The Latest
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
Attackers keep targeting VMware Horizon, exploiting unpatched Log4Shell
In one case, CISA found multiple threat actors compromising an organization using Log4Shell, which leveraged access to gain remote command and control.
-
yangphoto via Getty Images
Department of Energy rethinks cyber resilience in strategy to secure the grid
The agency wants to help the energy sector incorporate more cybersecurity safeguards during the design phase and better withstand attacks.
-
Chainarong Prasertthai via Getty Images
Breach at Flagstar Bank impacts more than 1.5M customers
The breach, which occurred between Dec. 3 and Dec. 4, is the second to impact the bank in less than two years.
-
gorodenkoff via Getty Images
Analysts nudge businesses to decentralize cybersecurity leadership
The push is to enable employees to make informed security decisions while meeting enterprise needs with spread out security leadership.
-
Motortion via Getty Images
Dozens of vulnerabilities threaten major OT device makers
Researchers from Forescout’s Vedere Labs found 56 vulnerabilities across big names like Honeywell and Motorola raising design-level security concerns.
-
iStock / Getty Images Plus via Getty Images
Q&AWhat enterprise leaders can divine from software bills of materials
Cyber defense tool: Software bills of materials (SBOMs) can expose elements of risks in applications.
-
dragana991 via Getty Images
Juneteenth beyond a day off: How to celebrate year-round
Two Black business leaders make the case for diverse hiring as the ultimate celebration of African American slavery’s abolition.
-
Chainarong Prasertthai via Getty Images
Microsoft releases long sought patch for Office Follina zero day as CISA, customers assess impact
The fix comes two weeks after the industry was forced to improvise with a workaround solution, while nation-state and criminal actors exploited the vulnerability.
-
anyaberkut via Getty Images
Ransomware groups shift tactics and objectives
Malware can play a major or nonexistent role in ransomware attacks. Threat actors are often only in it for the money.
-
Chainarong Prasertthai via Getty Images
Microsoft resolves critical vulnerability in Azure Synapse after prior patches fall short
Orca Security warned in January that attackers could gain remote code execution, taking over tenant workspaces.
-
South_agency via Getty Images
How and why ransomware responses go haywire
A lack of fortitude and preparation on the communications front often puts enterprises at risk for greater harm.
-
DianeBentleyRaymond via Getty Images
5 takeaways from the RSA Conference
The event tried to pick up where it left off 28 months ago. Can defenders keep up with the accelerated pace and scale of the cyber threat?
-
Yudram_TA via Getty Images
Tenable CEO calls out Microsoft on lack of transparency on vulnerabilities
Amit Yoran claims Microsoft failed to acknowledge a critical vulnerability in Azure until Tenable said it would go public.
-
Motortion via Getty Images
Threat actors deploy new attack methods as Microsoft Follina vulnerability lingers
Researchers discover new vectors, including the use of remote access trojan AsyncRAT.
-
Matt Kapko/Cybersecurity Dive
America's cyber chiefs have a long to-do list
The federal government wants to lead by example and communicate the urgency of the moment. First, it needs to get its security affairs in order.
-
Kenny Holston via Getty Images
Threat hunters minimize Russia's cyber prowess
U.S. organizations have a lot to learn from Ukrainian cyber defenders’ sophisticated resiliency during hostile conditions.
-
Chainarong Prasertthai via Getty Images
Microsoft zero day under attack as industry awaits patch
One threat actor has been exploiting the Follina vulnerability to deliver malware, Proofpoint researchers said Tuesday.
Updated June 8, 2022 -
Markus Spiske
Organizational changes required to mitigate security risks
Executives are implementing new strategies to lower software supply chain risk, but evaluating internal operations could prove more effective.
-
Yudram_TA via Getty Images
FBI, CISA issue warning on China-backed cyber threats against the telecom industry
State-sponsored actors are targeting small and home office networking equipment for access.
-
sefa ozel via Getty Images
Attackers aim for Atlassian Confluence zero day with mass, targeted exploitation
The threat activity comes days after Atlassian released a security fix for the on-premise vulnerability.
-
luza studios via Getty Images
Atlassian releases fix for critical zero day impacting Confluence
Attackers could take control of affected devices without need for authentication.
-
Yudram_TA via Getty Images
CISA issues warning after critical zero day hits Atlassian's Confluence
No patch or workaround is currently available and federal agencies are required to disconnect from the product.
-
Sean Gallup via Getty Images
Food supplier cyber risk spreads 1 year after JBS attack
Ransomware attacks target common vulnerabilities like legacy OT systems and equipment that lacks modern security tools.
-
Lee Pellegrini, Boston College
Russia, backed by ransomware gangs, actively targeting US, FBI director says
The FBI is laser focused on preventing a destructive attack, FBI Director Christopher Wray said. The agency previously, helped to disrupt a 2021 Iran-backed attack on Boston Children’s Hospital.
-
WhataWin via Getty Images
Conti ransomware gang grows brash and flames out. What's next?
The group's reported demise is likely a diversion. Members of the group still pose a significant ransom and data extortion threat to enterprises.
