The Latest
-
98% of organizations worldwide connected to breached third-party vendors
A report by SecurityScorecard shows the extent to which third- and fourth-party relationships increase the risk of cyberattacks.
-
Microsoft disables phishing campaign after researchers flag OAuth app abuse
Proofpoint researchers uncovered a malicious campaign where threat actors abused Microsoft’s “verified publisher” status and tricked executives into granting permissions.
-
GitHub resets code signing certificates following breach
The incident closely follows a series of indirect source code repository breaches impacting Slack and Okta.
-
Companies face data privacy maze, skills gap
New state privacy laws coming into effect could add pressure for companies trying to navigate the changing regulatory landscape.
-
On deck for the business of cybersecurity: Fire sales and due diligence
Enterprise cybersecurity is navigating market turmoil and vendor consolidation. Here’s what experts expect to happen to the industry in 2023.
-
CISOs to face new budget hurdles in 2023 as economic anxiety lingers
Boards and the C-suite still see cybersecurity as a cost center, forcing CISOs to rethink their approach amid a rise in cost cutting.
-
Box CEO on the ‘perfect storm’ of challenges in cybersecurity
“These are very, very complicated, dynamic, chaotic times on the security front,” Aaron Levie said.
-
Deep Dive
A first-hand look inside Walmart’s robust security operations
The retail behemoth invited a handful of journalists to its tech offices in Bentonville, Arkansas. The scope of Walmart’s operations speaks to the lengths enterprises must go to remain secure.
-
Microsoft surpasses $20B in security revenue as enterprise customers consolidate
The company’s cybersecurity business is growing, but CEO Satya Nadella warned that customers, in an uncertain economy, are exercising caution.
-
Most data breach notices lacked detail in 2022
Organizations were not forthright with the causes or potential risks stemming from disclosed incidents.
-
CISA’s public-private cyber collaborative to focus on energy, water
The Joint Cyber Defense Collaborative dedicated its 2023 agenda to particularly vulnerable sectors and open source use in industrial systems.
-
Industrial organizations may worry too much about ICS vulnerabilities
The pressure to constantly patch is more likely to damage industrial plants, Dragos CEO Robert M. Lee said.
-
Threat actors are using remote monitoring software to launch phishing attacks
A joint warning from CISA, the NSA and MS-ISAC warns APT actors could leverage legitimate tools using help-desk themed lures to gain persistence.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA issues baseline cybersecurity recommendations for K-12 schools
Insufficient funding and IT staffing levels make many CISA recommendations difficult for K-12 schools to achieve.
-
Exchange Server under pressure as opportunistic actors step up attacks
Bitdefender Labs warns threat actors are using the ProxyNotShell/OWASSRF exploit chains to launch attacks.
-
Opinion
Battle of the breach: Prioritizing proactive ransomware defense
Industry will soon face a reality where organizations are attacked every two seconds by threat actors that continue to evolve. So now what?
-
Breach hits GoTo, the parent company of LastPass
Damage caused by a cyberattack on a shared cloud storage service is adding to the fallout for both companies.
-
Los Angeles school system shifts timeline of ransomware attack
Post-breach investigations are complex. The timeline and scope of damage inflicted often change as investigations unfold.
-
Only half of companies have the budgets necessary to mitigate cybersecurity risks: study
A report from Neustar shows macroeconomic pressures are leading to a squeeze on IT security spending.
-
Almost half of critical manufacturing organizations face significant risk of data breach
A report presented at the World Economic Forum shows key sectors are under pressure from rising vulnerabilities and a slower rate of patching.
-
Ransomware attack against Yum! Brands follows several incidents targeting restaurant industry
Criminals see restaurants and mobile ordering apps as ripe targets for credential stuffing and financial fraud.
-
Experts question T-Mobile’s security culture as breach cycle churns
The gap between the threat actor’s intrusion and T-Mobile’s detection underscores multiple unresolved challenges.
-
T-Mobile breached again, 37M customer accounts exposed
The incident marks the latest in a series of data breaches, the worst of which occurred in August 2021 and exposed the data of at least 76.6 million people.
-
PayPal warns 35,000 customers of exposure following credential stuffing attack
Impacted customers were notified of the incident nearly a month after it was discovered. It’s unclear where or how customer account credentials were obtained.
-
Threat actors lure phishing victims with phony salary bumps, bonuses
Multiple campaigns underscore threat actors’ ability to shift tactics and target employees by exploiting current events and themes.