The Latest

  • Ransomware virus has encrypted data. Attacker is offering key to unlock encrypted data for money.
    Image attribution tooltip
    vchal via Getty Images
    Image attribution tooltip

    Top officials again push back on ransom payment ban

    In lieu of a ban, the Institute for Security and Technology advises governments to achieve 16 milestones, most of which are already in place or in the works.

  • Hacker in Work. High Speed Computer Keyboard Typing by Professional Hacker.
    Image attribution tooltip

    shutterstock.com/Virrage Images

    Image attribution tooltip
    Sponsored by Synopsys

    DevSecOps, done right, can achieve both speed and security in software development

    You don’t have to choose between speed or security if you do DevSecOps correctly. Learn how.

  • In this photo illustration, the welcome screen for the OpenAI "ChatGPT" app is displayed on a laptop screen on February 03, 2023 in London, England. OpenAI,
    Image attribution tooltip
    Leon Neal / Staff via Getty Images
    Image attribution tooltip

    ChatGPT grabs the shadow IT crown: report

    Generative AI tools emerged as the latest villain in the enterprise battle to curb SaaS bloat and rationalize software portfolios, Productiv analysis found.

  • Close-up Focus on Person's Hands Typing on the Desktop Computer Keyboard
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    CISA to big tech: After XZ Utils, open source needs your support

    The attempted malicious backdoor may have been part of a wider campaign using social engineering techniques, the open source community warned.

  • The Eastern facade of the United States Capitol Building, with the House of the Representative's stair.
    Image attribution tooltip
    3000ad via Getty Images
    Image attribution tooltip

    Federal agencies caught sharing credentials with Microsoft over email

    U.S. government agencies are in jeopardy of Russia-linked cyberattacks, and although CISA isn’t aware of any compromised environments, officials warn the risk is exigent.

  • Team of hackers dressed in black work on computers in dark room.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    With Sisense compromise, the race begins to understand the impact

    CISA is working with private industry partners to investigate the attack on the data analytics platform with particular concern about the impact on critical infrastructure. 

  • FBI Director Christopher Ray speaking at the annual Boston Conference on Cyber Security
    Image attribution tooltip

    Lee Pellegrini, Boston College

    Image attribution tooltip

    FBI director echoes past warnings, as critical infrastructure hacking threat festers

    Chris Wray says adversaries from China, Russia and Iran are ramping up cyber, espionage and other threat activity against key sectors, including water, energy and telecommunications.

  • Young Woman Writing Code on Desktop Computer in Stylish Loft Apartment in the Evening.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Cybersecurity jobs pay well, but gender disparities persist

    ISC2’s analysis found significant financial upside for professionals in U.S. cybersecurity jobs, but there are gaps across levels of seniority by gender.

  • NIST administration building in Gaithersburg, Maryland.
    Image attribution tooltip
    Courtesy of NIST
    Image attribution tooltip

    What’s going on with the National Vulnerability Database?

    CVE overload and a lengthy backlog has meant the federal government’s repository of vulnerability data can’t keep up with today’s threat landscape.

  • Microsoft's visitor center at its Redmond campus.
    Image attribution tooltip
    Stephen Brashear via Getty Images
    Image attribution tooltip

    Microsoft embraces common weakness enumeration standard for vulnerability disclosure

    The policy change is part of the company's wider effort to improve security practices and become more transparent following years of scrutiny. 

  • Team of professionals meeting in office around computers
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    CISO role shows significant gains amid corporate recognition of cyber risk

    A report from Moody’s Ratings shows CISOs and other senior-level cyber executives have become key decision makers within the C-suite. 

  • Header image for "56% of Business Leaders Are Incorporating AI Into Cybersecurity: Weekly Stat"
    Image attribution tooltip
    Andrew Brookes
    Image attribution tooltip

    Mandiant spots advanced exploit activity in Ivanti devices

    The incident response firm identified eight threat groups targeting the remote access VPNs and observed evolved post-exploitation activity.

  • A circular rotunda under a dome with a mosaic floor and windows on all sides.
    Image attribution tooltip
    Schweikert, John. (2022). [Photograph]. Retrieved from U.S. Courts.
    Image attribution tooltip

    Change Healthcare asks to consolidate dozens of cyberattack class-action lawsuits

    Lawsuits against the UnitedHealth subsidiary are racking up following a cyberattack against the technology firm in late February.

