The Latest
-
DKosig via Getty Images
The value of threat modeling in an evolving security landscape
The flow of information is more unpredictable than it was just a few years ago, so the threat modeling that was once used doesn't work today.
-
Brandon Bell via Getty Images
Majority of US retailers, critical infrastructure unscathed after holiday cyber warnings
Industry averted a major cyber incident amid warnings from the FBI and CISA, though home furnishings retailer Ikea fought to contain a sophisticated phishing attack.
-
JuSun via Getty Images
2 community colleges close to recover from cyberattacks
Lewis and Clark Community College and Butler County Community College are closing their campuses as they restore their servers and systems.
-
sefa ozel via Getty Images
Opinion3 ways the cybercriminal business is changing
Now that ransomware has been thrust into the limelight, cybercriminals are adjusting their business models. Here is what enterprises need to know.
-
Poike via Getty Images
DDoS threats linger as peak holiday shopping begins
Slow or crashing websites can stem from failure to prepare, an unexpected bug or a denial-of-service attack, which have grown more severe this year, Cloudflare's Patrick Donahue said.
-
Spencer Platt via Getty Images
GoDaddy breach raises questions about how to secure identity in the enterprise
More than one million current and former WordPress customers had their data exposed by the attack, which could expose organizations to downstream phishing attacks and ransomware, security researchers said.
Updated Nov. 24, 2021 -
Dan Kitwood via Getty Images
Crypto becoming the preferred currency of cybercriminals and rogue governments
Authorities are turning the tables on cybercriminals by tracing the steps of illicit transactions and making it more difficult for ransomware operators to evade detection.
-
PeopleImages via Getty Images
Security disconnect: Why the CISO role is evolving
CISOs are too focused on security operations, writing policies or vendor management, and less involved in business strategy, where their time is better spent.
-
Chip Somodevilla / Staff via Getty Images
Recovering ransom payments could become routine for law enforcement
Backed by blockchain analysts and crypto-tracers, law enforcement agencies want to become more proficient in seizing ransomware-related funds.
-
vchal via Getty Images
Enterprises prepare for ransomware threats during Thanksgiving
Retail, transportation and other sectors are bracing for heightened cyber risks, placing renewed pressure on security operations.
-
Feds require banks to report cyberattacks within 36 hours
The rule, taking effect May 1, requires bank technology vendors to immediately notify customers if an incident disrupted services four hours or more.
Updated Nov. 19, 2021 -
Laurence Dutton via Getty Images
Gartner guidance moves away from prioritizing critical CVEs, focuses on exploitability
The analyst firm joined CISA in rethinking CVEs. Focusing on actively exploited vulnerabilities will exponentially improve security, a Gartner analyst said.
-
Adeline Kon for Cybersecurity Dive/Cybersecurity Dive
Deep DiveMarijuana is becoming more accepted. Will cybersecurity employers play along?
As more states legalize recreational use, employers in the public and private sectors may need to change how they hire for cybersecurity.
-
iStock / Getty Images Plus via Getty Images
What to consider when connecting cyber, business strategy
The common issue security and business leaders run into is miscommunication, Gartner's Jeffrey Wheatman said.
-
sestovic/E+/Getty via Getty Images
30K Microsoft Exchange Servers remain vulnerable to new tactics
Organizations have failed to patch widely exploited vulnerabilities, though patches were made available in the spring, Mandiant researchers found.
-
Getty via Getty Images
FBI justifies its decision to withhold Kaseya decryptor
The law enforcement agency prioritized the long-term benefits of a delay over the immediate decryption key release.
-
Dan Kitwood/Getty Images News via Getty Images
Companies urged to alert federal law enforcement in ransomware cases
A key official with the U.S. Secret Service says companies need to work with law enforcement agencies, who can help make critical decisions in disrupting illicit transactions.
-
Sean Gallup via Getty Images
Companies must develop operational plan for ransomware recovery
In the face of more frequent and sophisticated attacks, companies need to identify their most critical assets and work to limit cyberattack fallout.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by spainter_vfx via Getty Images
DHS makes cyber hiring more flexible, less certification-based
The new personnel management system has helped reduce hiring time by 13%, but it's not enough, CISA Director Jen Easterly said. It still takes at least 200 days to hire candidates.
-
Just_Super via Getty Images
Threat actor breaches HPE's Aruba Central via data repository access key
As more enterprise data moves to the cloud, security and data privacy remain paramount concerns.
-
Michael M. Santiago via Getty Images
Banks outpace other industries in cyber investments, defense strategies: report
The banking industry is actively investing in cyber defense and employing sound corporate governance practices to combat threats, Moody's found.
-
Sean Gallup via Getty Images
How much does phishing really cost the enterprise?
Ransomware and business email compromise are adding layers of risk, slowing productivity at U.S. companies.
-
Jon Cherry via Getty Images
K-12's decade-old cyber guidance needs updating, watchdog says
With K-12 considered critical infrastructure, the Government Accountability Office is calling for more guidance on the federal government's role in protecting schools.
-
iStock / Getty Images Plus via Getty Images
A year after SolarWinds, third-party risk still threatens the software supply chain
Digital transformation requirements have pressured organizations to introduce risk into their environments through open source or commercially available software.
-
CISOs: Approach the board with precision, simplicity
Executives from PepsiCo, Mandiant and Texas Children's Hospital honed the art of approaching the board. Their techniques leave stakeholders asking, "Do you need anything?"
