The Latest
-
Water system hack reveals thousands of organizations vulnerable to Window 7 exposure
Critical infrastructure providers and SMBs continue to operate the outdated Microsoft OS without security updates and patches.
-
damircudic via Getty Images
IT, security jobs in demand through 2029: report
Reliance on remote work will drive up employment in areas such as information security and software development, according to projections from the U.S. Bureau of Labor Statistics.
-
Kendall Davis for CIO Dive
Microsoft says it was not a SolarWinds attack vector, after completing internal probe
The company confirmed limited amounts of source code for Azure, Exchange and Intune were downloaded.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
SolarWinds attack poses long-term threat of disruption, White House says
The SolarWinds hack compromised at least nine federal agencies and 100 private sector companies, said Deputy National Security Advisor Anne Neuberger in a briefing Wednesday.
-
Weighing the risks of disclosing a cyber incident
Not telling law enforcement or a regulator is an admission by an organization: We do not consider this cyber incident reportable.
-
Adeline Kon for Cybersecurity Dive/Cybersecurity Dive
How can data manipulation impact the bottom line?
Factoring disinformation into a threat model can allow a company to combat lies and protect its reputation.
-
Getty Images
Ransomware, poor security drove spike in healthcare breaches in 2020
A rise in ransomware and phishing attacks led to a 55% increase in healthcare breaches last year, according to Bitglass.
-
One-third of analysts ignore security alerts, survey finds
With an ever-increasing number of alerts, identifying what to ignore is an impossible mission without scalable technology.
-
Getty
Organizations running SolarWinds Orion online drops 25% since December: report
A report by RiskRecon shows only 8% of entities operating on the internet actually upgraded to later versions based on SolarWinds security recommendations.
-
Photo by Josh Appel on Unsplash
Are businesses underinvesting in cybersecurity?
The issue isn't how large of a cybersecurity investment an organization makes, but rather, if it is spending funds properly.
-
Rangel, David. [photograph]. Retrieved from https://unsplash.com/photos/4m7gmLNr3M0.
Software supply chain hacks highlight an ugly truth: The build process is broken
Software makers are coming to terms with security gaps they knew existed as the fallout from the SolarWinds hack continues.
-
Security flaws enabled Florida city water utility hack
Authorities found poor security hygiene — weak passwords and an outdated operating system — played a role in the hack.
UPDATED: Feb. 12, 2021 at 9:45 a.m. -
White House taps Neuberger to lead SolarWinds government response
The SolarWinds attack has opened a deeper conversation about the role of the federal government in coordinating cybersecurity policy and sharing intelligence with the private sector.
-
Open source blind trust the culprit in ethical breach of 35 companies
Microsoft, one of the breached companies, encourages organizations to use controlled scopes, namespaces or prefixes to protect package names.
-
sestovic/E+/Getty via Getty Images
SolarWinds fallout turns security eye to Microsoft Office 365
Office 365 has been linked to incidents ranging from points of compromise to the unauthorized email access of government officials.
-
Getty Images
Half of phishing attacks cause ransomware infections: report
Not only did bad actors ask for additional ransoms but more companies are also paying them.
-
Why does industry say there are air gaps between IT and OT?
Not only is OT connected to the internet now, cyberattacks can trickle through IT environments.
-
SolarWinds fallout could last for years, as power industry secures vulnerable equipment: Dragos CEO
The energy sector is experiencing a "digital transformation with a threat convergence," the CEO of security company Dragos told the U.S. Department of Energy.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
SolarWinds security to-do list post hack
One of the first changes security teams need to make is in how they consider adversaries' capabilities: Always assume the perimeter has already been breached.
-
Katie Malone/Cybersecurity Dive, data from https://www.whitehouse.gov/
Hidden messages, hacking tests entice tech talent
By creatively engaging prospective employees during the hiring process, some businesses successfully found the right fit.
-
Mimecast to cut 4% of workforce in restructuring as breach probe continues
More than half of Mimecast's business stems from protecting Office 365, which has become a significant target for cyberattacks, Mimecast CEO Peter Bauer said.
-
Jacob Bell / BioPharma Dive
FDA appoints first medical device cybersecurity chief
University of Michigan professor Kevin Fu will serve a one-year term as acting cyber director at the Center for Devices and Radiological Health. Experts fear the chaos of the pandemic created the perfect storm for hackers to exploit.
-
Naomi Eide
FireEye reports record revenue in first report since Red Team hack
The company's discovery of the SolarWinds attack has fueled additional customer demand, which should be reflected in deferred revenue during 2021.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
3 severe SolarWinds bugs found, patches available
There is currently no evidence to suggest the vulnerabilities were exploited; they are unrelated to the recent hack, Trustwave found.
UPDATED: Feb. 4, 2021 at 9:51 a.m. -
zefart/iStock/Getty via Getty Images
Why some industries are more secure than others
Threats go beyond industry and target organizations depending on business size. Company size is a factor, but so is investment in cyber defense.
