DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Gone are the days where technological solutions were “nice to have” options to provide us with better access to resources and improved process efficiencies. Nowadays, technological solutions – and specifically those that...more
The consequences of a cyberattack can be catastrophic, as we saw in the previous blog of this series. Cybersecurity is a business-wide responsibility that demands a proactive strategy extending far beyond technical solutions...more
CYBERSECURITY - Patch, Patch, Patch: Updates for Fortinet, Microsoft, and Adobe Products - Patching vulnerabilities is a difficult task. Keeping up with and patching them without disrupting users’ experience is tricky....more
CYBERSECURITY - HC3 Warns Healthcare Organizations about Akira Ransomware Group - The Health Sector Cybersecurity Coordination Center (HC3) recently warned the health care sector about the Akira ransomware group that...more
CYBERSECURITY CISOs: New Report Outlines Risks of LLMs - I hang out with a lot of Chief Information Security Officers (CISOs), so this piece is for them. Of course, it will be of interest to all security professionals...more
CYBERSECURITY - Mozilla Releases Security Updates for Thunderbird and Firefox - Mozilla recently released security updates to address known vulnerabilities in their Thunderbird and Firefox products. The Cybersecurity &...more
With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more
CYBERSECURITY - Patch Adobe ColdFusion Vulnerabilities Being Exploited in the Wild ASAP - Adobe has issued alerts on three vulnerabilities affecting its ColdFusion product. The first alert, issued on July 11, 2023,...more
According to cybersecurity researchers at Bishop Fox, “hundreds of thousands” of FortiGate firewalls have not been patched against a known vulnerability and are at risk of being attacked by threat actors using the unpatched...more
Cybersecurity is a top concern for all industries, particularly for the pharmaceutical and medical device industries. These industries hold some of the most sensitive data and highly valuable technology, making them prime...more
In the recent case Construction Industry Laborers Pension Fund on behalf of SolarWinds Corporation, et. al v. Mike Bingle, et al. (2022), the Delaware Chancery Court considered whether the directors of SolarWinds Corporation,...more
CYBERSECURITY FBI, CISA + MS-ISAC Warn of LockBit 3.0 Ransomware The FBI, CISA and the Multi-State Information Sharing and Analysis Center (MSISAC) recently released a joint cybersecurity advisory, warning organizations about...more
CYBERSECURITY - World Economic Forum’s Global Cybersecurity Outlook for 2023 Is Bleak - Sorry to be the bearer of bad news but remember that I am only the messenger. According to the World Economic Forum’s Global...more
Sorry to be the bearer of bad news but remember that I am only the messenger. According to the World Economic Forum’s Global Cybersecurity Outlook 23 Insight Report (published in collaboration with Accenture), although...more
Microsoft recently issued mitigation steps for vulnerabilities that are being actively exploited by threat actors. Microsoft stated that it is aware that two vulnerabilities are being actively exploited to access users’...more
Ransomware/Malware Activity - Twitter Confirms Data Breach Affecting 5.4 Million Account Profiles - On August 5, 2022, Twitter confirmed it has suffered a data breach after receiving a report of a vulnerability through...more
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint advisory this week alerting organizations of destructive malware that is being used to target organizations in Ukraine, with the ongoing...more
CYBERSECURITY - ECRI Names Cybersecurity Attacks as Top Health Technology Hazard for 2022 - ECRI has been publishing its annual report of health technology hazards for the past 15 years. According to ECRI’s Device...more
Passwords are so difficult to remember. We all know we shouldn’t use the same or similar passwords across platforms. Stolen password credentials are dumped on the dark web and criminals use the stolen passwords to steal other...more
FTC Announces Regulatory Priorities for 2022 - On December 10, 2021, the Federal Trade Commission (“FTC”) published its Statement of Regulatory Priorities (“Announcement”) for 2022. The FTC’s priorities for the coming year...more
CYBERSECURITY - Update on Apache log4j and Kronos Security Incidents - It was a crazy weekend for cyber-attacks. People seem surprised, but those of us in the industry aren’t surprised one bit. It is very logical and...more
On December 9th, 2021, a critical zero-day vulnerability, which has the potential of providing threat actors access to millions of computers worldwide, was discovered. Due to the critical nature of this vulnerability, and the...more
It was a crazy weekend for cyberattacks. People seem surprised, but those of us in the industry aren’t surprised one bit. It is very logical and foreseeable that hackers are leveraging attacks that have maximum disruption on...more
A widely reported flaw in popular software known as Log4j poses a severe cybersecurity threat to organizations around the globe, with hundreds of millions of devices at risk. Over the past week, government agencies,...more
CYBERSECURITY - FBI Warning: M&A Activity Targeted by Ransomware Groups - The FBI issued a Private Industry Notification on November 2, 2021, warning companies that “ransomware actors are very likely using significant...more