The Latest
-
Ransomware attacks surge despite international enforcement effort
Progress remains elusive as federal authorities point to ransomware payments inhibiting progress to reduce the volume and impact of attacks.
-
Top cybersecurity conferences to attend in 2025
Security experts from across sectors will come together to hear about the latest risk management strategies, novel hacking techniques, cyber governance and the technologies enterprises need to defend their networks.
-
CUPS vulnerability, a near miss, delivers another warning for open source
While a major crisis was averted, the disclosures may open up needed conversations about transparency and coordination, according to researchers.
-
Customers are done with passwords. Do businesses have a solution?
Research shows customers are frustrated with the login experience, and the friction can cost businesses customers.
-
A quartet of Linux CVEs draws exploit fears among open source community
Attackers can use the chained vulnerabilities to execute remote commands after a user initiates a print job.
-
MoneyGram faces backlog after cyberattack
The international wire transfer company has restarted some services since the incident, but is battling to fulfill transactions after taking its systems offline for much of the week.
-
For Google to reduce memory-safety defects, it focused on new code
Google’s experience provides software developers a roadmap to address one of the most persistent security problems: memory-safety CVEs.
-
CrowdStrike CEO pushes ‘resilient by design’ framework, promising changes
The cybersecurity vendor is embracing a new business framework to address security deployment lapses and the fragility of interconnected systems.
-
CISA again raises alarm on hacktivist threat to water utilities
The alert comes just days after an attack against a water treatment facility in Kansas.
-
CrowdStrike’s mea culpa: 5 takeaways from the Capitol Hill testimony
CrowdStrike was quick to apologize after a faulty content update triggered a global IT network outage. An executive detailed internal changes designed to prevent it from happening again.
-
Cyber commission seeks detailed plan to secure high-risk infrastructure
A report said most recommendations from the Cyberspace Solarium Commission are near completion, but also called for greater private-sector collaboration and insurance reforms.
-
Data privacy concerns swirl around generative AI adoption
IT and business professionals fear the technology's adoption can lead to data leakage, according to a Deloitte report.
-
CISA catalog falls short on CVEs targeted by Flax Typhoon
A report by VulnCheck highlights the ongoing backlog in identifying active exploitation of CVEs.
-
Major companies keep hiring North Korean IT workers
Dozens of Fortune 100 organizations have inadvertently hired workers from North Korea applying for remote jobs, Mandiant said.
-
Dark web exposure is ‘highly correlated’ with cyberattack risk
Organizations that are mentioned in dark web market listings are more than twice as likely to experience an attack, Marsh McLennan found.
-
Microsoft names deputy CISOs, flushes dead accounts as part of internal security overhaul
The company released a progress report on efforts to revamp its internal security culture and governance.
-
Kevin Mandia’s 5 question confidence test for CISOs
For most organizations, cyberthreats are too imposing to get bogged down in low-impact exercises. Mandiant’s founder advises executives to look for a security mindset above all else.
-
Attackers exploit second Ivanti Cloud Service Appliance flaw for more access
Hackers are exploiting the vulnerability in tandem with a previously disclosed CVE, to bypass authentication measures and take control of an affected system.
-
Cybersecurity firm flags attack on construction accounting system
Users of Foundation Software, which serves 43,000 construction pros, may be at risk of intrusion if they still use default credentials, according to cybersecurity firm Huntress.
-
US authorities take down a Mirai-variant botnet tied to DDoS threat
An FBI-led operation to disrupt a China-linked botnet comes months after a similar operation in January linked to Volt Typhoon.
-
Port of Seattle official flags a cyber dilemma, ‘one-way street’ with federal agencies
A ransomware atttack disrupted the Seattle-Tacoma International Airport for weeks. Part of the problem, one official said, is that federal cyber recommendations are not timely.
-
Generative AI raises security concerns among IT leaders
Executives worry their organization lacks the ability to protect applications and workloads, according to a Flexential survey.
-
AT&T settles a 2023 data breach for $13M. Recent incidents are much worse.
Telecom cybersecurity remains a challenge with widespread impacts. AT&T is not alone in experiencing a pattern of extensive breaches exposing customer data.
-
Suffolk County ransomware attack linked to lack of planning, ignored warnings
A special report blames county officials for ignoring FBI warnings during the 2022 attack and an overall failure of IT and security leadership.
-
Open source maintainers, under security pressure, remain largely unpaid after XZ Utils
A report by Tidelift shows an equity gap remains between open source developers and well-resourced software users who are pushing for higher security standards.