The Latest
-
Critical VMware vulnerabilities resurface after threat actors evade patches within 48 hours
Even with new patches available, CISA is concerned that threat actors will easily shake off the fixes once again.
-
Biden administration makes inroads amid zero trust rollout
More than 50 federal agencies expect to have EDR technology by the end of fiscal year.
-
CISOs say they're at less risk of a substantial cyberattack
A modest confidence boost and more deliberate security strategies follow two years of pandemic-induced chaos, a Proofpoint-sponsored survey found.
-
How the Colonial Pipeline attack instilled urgency in cybersecurity
The federal government and private sector are still coming to terms with how to protect operational technology in an increasingly volatile threat environment.
-
Enterprises rarely follow advice to never pay ransoms
Ransomware foists a difficult choice on executives and very few leave business operations in limbo to test a best practice.
-
Companies need to align cyber and disclosure efforts: SEC attorney
The SEC aims to protect investors from cyber-related risks by cracking down on companies that release misleading disclosures about cyberattacks.
-
Tech giants pledge multimillion down payment to secure open source
Top technology companies offered $30 million toward a two-year goal to bolster software supply chain security.
-
Emotet reemerges as top malware in circulation
The botnet’s activity surged 2,823% between Q4 2021 and Q1 2022, displaying a more recent shift in targets, HP Wolf Security analysts said.
-
White House cyber executive order still has unfinished business
The Biden administration is up against key hurdles in its effort to raise software security standards and establish zero trust across federal agencies.
-
US, allies blame Russia for Viasat cyberattack
The Five Eyes and other EU authorities linked Russia to a series of web defacement, DDoS and destructive wiper attacks in the weeks leading up to the Ukraine invasion.
-
SEO-savvy threat actors drive surge in malware downloads
Cybercriminals flooded Google and Bing with malicious PDF files that contain commonly searched keywords, resulting in a 450% annualized increase in phishing downloads.
-
Colonial Pipeline faces nearly $1M in penalties as federal regulator discloses violations
The Transportation Department’s pipeline safety regulator scrutinized control room management, which may have contributed to the fuel disruptions from the 2021 ransomware attack.
-
Retrieved from GPA Photo Archive.
Vet software security as part of enterprise procurement, NIST says
The guidance, an answer to last year's executive order, examines where and when potential supply chain vulnerabilities can surface.
-
Threat actor launches email attacks to lift corporate M&A secrets, Mandiant says
The suspected threat actor, UNC3524, lurks in victim environments for at least 18 months.
-
Ukraine cyberthreat activity ramps up against critical infrastructure, governments
Researchers say state-linked and criminal activity has risen in recent weeks.
-
Microsoft, Apple and Google double down on FIDO passwordless standard
The move is designed to boost digital security by allowing users to quickly authenticate across multiple devices and platforms.
-
Familiar names top 2021's most-exploited vulnerabilities list
Top ransomware operators, including Hive and Conti, are exploiting flawed systems to launch new attacks, researchers warn.
-
Critical CVEs put Aruba Networks, Avaya enterprise switches at risk
Researchers previously found similar vulnerabilities in Smart-UPS devices.
-
M&A sets record pace as ransomware, nation-state threats fuel security demand
Enterprise customers seek consolidated, end-to-end platforms to anticipate, detect and eliminate threats.
-
New wiper, worm attacks emerge in Ukraine targeting government and industry
CISA shared indicators of compromise Thursday, months after the malware strains emerged.
Updated April 29, 2022 -
Ransomware attacks, payouts soared worldwide in 2021: report
More organizations are paying ransoms as attacks grow in sophistication.
-
Tenet says 'cybersecurity incident' disrupted hospital operations
The for-profit health system has restored most critical functions, while affected facilities are starting to resume normal operations.
-
What cyber insurance companies want from clients
Insurers evaluate how a company leverages technology and what internal standards are in place to manage risk.
-
Emotet botnet tests new techniques after global crackdown
The once prolific botnet, returning from "spring break," is preparing a new high-volume campaign, Proofpoint researchers said.
-
IT leaders remain bullish on open source despite security hiccups
Enterprise adoption of open source has not cooled, but flaws have highlighted the need for a better understanding of dependencies.