Security News

In this Help Net Security video, James Edgar, CISO at Corpay, reveals insights into cybersecurity health, concerns, challenges, and other considerations for building a solid defense program. Key...

During the second quarter, new ransomware groups, including PLAY, Medusa, RansomHub, INC Ransom, BlackSuit, and some additional lesser-known factions, led a series of attacks that eclipsed the...

A new report has found that Australia's available pool of cybersecurity skills is smaller than realised. The report, Australia's Cybersecurity and Technical Skills Gap, an analysis by security provider StickmanCyber and based on an analysis of ABS census and labour force data, revealed a shortage of 10,000 technical roles throughout the country.

Thousands of typosquatting domains are now registered to exploit the desperation of IT admins still struggling to recover from last week's CrowdStrike outage, researchers say. The incident wasn't isolated and CrowdStrike was forced to issue a public memo on the same day warning against opportunistic cybercriminals exploiting the situation.

Interview The ransomware gang responsible for the current healthcare crisis at London hospitals says it has no regrets about the attack, which was entirely deliberate, it told The Register in an interview. SOCRadar said last week how Qilin is known for targeting the healthcare and education sectors not because of politics but because of the reliance they have on uptime and the sensitivity of the data they hold.

Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings' 2024 Global Threat Intelligence Report. After a down year in 2022, ransomware and extortion incidents increased in 2023.

Primary school systems handle sensitive data concerning minors, while higher education institutions must safeguard intellectual property data, making them prime targets for cyberattacks, according to Trustwave. Strong cybersecurity measures protect student data and enable teachers to do their jobs effectively without fear of disruptions or data breaches.

CISOs have clear communications role during cyber security incidents. "In the event of a major cyber security incident, the CISO should be prepared to step into a crisis management role. They should understand how to bring clarity to the situation and communicate effectively with internal and external stakeholders," according to the ASD. More Australia coverage How IT and security leaders should prepare to manage crisis communications.

Identity-related threats pose an increasing risk to those protecting networks because attackers - ranging from financially motivated crime gangs and nation-state backed crews - increasingly prefer to log in using stolen credentials instead of exploiting vulnerabilities or social engineering. In two separate reports published on Wednesday, IBM X-Force and security biz CrowdStrike found a huge surge in cyber attacks using valid credentials and other techniques spoofing legitimate users.

The Romanian national cybersecurity agency has pinned the outbreak of ransomware cases across the country's hospitals to an incident at a service provider. All hospitals caught up in the ransomware scourge are thought to have been breached via the HIS. Per legal reporting obligations in Romania, service providers must inform the DNSC and national CSIRT of incidents that significantly impact the continuity of essential services.