The Latest
-
State-linked hackers deploy macOS malware in fake job interview campaign
Actors linked to North Korea bypassed Apple security using malware called FlexibleFerret.
-
Ransomware payments fell 35% in 2024
Cyberattacks using ransomware spiked in the second half of the year, but fewer victims paid up.
-
Deloitte pays $5M in connection with breach of Rhode Island benefits site
The company agreed to cover expenses related to recovery from the December cyberattack.
-
Sophos completes $859M acquisition of Secureworks
The deal comes amid a flurry of recent merger and acquisition deals in the cybersecurity sector.
-
FDA, CISA warn about vulnerabilities in patient health monitors
Vulnerabilities in certain Contec and Epsimed patient monitors can allow people to gain access and potentially manipulate the devices, the FDA warned.
-
The cybersecurity outlook for 2025
Threat actors are exploiting known weak points and enterprises’ dependency across the tech stack. It’s making cybersecurity professionals’ jobs harder than ever before.
-
Security tool consolidation boosts efficiency, threat mitigation
A study from IBM shows the controversial shift to platformization can pay off for enterprises.
-
CISO stature gains traction as global cyber risk escalates
Security leaders are making inroads with corporate boards and now have a seat at the table with CEOs, a Splunk report shows.
-
What roadblocks await CISOs in 2025
Burnout seems certain as CISOs confront budget constraints, a heavy workload and job dissatisfaction.
-
Attackers exploit zero-day vulnerability in Zyxel CPE devices
Researchers say the manufacturer has yet to publicly disclose or patch the flaw.
-
Tech execs grapple with budget sinkholes as AI drives up spend
Unpredictable cloud bills, outdated software licenses and shadow IT frustrate FinOps efforts, according to Apptio.
-
Deep Dive
Network security tool defects are endemic, eroding enterprise defense
When malicious hackers exploit vulnerabilities in firewalls, VPNs and routers, it’s not the vendors that get hit — it’s their customers.
-
SonicWall SMA 1000 series appliances left exposed on the internet
The company last week confirmed attackers are actively exploiting a critical vulnerability in the devices.
-
Procter & Gamble operations unhindered by Blue Yonder disruption
The consumer goods company built an in-house solution to keep orders moving as its transportation management system provider navigated a ransomware attack.
-
SonicWall warns hackers targeting critical vulnerability in SMA 1000 series appliances
Researchers from Microsoft Threat Intelligence alerted the company to suspected threat activity.
-
UnitedHealth hikes number of Change cyberattack breach victims to 190M
The new estimate nearly doubles the company’s previous report of 100 million affected individuals, already the largest healthcare data breach ever reported to federal regulators.
-
Attackers lodge backdoors into Ivanti Connect Secure devices
Shadowserver scans found 379 compromised Ivanti Connect Secure devices. Researchers said the situation is serious and likely impacts more organizations.
-
BeyondTrust says 17 customers impacted by December cyberattack spree
State-linked hackers were linked to a series of attacks that led to the theft of unclassified data from the Treasury Department.
-
Government payments contractor Conduent confirms cyberattack impacts multiple states
The incident led to delays in processing child support payments in Wisconsin.
-
Ivanti zero-days chained together in at least 3 attacks, authorities warn
The vendor’s customers have confronted multiple attack sprees targeting zero-days spanning a variety of products.
-
Trump rescinds Biden executive order in AI regulatory overhaul
The directive, issued in October 2023, added guardrails for AI developers and bolstered guidance for businesses looking to adopt the technology.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by spainter_vfx via Getty Images
DHS disbands existing advisory board memberships, raising questions about CSRB
The Cyber Safety Review Board was investigating the hacks of U.S. telecom firms attributed to the Salt Typhoon threat group.
-
Google Cloud links poor credentials to nearly half of all cloud-based attacks
Cloud services with weak credentials were a prime target for attackers, often resulting in lateral movement attempts, a Google Cloud report found.
-
PowerSchool data breach brings claims of negligence, poor cyber hygiene
The K-12 software company is facing legal pushback and criticism following a cyberattack that impacted a still unknown number of districts.
-
HPE probes hacker claim involving trove of sensitive company data
The vendor said it has no immediate evidence of operational impacts or compromised customer data.