The Latest
-
Moody’s cites credit risk from state-backed cyber intrusions into US critical infrastructure
Key sectors could face short-term revenue impacts and long-term reputational harm and litigation risk, the credit ratings service said.
-
Barracuda zero-day vulnerability exploited for 7 months before detection
The latest disclosure increases the potential for widespread compromise for customers using the security vendor’s email security gateway appliances.
-
PyPI to mandate 2FA by the end of 2023
The mandate is part of a larger effort to prevent account takeover attacks.
-
ABB confirms ransomware attack resulted in data theft
The Switzerland-based industrial automation giant said customer systems were not directly impacted. Key services and factories remain operational.
-
Royal messes with Texas
A trio of ransomware attacks targeting the Dallas metro area have the hallmarks of a targeted campaign. They also underscore a very real problem: society is becoming desensitized to disruption.
-
Ahead of summer holiday weekends, IT security leaders brace for deliberate cyber mischief
Recent history shows holiday weekends and vacations provide an attack surface bonanza for threat actors.
-
Barracuda patches actively exploited zero-day vulnerability in email gateways
The security vendor declined to answer questions about how many customers were impacted and what, if any, customer data was compromised.
-
Broad campaign underway to access US critical infrastructure using small, home office devices
A state-linked actor, Volt Typhoon, is attempting to gain a foothold across U.S. networks amid rising tensions in the Pacific, Microsoft and the Five Eyes authorities said.
-
CISA updates ransomware guide 3 years after its debut
The #StopRansomware guide, updated in partnership with the FBI, NSA and MS-ISAC, reflects aggressive new techniques used by threat actors, including double extortion.
-
Why cyber is also a CIO problem
When an incursion occurs, IT teams need to have a recovery plan and backup systems ready for deployment.
-
SMBs, regional MSPs under fire from targeted phishing attacks
Sophisticated cybercriminals are attacking vulnerable target rich and resource poor organizations to reach secondary victims via phishing campaigns, Proofpoint researchers warn.
-
BEC attacks rise as criminal hackers employ new tactics to evade detection
Threat actors are using cybercrime as a service to grow industrial strength campaigns and leveraging residential IP addresses.
-
KeePass master password manager at risk as users await patch
The exploit only works if the master password is typed directly into KeePass. However, a patch won’t be available for weeks.
-
Dallas under pressure as Royal ransomware group threatens leak
By listing Dallas on its leak site on the dark web, Royal rebutted the city’s claims that data was not compromised during the attack.
-
IT security budgets are shifting as companies target risk reduction
Organizations are designing their security spending around keeping the business secure and operations running smoothly.
-
Retrieved from Dole.
Dole incurs $10.5M in direct costs from February ransomware attack
The attack impacted about half of Dole's legacy company’s servers and one-quarter of its end-user computers.
-
Critical infrastructure security spending to grow 83% by 2027: ABI Research
Analysts forecast cybersecurity spending among critical infrastructure organizations to grow from an estimated $129 billion in 2022 to almost $236 billion by 2027.
-
Why and how to report a ransomware attack
The majority of ransomware attacks go unreported, creating a blind spot that hampers response, recovery efforts and the prevention of future attacks.
-
UMass Memorial agrees to pay $1.2M to settle FLSA claims stemming from Kronos attack
A ransomware attack took the UKG product offline for weeks and has spawned several lawsuits.
-
Cyber resilience programs falling short on preparing workers for a crisis
The report from Immersive Labs raises questions about whether corporate employees would know how to respond after a major cyberattack.
-
House hearing details cyber resilience efforts for energy, water and healthcare
Officials from the Department of Health and Human Services, Environmental Protection Agency and the Department of Energy testified how sector agencies are responding to rising threats.
-
Dallas courts still closed 2 weeks post-ransomware attack
Continued outages also prevent police from accessing data, which is severely impacting efforts to reduce crime as summer approaches, Police Chief Eddie Garcia said.
-
Yum Brands faces class action suits from employees after ransomware attack
The Taco Bell and KFC operator is facing litigation after some personal data of company employees was stolen in the attack.
-
VMware’s ‘target-rich environment’ is growing more volatile, CrowdStrike warns
Ransomware groups continue to target VMware because they know the virtualization infrastructure is vulnerable and lacks security tools, threat researchers said.
-
Emerging ransomware group quickly hits 4 critical infrastructure providers
The financially motivated threat actor attacked organizations in manufacturing, finance, insurance and pharmaceuticals within a week of its debut.