The Latest
-
Tech giants pledge multimillion down payment to secure open source
Top technology companies offered $30 million toward a two-year goal to bolster software supply chain security.
-
Emotet reemerges as top malware in circulation
The botnet’s activity surged 2,823% between Q4 2021 and Q1 2022, displaying a more recent shift in targets, HP Wolf Security analysts said.
-
White House cyber executive order still has unfinished business
The Biden administration is up against key hurdles in its effort to raise software security standards and establish zero trust across federal agencies.
-
US, allies blame Russia for Viasat cyberattack
The Five Eyes and other EU authorities linked Russia to a series of web defacement, DDoS and destructive wiper attacks in the weeks leading up to the Ukraine invasion.
-
SEO-savvy threat actors drive surge in malware downloads
Cybercriminals flooded Google and Bing with malicious PDF files that contain commonly searched keywords, resulting in a 450% annualized increase in phishing downloads.
-
Colonial Pipeline faces nearly $1M in penalties as federal regulator discloses violations
The Transportation Department’s pipeline safety regulator scrutinized control room management, which may have contributed to the fuel disruptions from the 2021 ransomware attack.
-
Retrieved from GPA Photo Archive.
Vet software security as part of enterprise procurement, NIST says
The guidance, an answer to last year's executive order, examines where and when potential supply chain vulnerabilities can surface.
-
Threat actor launches email attacks to lift corporate M&A secrets, Mandiant says
The suspected threat actor, UNC3524, lurks in victim environments for at least 18 months.
-
Ukraine cyberthreat activity ramps up against critical infrastructure, governments
Researchers say state-linked and criminal activity has risen in recent weeks.
-
Microsoft, Apple and Google double down on FIDO passwordless standard
The move is designed to boost digital security by allowing users to quickly authenticate across multiple devices and platforms.
-
Familiar names top 2021's most-exploited vulnerabilities list
Top ransomware operators, including Hive and Conti, are exploiting flawed systems to launch new attacks, researchers warn.
-
Critical CVEs put Aruba Networks, Avaya enterprise switches at risk
Researchers previously found similar vulnerabilities in Smart-UPS devices.
-
M&A sets record pace as ransomware, nation-state threats fuel security demand
Enterprise customers seek consolidated, end-to-end platforms to anticipate, detect and eliminate threats.
-
New wiper, worm attacks emerge in Ukraine targeting government and industry
CISA shared indicators of compromise Thursday, months after the malware strains emerged.
Updated April 29, 2022 -
Ransomware attacks, payouts soared worldwide in 2021: report
More organizations are paying ransoms as attacks grow in sophistication.
-
Tenet says 'cybersecurity incident' disrupted hospital operations
The for-profit health system has restored most critical functions, while affected facilities are starting to resume normal operations.
-
What cyber insurance companies want from clients
Insurers evaluate how a company leverages technology and what internal standards are in place to manage risk.
-
Emotet botnet tests new techniques after global crackdown
The once prolific botnet, returning from "spring break," is preparing a new high-volume campaign, Proofpoint researchers said.
-
IT leaders remain bullish on open source despite security hiccups
Enterprise adoption of open source has not cooled, but flaws have highlighted the need for a better understanding of dependencies.
-
HHS warns providers of 'exceptionally aggressive' ransomware group
The Hive group practices double extortion — demanding payment to free data it has encrypted while also threatening to release the unencrypted data publicly.
-
AWS reissues Log4Shell hotpatch after vulnerabilities found
Researchers warn attackers can escape containers and escalate privileges.
-
Patterson, Richard. Retrieved from Flickr.
Banks face 'tight deadline' under new cyber notification rule
The May 1 cutoff to comply with the rule comes as the Biden administration has warned U.S. businesses about the increasing risk of Russian cyberattacks.
-
Cyber agencies renew warnings of Russia-linked threats against industrial targets
Separately, the U.S. is expanding the Joint Cyber Defense Collaborative to include experts on industrial control systems.
-
Behind the push to finally eliminate passwords
The FIDO Alliance is pushing for smartphones to become the authentication standard as the tech industry presses for new methods.
-
Threat detection accelerates in Asia, Europe, as notification trends shift
Median dwell time fell as organizations boosted cybersecurity defenses, shared threat intelligence.