The Latest
-
Drew Angerer via Getty Images
Boards, CISOs seek alignment on OT security challenges
CISOs at industrial companies should inform senior leadership of the unique risks and challenges of potential ransomware and supply chain attacks.
-
onurdongel via Getty Images
OpinionIt's time to focus on critical infrastructure systems security
Cyber-physical systems rely on legacy infrastructure and new, vulnerability-filled assets. The recipe has created an ideal attack surface for malicious actors.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
Ukraine tensions raise cyberthreats against US companies, critical infrastructure
CISA is urging companies to prepare for cyber activity as an offensive malware that can wipe hard drives clean spreads in Ukraine.
-
CIO involvement in security grows as CEOs target risk reduction
An IDG survey found security improvements are driving IT budget increases.
-
Win McNamee via Getty Images
Biden gives defense, intel agencies 180 days to apply MFA, encryption
The White House's memorandum builds on past requirements to bolster U.S. cyber standards. This time, the administration is targeting agencies that handle classified intelligence.
-
iStock / Getty Images Plus via Getty Images
Extracting portions of open source in software development threatens app security
While companies employ safeguards to detect flaws in applications, the likelihood of organizations running a complete database of all the places a vulnerability lives is slim.
-
Mario Tama via Getty Images
Log4j raises cyber risk for public finance entities, Fitch warns
Local agencies and critical sites face increased operational and financial risk as the vulnerability opens organizations to ransomware or other malicious activity.
-
DKosig via Getty Images
Cobalt Strike targets VMware Horizon after UK warnings of Log4Shell threats
Researchers say the threat emulation tool may endanger thousands of vulnerable servers.
-
Drew Angerer via Getty Images
Big tech pushes White House for open source funding, standards after Log4j
Technology officials are calling on cross-sector collaboration to prevent a recurrence of a Log4j-style security crisis.
-
Chip Somodevilla / Staff via Getty Images
Feds want businesses to report cyberattacks — the agency doesn't matter
The FBI's Bryan Vorndran compared a cyberattack to a house robbery: Law enforcement assists with attack response while CISA is representative of an alarm company tasked with prevention.
-
BackyardProduction via Getty Images
FCC seeks stronger breach reporting rules for telecoms
After massive breaches at T-Mobile and other telecoms, the proposed regulations would create faster consumer disclosure and mandate reporting of inadvertent cases.
-
Jeenah Moon via Getty Images
Microsoft pushes patch for wormable HTTP vulnerability, exploitation undetected so far
An attacker does not need to interact with a user or have privileged access to infect a system.
-
da-kuk via Getty Images
Google Drive, OneDrive top cloud apps for malware delivery: report
Netskope's findings are based on blocked malware, so the hacker's attempts to get a user to open a malicious download were initially successful.
-
Kevin Dietsch / Staff via Getty Images
Log4j threat activity limited, but CISA says actors lay in wait
Microsoft is warning about new activity from a threat actor exploiting the vulnerability in VMware Horizon to deploy ransomware.
-
Getty Images
Cloud security a shared responsibility. Where's the confusion?
The cloud meant replacing on-premise risks with a new kind risk. Some companies are unsure how to translate those responsibilities into actions.
-
Peter Macdiarmid via Getty Images
What happens if threat data isn't shared?
Threats only have meaning if companies decide they do; if an organization does not deem a threat serious enough, they can go unshared.
-
vchal via Getty Images
Log4Shell threat activity targeting VMware Horizon, UK researchers warn
NHS Digital warned unknown threat actors are targeting the servers in order to create web shells and enable future data theft, ransomware or other attacks.
-
rfranca via Getty Images
Phishing lures await in Google Docs comments
Email addresses are hidden when someone mentions a user in a comment, so the human instinct to question the legitimacy of the notification decreases.
-
metamorworks via Getty Images
Can SOAR technology help SOCs regain the advantage in threat detection?
Google's acquisition of Siemplify has placed a focus on whether automation can help restore balance in the fight against sophisticated attackers.
-
Poike via Getty Images
NY attorney general probes widespread credential stuffing, 17 companies affected
The OAG worked with the impacted companies to uncover how threat actors bypassed security safeguards, which led almost all the companies to strengthen security controls.
-
DKosig via Getty Images
The value of threat modeling in an evolving security landscape
The flow of information is more unpredictable than it was just a few years ago, so the threat modeling that was once used doesn't work today.
-
Leon Neal via Getty Images
What's at stake in a credential stuffing attack
Attackers gain a network foothold by using stolen credentials under the guise of an authenticated trusted employee or third party.
-
Carol Highsmith. (2005). "Apex Bldg." [Photo]. Retrieved from Wikimedia Commons.
FTC threatens enforcement on firms lax about Log4j vulnerability
The FTC warning underscores a commitment by federal regulators to ensure a more secure environment for enterprise and consumer software, according to legal experts and industry analysts.
-
peterschreiber.media via Getty Images
C-suite leaders are confident in ransomware protections, despite more attacks
While it's important for non-IT and security leaders to have buy-in, CISOs have the responsibility to level with their C-suite counterparts on the true threat of ransomware, (ISC)² research shows.
-
sefa ozel via Getty Images
Log4j activity expected to play out well into 2022
As industry returns from the holiday break, organizations are assessing potential security threats from Log4j, ranging from coin miners to hands-on-keyboard attacks.
