The alert provides detailed information on Russian government and state-sponsored cyber criminal groups as well as guidance for reducing risk.
Stories by Christopher Burgess
MITRE Engenuity and major business partners have developed an knowledge base of malicious insiders' tactics, techniques and procedures.
The destructive attacks follow a US government warning for a "heightened state of awareness" and to follow state-sponsored threat mitigation advice.
Pfizer, Ubiquiti and Code42 all faced real or potential insider threats that could have been a lot worse if they did not have a plan to deal with them.
All encrypted data will eventually become vulnerable to quantum computing along with the secrets they hold.
Investigators claim Ubiquiti employee Nikolas Sharp stole company data and then played the role of whistleblower to draw attention away from is actions.
PIPL's data localisation mandate places unique requirements on businesses operating in China, and regulators have great leeway to assess fines.
Attackers broke into the Twitch house and cleaned out everything. Following least-privilege access principles will help others avoid that scenario.
Device / machine identity, especially in association with robotic process automation, can be a conduit for intentional and unintentional insider breaches.
The ransomware keys might have been acquired by an ally, which would invoke the third-party doctrine where the decision to release was not the FBI's alone.
With internet blocks and high-profile arrests, Russia shows it can crack down on cybercrime when properly motivated.
Nearly every employee leaving a company takes data or intellectual property, but few companies adequately screen and monitor for it. Recent court cases underscore the risk.
Although the company informed its OEM customers of the vulnerability, users of IoT devices running its QNX OS were potentially kept in the dark.
Employee use of unauthorised apps have resulted in high-profile data losses. CISOs need to understand why shadow IT exists before addressing it.
Cybersecurity and Infrastructure Security Agency alert details past network compromises and exposes a lack of preparedness among ICS companies.
With hybrid work becoming the new normal, the game has changed for high-power computing and where it happens.