writer
-
News
28 Feb 2023
CrowdStrike: Threat actors shifting away from ransomware
CrowdStrike's '2023 Global Threat Report' showed a 20% increase in the number of threat actors using data theft and extortion tactics without deploying actual ransomware. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
22 Feb 2023
IBM: Ransomware defenders showing signs of improvement
According to IBM X-Force's Threat Intelligence Index report, a smaller percentage of threat actors executed a ransomware attack after gaining access in 2022 than in 2021. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
21 Feb 2023
GoDaddy's response to 'multi-year' breach criticized
GoDaddy took nearly three months to disclose that attackers breached the company in a multi-year campaign, and customers are still in the dark about the details of the attack. Continue Reading
By- Arielle Waldman, News Writer
-
News
16 Feb 2023
Google: Russia continues to set cyber sights on NATO nations
A new report from Google's Threat Analysis Group shed light on Russia's efforts to conduct malicious cyber campaigns not only against Ukraine but also NATO nations too. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
16 Feb 2023
E-Sign Act (Electronic Signatures in Global and National Commerce Act)
The E-Sign Act (Electronic Signatures in Global and National Commerce Act) is a U.S. federal law that specifies that, in the United States, the use of an electronic signature (e-signature) is as legally valid as a traditional signature written in ink on paper. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
News
16 Feb 2023
Ransomware actors increasingly weaponizing old vulnerabilities
A new report from Cyber Security Works shows that 76% of all ransomware-associated vulnerabilities tracked in 2022 were old flaws initially discovered between 2010 and 2019. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
16 Feb 2023
No relief in sight for ransomware attacks on hospitals
Despite being off limits for some hackers, hospitals continue to be lucrative targets for ransomware groups because of their valuable data and higher rate of paying ransoms. Continue Reading
By- Alexis Zacharakos, Student Co-op
-
Podcast
15 Feb 2023
ESXiArgs attack vector unclear as infections continue
This Risk & Repeat podcast episode discusses the recent developments involving ESXiArgs, the ransomware variant that has been infecting vulnerable VMware ESXi servers this month. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
14 Feb 2023
Veeam launches Data Platform, ransomware warranty
Veeam Data Platform features Backup & Replication v12 and other management capabilities. In addition, Object First released its appliance focused on storage for Veeam users. Continue Reading
By- Paul Crocetti, Executive Editor
-
News
14 Feb 2023
Dragos: ICS/OT ransomware attacks up 87%
Ransomware attacks against industrial organizations remains a growing problem, according to ICS/OT vendor Dragos' new 'Year in Review 2022' report. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
10 Feb 2023
New ESXi ransomware strain spreads, foils decryption tools
Since the onset of the widespread attacks last week, the ESXiArgs ransomware strain appears to have undergone updates that make it harder for enterprises to recover data. Continue Reading
By- Arielle Waldman, News Writer
-
News
09 Feb 2023
Thousands of victims apparently hit by ESXiArgs ransomware
A joint security advisory from CISA and the FBI said the ESXiArgs ransomware campaign has claimed over 3,800 servers globally since attacks first emerged last week. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
08 Feb 2023
CISA battles ESXiArgs ransomware campaign with recovery tool
The U.S. Cybersecurity and Infrastructure Security Agency published a decryptor script intended to assist VMware customers affected by ESXiArgs ransomware. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
08 Feb 2023
reverse brute-force attack
A reverse brute-force attack is a type of brute-force attack in which an attacker uses a common password against multiple usernames in an attempt to gain access to a network. Continue Reading
By- Alexander S. Gillis, Technical Writer and Editor
-
Definition
08 Feb 2023
SOC 3 (System and Organization Controls 3)
A System and Organization Controls 3 (SOC 3) report outlines information related to a service organization's internal controls for security, availability, processing integrity, confidentiality and privacy. Continue Reading
By- Nick Barney, Technology Writer