  • Oil Or Gas Transportation With Blue Gas Or Pipe Line Valves On Soil And Sunrise Background
    Image attribution tooltip
    onurdongel via Getty Images
    Image attribution tooltip

    Industry stakeholders seek 30-day delay for CIRCIA comments deadline

    Industry officials are asking for additional time to comb through hundreds of pages of detailed rules about disclosure of covered cyber incidents and ransom payments.

  • An image of a digital lock is shown
    Image attribution tooltip
    Just_Super via Getty Images
    Image attribution tooltip

    D-Link tells customers to sunset actively exploited storage devices

    The networking hardware vendor advised owners of the affected devices to retire and replace them. There is no patch available for the vulnerability.

  • Cyberattack and internet crime, hacking and malware concepts.
    Image attribution tooltip
    Techa Tungateja via Getty Images
    Image attribution tooltip

    Omni Hotels & Resorts hit by cyberattack

    The hotel chain has been responding to the attack since March 29, when it shut down some of its systems.

  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA assessing threat to federal agencies from Microsoft adversary Midnight Blizzard

    Microsoft previously warned that the Russia-linked threat group was expanding malicious activity following the hack of senior company executives, which it disclosed in January.

  • Dollars flowing through the tunnel with binary code texture.
    Image attribution tooltip
    adventtr via Getty Images
    Image attribution tooltip

    Cybersecurity venture funding remains weak, near three-year low

    Quarterly funding levels hit $2.3 billion in Q1 2024, a far cry from the $8 billion high the market achieved in the final quarter of 2021, according to Pinpoint Search Group.

  • Hooded person types on computer in a dark room with multiple monitors and cables everywhere.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Ivanti pledges security overhaul after critical vulnerabilities targeted in lengthy exploit spree

    CEO Jeff Abbott said significant changes are underway. The beleaguered company committed to improve product security, share learnings and be more responsive to customers.

  • Aisle of files in an archive.
    Image attribution tooltip
    Nikada / Getty Images via Getty Images
    Image attribution tooltip

    What CISA wants to see in CIRCIA reports

    The most consequential federal critical infrastructure cyber incident regulation will be on the books in 18 months. Here are some of CIRCIA's main asks.

  • Microsoft logo is seen in the background.
    Image attribution tooltip
    Jeenah Moon via Getty Images
    Image attribution tooltip

    Microsoft Exchange state-linked hack entirely preventable, cyber review board finds

    The technology giant’s corporate culture fell short on security investments and risk management, and needs significant reforms, according to a damning report by the U.S. Cyber Safety Review Board.

  • A closeup shot of long colorful lines of code on a computer screen.
    Image attribution tooltip
    Wirestock via Getty Images
    Image attribution tooltip

    Motivations behind XZ Utils backdoor may extend beyond rogue maintainer

    Security researchers are raising questions about whether the actor behind an attempted supply chain attack was engaged in a random, solo endeavor.

  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA asserts no data stolen during Ivanti-linked attack on the agency

    Threat actors gained access to and potentially compromised two CISA systems weeks after the agency applied Ivanti’s initial mitigation measures.

  • AT&T To Merge Warner Media With Discovery
    Image attribution tooltip
    Justin Sullivan / Staff via Getty Images
    Image attribution tooltip

    AT&T hit with class action suit over massive data breach

    The breach was a “direct result” of AT&T’s failure to implement adequate cybersecurity procedures, the suit alleges.

  • Cyberattack and internet crime, hacking and malware concepts.
    Image attribution tooltip
    Techa Tungateja via Getty Images
    Image attribution tooltip

    Red Hat warns of backoor in widely used Linux utility

    With a CVSS of 10, CISA urged users and developers to downgrade to an uncompromised version, search for any malicious activity and report findings back to the agency.

  • The U.S. Securities and Exchange Commission seal hangs on the facade of its building.
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    Progress Software continues to cooperate with SEC probe into MOVEit exploitation

    The company said it still cannot quantify the potential impact of multiple government agency inquiries.