The Latest
-
LeoPatrizi via Getty Images
5 steps organizations can take to counter IAM threats
Many organizations lean on identity and access management tools to perform credential management and authentication. But these systems aren’t foolproof.
-
Permission granted by Office of the National Cyber Director
US looks to reimagine cybersecurity paradigm with burden shift, rebuilt infrastructure
Security needs to be baked into the technology Americans use every day and not bolted onto aging systems, said Kemba Walden, acting national cyber director.
-
Drew Angerer via Getty Images
Threat intelligence isn’t for everyone, Google says
Most security professionals don’t have the time to read a 10-page threat intelligence report, let alone put those insights into action.
-
Anna Moneymaker via Getty Images
FTC opens inquiry into cloud market competition, security
As consolidation among hyperscalers grows, federal authorities are raising concerns over cloud dependence in critical sectors.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA revises cybersecurity performance goals
After months of feedback from stakeholders, the agency made changes to better align with the NIST framework and update language on MFA.
-
Andrii Yalanskyi via Getty Images
Ill-prepared against cyberattacks? You’re not alone, Cisco says
The cybersecurity readiness gap looms large, and smaller organizations were ranked the least prepared.
-
Just_Super/Getty Images via Getty Images
Ransomware gangs incite fear in victims to fuel attacks
Attacks involving data theft nearly doubled and harassment spiked 20 times by late 2022, Palo Alto Networks Unit 42 said.
-
Techa Tungateja via Getty Images
Outlook zero-day still vulnerable to attackers with prior access, researchers find
Days after Microsoft issued a patch, researchers demonstrated that threat actors could still bypass the mitigation steps from within a network.
-
Just_Super via Getty Images
Zero-days fell by one-third in 2022, Mandiant says
Zero-day vulnerabilities in security, IT and network management products, which are consistently connected to the internet, claimed nearly 1 in 5 exploits.
-
gorodenkoff via Getty Images
Security drives software purchases for half of US companies
The study from Capterra comes weeks after the U.S. rolled out plans to shift liability for weak product security onto the tech industry.
-
Viorika via Getty Images
Global cybersecurity spending to top $219B this year: IDC
Persistent cyberattack threats, increased regulations and the demands of hybrid work are driving sustained growth.
-
Brendan Smialowski / Stringer via Getty Images
SEC proposes cybersecurity disclosure rules for financial industry specialists
The changes would require broker-dealers and other entities to adopt written plans to minimize risk and promptly disclose major incidents.
-
Permission granted by Google
Google Cloud joins FS-ISAC’s critical providers program to share threat intel
The move is part of a wider industry effort to enhance supply chain security in the financial services sector.
-
TU IS via Getty Images
Outlook zero day linked to critical infrastructure attacks
State-linked actors have targeted oil and gas, transportation and defense industries in Europe.
-
Chris Gorgio via Getty Images
Cybersecurity market confronts potential consequences of banking crisis
Bank seizures impose new challenges on vendors in every segment and may spur consolidation.
-
Retrieved from Wawa website.
Wawa to pay up to $28.5M in data breach settlement
The chain’s latest payout will go to the financial institutions involved in the 2019 incident, continuing a series of payments it has made to customers and states over the past year.
-
Avosb via Getty Images
MKS Instruments hit by class-action litigation following ransomware attack
The company, a supplier to the semiconductor industry, has begun to recover its production capabilities and is working to upgrade its cyber defenses.
-
Chip Somodevilla/Getty Images via Getty Images
Ransomware hit critical infrastructure hard in 2022, FBI says
Many ransomware attacks go unreported to law enforcement, making it difficult for authorities to assess the full scope of impact.
-
Philip Steury via Getty Images
Bank failure panic fuels moment of opportunity for threat actors
As regulators step in to operate Silicon Valley Bank, threat hunters and security executives warned organizations to look out for malicious activity.
-
Danai Jetawattana via Getty Images
CISA launches ransomware warning pilot for critical infrastructure providers
The agency already warned dozens of organizations about ProxyNotShell.
-
Justin Sullivan via Getty Images
SVB turmoil could mean long-term uncertainty for enterprise IT
The demise of Silicon Valley Bank created a void in tech startup funding and raises questions about the health of the vendor ecosystem.
-
Permission granted by Carnegie Mellon University
Shift to secure-by-design must start at university level, CISA director says
Jen Easterly says secure coding and memory safety should be incorporated into computer science curriculum.
-
Jacob Lund via Getty Images
CSO vs. CISO: What’s the difference and does it matter?
The person in charge of physical security used to monitor keys and supervise guards. Now, the physical and digital are colliding.
-
Illustration: Yann Bastard for Industry Dive
Deep DiveHacking healthcare: With 385M patient records exposed, cybersecurity experts sound alarm on breach surge
Healthcare companies must harden their defenses, but it may require regulators and lawmakers to raise the bar on security standards, experts say.
-
Chip Somodevilla via Getty Images
Blackbaud to pay $3M to settle SEC charges of a misleading ransomware investigation
The regulator said the cloud-based software provider made misleading disclosures about the scope of a 2020 ransomware attack.
