The Latest
-
5 steps organizations can take to counter IAM threats
Many organizations lean on identity and access management tools to perform credential management and authentication. But these systems aren’t foolproof.
-
US looks to reimagine cybersecurity paradigm with burden shift, rebuilt infrastructure
Security needs to be baked into the technology Americans use every day and not bolted onto aging systems, said Kemba Walden, acting national cyber director.
-
Threat intelligence isn’t for everyone, Google says
Most security professionals don’t have the time to read a 10-page threat intelligence report, let alone put those insights into action.
-
FTC opens inquiry into cloud market competition, security
As consolidation among hyperscalers grows, federal authorities are raising concerns over cloud dependence in critical sectors.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA revises cybersecurity performance goals
After months of feedback from stakeholders, the agency made changes to better align with the NIST framework and update language on MFA.
-
Ill-prepared against cyberattacks? You’re not alone, Cisco says
The cybersecurity readiness gap looms large, and smaller organizations were ranked the least prepared.
-
Ransomware gangs incite fear in victims to fuel attacks
Attacks involving data theft nearly doubled and harassment spiked 20 times by late 2022, Palo Alto Networks Unit 42 said.
-
Outlook zero-day still vulnerable to attackers with prior access, researchers find
Days after Microsoft issued a patch, researchers demonstrated that threat actors could still bypass the mitigation steps from within a network.
-
Zero-days fell by one-third in 2022, Mandiant says
Zero-day vulnerabilities in security, IT and network management products, which are consistently connected to the internet, claimed nearly 1 in 5 exploits.
-
Security drives software purchases for half of US companies
The study from Capterra comes weeks after the U.S. rolled out plans to shift liability for weak product security onto the tech industry.
-
Global cybersecurity spending to top $219B this year: IDC
Persistent cyberattack threats, increased regulations and the demands of hybrid work are driving sustained growth.
-
SEC proposes cybersecurity disclosure rules for financial industry specialists
The changes would require broker-dealers and other entities to adopt written plans to minimize risk and promptly disclose major incidents.
-
Google Cloud joins FS-ISAC’s critical providers program to share threat intel
The move is part of a wider industry effort to enhance supply chain security in the financial services sector.
-
Outlook zero day linked to critical infrastructure attacks
State-linked actors have targeted oil and gas, transportation and defense industries in Europe.
-
Cybersecurity market confronts potential consequences of banking crisis
Bank seizures impose new challenges on vendors in every segment and may spur consolidation.
-
Retrieved from Wawa website.
Wawa to pay up to $28.5M in data breach settlement
The chain’s latest payout will go to the financial institutions involved in the 2019 incident, continuing a series of payments it has made to customers and states over the past year.
-
MKS Instruments hit by class-action litigation following ransomware attack
The company, a supplier to the semiconductor industry, has begun to recover its production capabilities and is working to upgrade its cyber defenses.
-
Ransomware hit critical infrastructure hard in 2022, FBI says
Many ransomware attacks go unreported to law enforcement, making it difficult for authorities to assess the full scope of impact.
-
Bank failure panic fuels moment of opportunity for threat actors
As regulators step in to operate Silicon Valley Bank, threat hunters and security executives warned organizations to look out for malicious activity.
-
CISA launches ransomware warning pilot for critical infrastructure providers
The agency already warned dozens of organizations about ProxyNotShell.
-
SVB turmoil could mean long-term uncertainty for enterprise IT
The demise of Silicon Valley Bank created a void in tech startup funding and raises questions about the health of the vendor ecosystem.
-
Shift to secure-by-design must start at university level, CISA director says
Jen Easterly says secure coding and memory safety should be incorporated into computer science curriculum.
-
CSO vs. CISO: What’s the difference and does it matter?
The person in charge of physical security used to monitor keys and supervise guards. Now, the physical and digital are colliding.
-
Deep Dive
Hacking healthcare: With 385M patient records exposed, cybersecurity experts sound alarm on breach surge
Healthcare companies must harden their defenses, but it may require regulators and lawmakers to raise the bar on security standards, experts say.
-
Blackbaud to pay $3M to settle SEC charges of a misleading ransomware investigation
The regulator said the cloud-based software provider made misleading disclosures about the scope of a 2020 ransomware attack.