The European Union's latest regulatory framework targeting the financial sector, called the Digital Operational Resilience Act, went into effect today, aiming to strengthen the cyber resilience of financial firms - such as banks, insurers and investment firms - and avoid disruptive IT outages.
Fortinet has released patches to fix a zero-day vulnerability being actively exploited by attackers. Separately, researchers are warning customers to review their infrastructure after attackers leaked configuration details - including firewall rules and plaintext VPN passwords - for 15,000 devices.
Faced with this onslaught of smart, connected medical equipment, many healthcare providers are looking for device cybersecurity strategies and ways to help make these products more secure. Experts say it requires ongoing commitment to device security - something many providers haven't yet done.
The European Union's most comprehensive digital and cyber risk regulations for the banking industry are set to come into force on Jan. 17, but only about 20% of EU financial services firms are ready to comply. Experts discuss implementation challenges and offer advice for non-compliant FIs.
Researchers are warning Microsoft Windows as well as many Linux distribution users to install updates that revoke permissions for a vulnerable driver that attackers can use to target most systems, allowing them to bypass UEFI Secure Boot and install a bootkit to take full control of a system.
A medical supply firm will pay $3 million to settle issues found by a HIPAA investigation into a breach. Also, a public health system will pay $60,000 to resolve a right-of-access dispute. The cases are among the latest in a spate of HIPAA enforcement actions as the Biden administration wraps up.
Navigate the complexity of modern cybersecurity with insights from Marty McDonald (Optiv) and Rob Rachwald (Palo Alto Networks). Learn how unifying platforms can drive advanced detection and response in next-gen SecOps.
Some key takeaways from this session include:
Streamlined Integration: Address...
The U.S. federal government is telling the automotive industry to stop buying Chinese-manufactured hardware and software powering onboard telematics and automated driving systems, warning that the potential for nation-state hacking and espionage poses a national security risk.
Apple patched a vulnerability that allows hackers to bypass a key security feature in macOS through third-party kernel extensions. Microsoft researchers uncovered the flaw tracked as CVE-2024-44243. The flaw could enable hackers to install rootkits and create malware with privileged access.
Six months after a ransomware attack temporarily crippled its blood donation and distribution activities, Florida-based nonprofit OneBlood is reporting a data breach to regulators that affected donors' personal information. Why is the incident reawakening healthcare supply chain concerns?
Many organizations are looking to artificial intelligence agents to autonomously perform tasks that surpass traditional automation. Tech firms are rolling out agentic AI tools that can handle customer-facing interactions, IT operations and a variety of other processes without human intervention, but experts are...
Many important efforts by the Cybersecurity Infrastructure and Security Agency to help the healthcare sector and other critical infrastructure sectors bolster their cybersecurity are likely to continue under the incoming Trump administration, predicted CISA Deputy Director Nitin Natarajan.
By acquiring Cado Security, Darktrace strengthens its ability to secure multi-cloud environments. The transaction brings together Cado's forensic capabilities with Darktrace's AI analytics to deliver comprehensive threat detection and response to organizations in regulated industries.
With its acquisition of ActZero, WatchGuard gains advanced machine learning capabilities and expertise to improve its MDR service. ActZero's mature processes and open platform enable seamless integration of WatchGuard products as well as third-party tools like Microsoft Defender.
VPN appliance maker Ivanti has begun releasing updates to patch a zero-day vulnerability being actively exploited by suspected nation-state attackers. Experts are warning users to immediately update their devices, after factory resetting them, to flush any malware attackers may have installed.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
