The Latest
-
How to manage the rising tide of CVEs
As the volume and complexity of vulnerabilities grows, organizations are struggling to manage and mitigate the security defects.
-
SonicWall firewall CVE exploits linked to ransomware attacks
Active exploits aimed at firewalls mark yet another string of attacks targeting devices with high-value initial access, researchers said.
-
Security budgets continue modest growth, but staff hiring slows considerably, research finds
The report by IANS Research and Artico Search shows security priorities are clashing with economic realities.
-
MOVEit victims are still coming forward. This time it’s Wisconsin Medicare.
The delayed notifications underscore the difficulty organizations confront in discovering breaches and attributing compromises to a root cause or source.
-
Cyber insurance keeps growing, as threats spur competition
Concerns remain about aggregation risk as highlighted by the July outage of Microsoft Windows devices, according to a report from Moody’s Ratings.
-
Key cyber insurance stakeholders urge government to help close $900B in uncovered risk
Marsh McLennan and Zurich Insurance Group issued a white paper urging a public-private partnership to help tackle a growing coverage gap. The White House is working on a plan.
-
Feds warn of broad Russia-linked CVE exploits targeting critical infrastructure
Attackers operating under the direction of Russia’s military intelligence service are targeting governments, finance, transportation, energy and healthcare.
-
White House launches cybersecurity hiring sprint to help fill 500,000 job openings
National Cyber Director Harry Coker Jr. unveiled the program as part of an effort to fill a continued gap in cyber, technology and AI positions.
-
Infosec spending to hit 3-year growth peak, reach $212B next year: Gartner
The continuation of annual double-digit growth rates, 15% next year, comes as organizations consolidate spending and reassess EPP and EDR needs.
-
Microchip Technology says its data was stolen amid alleged leaks online
The chipmaker said an unidentified attacker stole employee contact information and some encrypted and hashed passwords.
-
Microsoft is training developers on the intricacies of threat intelligence
Cybercrime wonk Sherrod DeGrippo is taking Microsoft’s software developers and engineers on a journey into her world, the depths of threat intelligence.
-
Deepfake scams escalate, hitting more than half of businesses
The vast majority of corporate finance professionals, 85%, now view such scams as an “existential” threat, a Medius study found.
-
Halliburton confirms data stolen in August cyberattack
The company continues to incur expenses related to the attack, but does not expect a material impact.
-
Iran-linked actors ramping up cyberattacks on US critical infrastructure
Nation-state attacker are exploiting vulnerabilities in products from Check Point Software, Palo Alto Networks and others to attack multiple industries.
-
Schools, colleges faced record-breaking year of ransomware attacks in 2023
There were 121 incidents found last year alone, according to an analysis by Comparitech, but researchers noted their findings “only scratch the surface.”
-
CISA launches cyber incident reporting portal to streamline breach disclosure
The secure portal is designed to encourage faster and more robust information sharing about malicious attacks and critical vulnerabilities.
-
Seattle airport cyberattack outages persist heading into Labor Day travel rush
Airport staff began turning on and testing systems for international and low-volume carriers, which are the most heavily impacted by the outage.
-
CrowdStrike takes a revenue hit as global IT outage reckoning lingers
Sales are taking longer to close and the cybersecurity vendor is offering discounts to stem potential customer losses.
-
McLaren Health Care restores network weeks after ransomware attack
Still, it may take several weeks to input patient information manually collected during the outage into its electronic health record, the Michigan-based health system said. McLaren was also hit by a ransomware attack last year.
-
SentinelOne fields inquiries from new customers following global IT outage linked to CrowdStrike
Companies looking to diversify their risk from disruption are approaching SentinelOne, a week after similar customer movement was reported by Palo Alto Networks.
-
Volt Typhoon exploiting zero-day in campaign targeting ISPs, MSPs
Researchers from Black Lotus Labs warn the state-linked adversary is exploiting a vulnerability in Versa Director using custom web shells against the telecom sector.
-
Automakers meet growing data privacy challenges, experts say
A Federal Trade Commission crackdown and lawsuit against GM show automakers are navigating legal risks.
-
Seattle airport confronts 4th day of cyberattack outages
Most flights are departing and arriving as scheduled, but the Port of Seattle’s websites, phone, email and Wi-Fi are down. Manual processes at check-in counters are causing delays.
-
CISA officials credit Microsoft security log expansion for improved threat visibility
CISA officials say they plan to hold Microsoft accountable to ensure the company lives up to its commitments.
-
SEC settles cyber case with Equiniti Trust as oversight questions linger
The firm, formerly known as American Stock Transfer, will pay $850,000 to settle civil fraud charges involving the theft of $6.6 million in client funds.