The Latest
-
Caesars Entertainment faces class action lawsuits following rewards database hack
At least four separate plaintiffs allege the company was negligent for allowing their sensitive personal data to be stolen in a social engineering attack by criminal threat groups.
-
CISA rolls dice on public service campaign to raise cyber awareness
The agency is hoping to get families and small businesses to adopt MFA, use stronger passwords and recognize phishing attacks.
-
Campbell Soup says summer cyberattack caused limited business impact
The company will incur some costs, but it considers the disruption nonmaterial.
-
AWS bets on accuracy in generative AI deployment race
The cloud giant is taking a full-stack approach to generative AI, which doubles down on security and reliable results.
-
MGM Resorts warns customers of fraud as it faces class action lawsuits
The plaintiffs claim the company was negligent for failing to protect customer data despite prior warnings about previous attacks.
-
Deep Dive
MOVEit mass exploit timeline: How the file-transfer service attacks entangled victims
The slow-moving disaster has ensnared some of the world's largest enterprises. Cybersecurity experts expect further damage to come.
Updated Sept. 25, 2023 -
Royal lurked in Dallas’ systems weeks before ransomware attack
The prolific threat actor gained initial access on April 7 and stole almost 1.2 TB of data before it deployed ransomware on May 3, city officials said in a post-attack report.
-
CISA urges use of memory safe code in software development
Unsafe programming languages, like C and C++, account for more than 70% of security vulnerabilities.
-
Average insider cyberthreat cost spikes 40% in 4 years
Outsmarting insiders is a “go-to tactic” for many cyberattackers looking to steal credentials and gain access to critical data, the Ponemon Institute found.
-
MGM Resorts says hotel, casino operations back up and running
The company was still working to restore online functionality for hotel reservations and rewards program users following a major cyberattack.
-
Cisco to buy Splunk for $28B
Forrester's Allie Mellen calls it a massive win for Cisco's security business, but said security leaders are concerned about potential SIEM quality degradation.
-
US is making headway on securing cyber infrastructure, commission says
While Cyberspace Solarium Commission leaders praised U.S. cybersecurity improvements, they said more work is needed to secure critical infrastructure.
-
AI is entering the enterprise application security tool stack
Reports from Gartner and Rackspace show a broad enterprise appetite to weave AI into the tool stack, especially across application security.
-
Clorox warns of product shortages a month after disclosing cyberattack
The household product maker said the incident damaged IT systems and will have a material effect on its fiscal Q1 performance.
-
FBI director urges private sector to work with the agency on cyber threats
Christopher Wray told attendees at Mandiant’s mWISE 2023 private sector assistance contributed to the success of several recent operations.
-
Deep Dive
Security has an underlying defect: passwords and authentication
Cyberattacks are fueled by the shortcomings of business authentication controls. Bad things happen when access falls apart and credentials land in the wrong hands.
-
SEC cyber disclosure rules: What’s the role of the CIO?
CIOs are on the front lines of managing the IT estate, making them a critical part of rapid incident response.
-
MGM, Caesars attacks raise new concerns about social engineering tactics
Multiple threat groups have employed the same criminal tool kit to target vulnerable systems.
-
5 steps organizations can take to counter IAM threats
Many organizations lean on identity and access management tools to perform credential management and authentication. But these systems aren’t foolproof.
-
Threat actors claim to have compromised MGM Resorts’ Okta environment
AlphV may have used tactics similar to social engineering attacks disclosed by Okta in regulatory filing.
-
6 stories on how SEC’s cyber rules are changing security response
As enforcement of the rules takes effect later this year, themes around how and when businesses will disclose security incidents will emerge.
-
MGM Resorts disruption linked to recent attacks against hospitality industry
Security researchers link the threat group Scattered Spider to a wave of malicious activity as Caesars Entertainment confirms social engineering attack in regulatory filing.
-
White House, federal cyber leaders pledge renewed support for open source security
CISA released a roadmap for open source software security as industry officials convened to map out additional steps to protect federal agencies and the larger ecosystem.
-
MGM Resorts discloses cyber incident in filing with SEC
Moody’s Investors Service called the cyber incident credit negative, and MGM is still taking steps to protect data and fully secure business operations.
-
Compromised credential use jumps 300% in cloud intrusions: IBM
Valid credentials are also a hot commodity in the cybercrime marketplace, accounting for the vast majority, almost 90%, of assets for sale on the dark web, IBM found.