The Latest
-
Blue Yonder moves closer to full recovery after November ransomware attack
U.K. supermarket chain Morrisons says its operations are mostly restored, while Blue Yonder is working with other customers to recover operations.
-
Note from the Editor-in-Chief
A change in ownership and what it means for our readers.
-
When password rules change, who benefits?
As the National Institute of Standards and Technology rolls out updated password guidance, some experts want to make passwords a thing of the past.
-
CrowdStrike avoids customer exodus after triggering global IT outage
The cybersecurity vendor reported $33.9 million in expenses related to the July 19 incident, which caused the company to swing to a loss.
-
FBI, CISA warn of heightened risk of BEC attacks during holiday season
Authorities encouraged prompt reporting, which can help recover stolen payments.
-
SEC reports drop in enforcement actions for 2024 FY
The securities regulator also reported a record $8.2 billion in monetary remedies for its last fiscal year, driven by Terraform Labs crypto fraud settlement.
-
As holiday season begins, US braces for looming risk of cyberattacks
Security teams are on the alert for nation-state threats and ransomware as millions of workers break for the Thanksgiving holiday weekend.
-
Starbucks confirms Blue Yonder attack impacted employee scheduling platform
The company is reverting to manual operations to make sure workers are paid on time, a spokesperson said.
-
New York fines Geico, Travelers $11.3M for pandemic-era breaches
The auto insurance companies were penalized for a series of attacks that exposed the personal data of 120,000 people in late 2020 and early 2021.
-
Ransomware hits supply chain software firm Blue Yonder ahead of Thanksgiving
The attack against Blue Yonder led to issues for Morrisons, a U.K.-based grocery chain, in its warehouse management system for fresh food and produce.
-
Gambling tech vendor’s IT systems impacted by cyberattack
International Game Technology, which makes slot machines and other gambling technology, said it took systems offline following a Nov. 17 cyberattack.
-
Palo Alto Networks pushes back as Shadowserver spots 2K of its firewalls exploited
The security vendor maintains only a limited number of customers’ firewalls have been exploited by a zero-day it patched earlier this week.
-
Corporate security teams want specialty cyber roles as regulatory pressure grows
A report from IANS and Artico Search shows businesses are looking to bring on chiefs of staff, business CISOs and privacy officers as federal and state regulators push for greater compliance.
-
Healthcare providers will need to boost cyber defenses amid AI adoption: Moody’s
AI could ease labor shortages, but health systems will need to increase cybersecurity spending to manage heightened risks, according to the credit ratings agency.
-
Microsoft unveils resiliency, security enhancements following July global IT outage
The updates are part of a larger effort at the company to overhaul its internal security culture.
-
Palo Alto Networks boasts as customers coalesce on its platforms
The cybersecurity vendor said it ended its fiscal Q1 with 1,100 platformization deals and remains on pace to reach at least 2,500 such deals within five years.
-
Attackers wield password-spray attacks to zero-in on targets, research finds
The highly effective brute-force attack method requires little effort, Trellix said. Organizations with weak password policies or no MFA are especially at risk.
-
HHS facing challenges as lead agency for healthcare cybersecurity: GAO
The department hasn’t implemented some policies recommended by the watchdog, which could pose a risk to cybersecurity in the sector as attacks increase, according to the Government Accountability Office.
-
Opinion
Security awareness and training is a method, not an outcome
In 2024, the idea of human risk management shifted from concept to reality as frustrated CISOs looked for solutions beyond security awareness and training to make real change.
-
Palo Alto Networks customers grapple with another actively exploited zero-day
The security vendor warned of an unconfirmed vulnerability in PAN-OS earlier this month. A CVE entry and patch came 10 days later.
-
Federal probe finds vulnerabilities across more than 300 US water systems
The Environmental Protection Agency lacks a documented plan to coordinate incident reporting with CISA, the agency’s Office of Inspector General found.
-
AI training vendor iLearningEngines discloses cyberattack in wake of SEC probe
The company said an attacker stole data, misdirected a $250,000 wire payment and deleted emails.
-
Easterly to step down from CISA director role on Inauguration Day
CISA confirmed that political appointees of the Biden administration will also depart the agency as the Trump administration takes over.
-
Splunk accelerates Cisco’s security business as core networking sales decline
Security revenue doubled to $2 billion in Cisco’s recent quarter. Without Splunk’s contribution, its total revenue would have dropped 14%.
-
Palo Alto Networks’ customer migration tool hit by trio of CVE exploits
CISA warned of two critical and actively exploited vulnerabilities in Expedition one week after another CVE came under active exploitation in the same product.