The Latest
-
PowerSchool data breach possibly exposed student, staff data
The cloud-based K-12 software provider confirmed a compromised credential was used to access its PowerSource customer support portal.
-
Sponsored by Imprivata
The double-edged sword of AI in cybersecurity: driving efficiency gains, meeting compliance requirements and navigating greater risk
Discover the dual impact of AI in cybersecurity: enhancing efficiency and compliance while opening new risk avenues.
-
Cyberattacks, tech disruption rank as top threats to business growth
Two in five executives view data breaches and leaks as the most financially burdensome man-made threats, a Chubb study found.
-
Ivanti customers confront new zero-day with suspected nation-state nexus
The latest attacks come one year after a threat group exploited a pair of zero-days in the same Ivanti product.
-
4 cybersecurity trends to watch in 2025
Critical industries are up against never before seen challenges to remain secure and operational, while regulatory pressures have completely upended the role of the CISO in corporate America.
-
National cyber director calls for deterrence against China-affiliated cyber threats
Harry Coker Jr. said China and other adversaries cannot be allowed free reign to conduct malicious cyber activities.
-
White House program to certify the security of IoT devices goes live
The White House is also working on an executive order to limit federal purchasing of connected products that meet the minimum security standards under the program.
-
Investors narrow scope of cyber funding deals in 2024
Total funding was up 9% year over year to $9.5 billion. More than half of all dollars raised went to late-stage rounds, Pinpoint Search Group said.
-
CISA says hack targeting Treasury Department did not impact other federal agencies
BeyondTrust says an investigation of a December attack spree is nearing completion and SaaS instances are fully patched. Hackers used a stolen key to attack Treasury workstations.
-
AT&T, Verizon say they evicted Salt Typhoon from their networks
Two of the largest telecom providers in the U.S. said the China-government sponsored threat group is no longer embedded in their networks.
-
US Treasury office sanctions firm connected to state-sponsored Flax Typhoon threat group
A Beijing-based cybersecurity company, Integrity Technology Group Inc., is linked to years of exploitation activity targeting U.S. critical infrastructure.
-
What companies need to help secure AI
Experts say MLOps will bridge the gap between development and operations, creating room for the inclusion of security and privacy practices, too.
-
Censys researchers warn 8,600 BeyondTrust instances still exposed
As authorities investigate a December attack spree, the researchers added the caveat that not all instances are considered vulnerable.
-
SEC cybersecurity enforcement outlook uncertain as Trump 2.0 looms
With issues such as cryptocurrency and climate change facing the next SEC chair, it’s unclear whether rolling back cybersecurity rules will be high on the priority list.
-
Cyber leaders are bullish on generative AI despite risks: report
Executives say they would overhaul tooling in exchange for better generative AI capabilities, according to a CrowdStrike survey.
-
Hackers leaked data from Rhode Island ransomware attack, officials warn
A criminal threat group had previously threatened to leak sensitive data from a Deloitte-managed social services database.
-
Treasury Department says state-linked hacker gained access to unclassified data in major attack
The compromise of agency workstations is linked to a previously disclosed compromise of certain BeyondTrust customers.
-
White House says 9th telecom company hit in Salt Typhoon spree
A senior official blamed the intrusions on lax security and said in one case the compromise of a single administrator account led to access of over 100,000 routers.
-
BeyondTrust customers hit by wave of attacks linked to compromised API key
The cybersecurity vendor said an attacker compromised its access-management tool and reset customer passwords.
-
Researchers warn of active exploitation of critical Apache Struts 2 flaw
Exploitation activity was observed about a week after the CVE was disclosed.
-
Ascension cyberattack exposes data from 5.6M people
The breach is the third largest reported to a portal managed by federal regulators this year.
-
Mandiant traces Cleo file-transfer exploits back to October
The threat intelligence firm observed deployment of backdoors, but has not seen mass data theft thus far.
Updated Dec. 19, 2024 -
CISA mobile security advice gets personal in wake of telecom intrusions
The agency’s recommendations are not for the technically inept. Yet the extraordinary measures, including the use of encrypted apps, are applicable to all audiences.
-
Flagstar fined $3.5M for ‘misleading’ after 2021 cyberattack
The bank “negligently made” materially misleading statements after a hack that resulted in the theft of 1.5 million customers’ personally identifiable information.
-
Rhode Island officials warn residents as ransomware group threatens social services data leak
The personal data of hundreds of thousands of vulnerable residents is at risk after a threat group attacked a state social services database.
-
CISA orders federal agencies to meet security baselines in Microsoft 365
The mandate to secure cloud environments is responsive to recent cybersecurity incidents, but not one specific threat, agency officials said.
Updated Dec. 18, 2024