The Latest

  • The dome of U.S. Capitol is seen framed by trees.
    Image attribution tooltip
    Dan Zukowski/Cybersecurity Dive
    Opinion

    6 things businesses need to know about the changing privacy landscape

    New bills are proposed every day, and while only a few will become official policy, there may be important trends that impact businesses.

  • Optus signage displayed at a store in Melbourne, Australia.
    Image attribution tooltip
    Scott Barbour via Getty Images

    Australia’s second-largest wireless carrier suffers major cyberattack

    Optus pinned the blame on a sophisticated threat actor and expressed concern about potential phishing attacks against its customers.

  • A lit Microsoft log seen above a group of people in shadow.
    Image attribution tooltip
    Jeenah Moon via Getty Images

    Malicious OAuth applications used to control Exchange tenants in sweepstakes scam

    Microsoft researchers said a threat actor launched credential-stuffing attacks against high-risk accounts that failed to deploy multifactor authentication.

  • Cell phone or mobile service tower in forested area of West Virginia providing broadband service
    Image attribution tooltip
    BackyardProduction via Getty Images

    How common telecom cyber risks snowball in cloud, open source

    Public cloud plays a central role in the modernization of wireless networks. But more open source software, vendors and vulnerabilities could spell trouble.

  • A young student walks between two lines of people holding pom-poms and high-fiving. A yellow school bus is in the background
    Image attribution tooltip
    Permission granted by Cincinnati Public Schools

    The tools and strategies schools need for ransomware defense

    CISOs empathize with the unenviable position schools are in as they confront ransomware. The right capabilities could make a big difference.

  • Concept with expert setting up automated software on laptop computer.
    Image attribution tooltip
    NicoElNino via Getty Images

    Organizations rapidly shift tactics to secure the software supply chain

    Synopsys’ 13th annual BSIMM study shows rapid increases in automation and use of SBOMs among software producers and other organizations.

  • Young Woman Writing Code on Desktop Computer in Stylish Loft Apartment in the Evening.
    Image attribution tooltip
    gorodenkoff via Getty Images

    ‘Shift-left’ software strategy challenged by security and compliance

    Developer burnout and supply chain concerns mount as companies push to begin software testing early in the development process.

  • A view showing the skyscrapers of downtown Los Angeles with a freeway full of traffic in the foreground.
    Image attribution tooltip
    Mario Tama via Getty Images

    Ransom demand escalates fallout from Los Angeles schools cyberattack

    The Los Angeles school district hasn’t responded to the demand, following the advice of federal authorities. The stakes are high as sensitive data may hang in the balance.

  • Cyberattack and internet crime, hacking and malware concepts.
    Image attribution tooltip
    Techa Tungateja via Getty Images

    Stolen single sign-on credentials for major firms available for sale on dark web

    Stolen SSO credentials are available for half of the top 20 public companies, and 25% of the entire S&P 500, BitSight found.

  • Image attribution tooltip
    Mario Tama via Getty Images

    Morgan Stanley fined $35M by SEC over improper data disposal

    The bank hired a company with no data-destruction experience to decommission hard drives and servers, which were sold to a third party and auctioned with some unencrypted customer data intact, the regulator found.

  • Closeup of an Uber sign on the rear window of a car in the rain.
    Image attribution tooltip
    Justin Sullivan via Getty Images

    Uber details how it got hacked, claims limited damage

    While there's no evidence the rideshare company's codebase was altered, the attacker did gain access to Slack, vulnerability reports and financial data.

  • The Capital One flag flies over its headquarters March 13, 2006 in Mclean, Virginia.
    Image attribution tooltip
    Mark Wilson via Getty Images

    Capital One freed from consent order tied to 2019 breach

    The Office of the Comptroller of the Currency determined the bank had reached a level of “safety and soundness” no longer requiring extra oversight regarding a leak of 106 million customers’ data.

  • American Airlines jet taking off from an airport runway.
    Image attribution tooltip
    Joe Raedle / Staff via Getty Images

    American Airlines targeted by threat actor in July data incident

    The airline has notified customers about the potential release of personal data, but said there is no evidence of the data being misused. 

  • An image of the White House.
    Image attribution tooltip
    Vacclav/iStock via Getty Images

    White House guidance on third-party software seen as a major test of cyber risk strategy

    The U.S. hopes that by forcing software producers to meet a set of minimum security standards for federal use, a new baseline strategy will be adopted industrywide. 

  • Anne Neuberger, deputy national security advisor for cyber and emerging technology, speaks at the White House.
    Image attribution tooltip
    Drew Angerer via Getty Images

    US government rejects ransom payment ban to spur disclosure

    Federal authorities strongly discourage organizations from paying ransoms, but Anne Neuberger of the National Security Council explains why it decided against a ban.

  • A photo illustration of LastPass logos on a hard drive disk held in someone's hand.
    Image attribution tooltip
    Leon Neal via Getty Images

    LastPass says it contained August breach, leaving customer data and vaults secure

    After investigating alongside Mandiant, the widely used password manager has enhanced a number of security protocols in response to the four-day incident.  

  • Uber Reportedly Loses Over $1 Billion In First Half Of 2016
    Image attribution tooltip
    Justin Sullivan / Staff via Getty Images

    Threat actor breaches many of Uber’s critical systems

    After duping an employee into providing their password, the attacker claims it gained access to Uber’s cloud infrastructure and sensitive data.

  • Industrial equipment (pipes, manometer/pressure gauge, levers, faucets, indicators) in a natural gas compressor station.
    Image attribution tooltip
    Cat Eye Perspective via Getty Images

    Industrial control systems face more cyber risks than IT, expert testifies

    Most ICS technology was designed more than 20 years ago and built without cyber resilience, Idaho National Laboratory's Vergle Gipson said. 

  • Cloud Network Solution digital background. Cyber Security and Cloud Technology Concept
    Image attribution tooltip
    da-kuk via Getty Images

    Microsoft cloud security exec challenges organizations to ditch outdated practices

    Modern systems and modes of attack demand a dynamic and realistic security strategy, Shawn Bice said. The problem can be managed, not solved.

  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

    CISA can’t definitively say if ransomware is getting better or worse

    Organizations can be unwilling to notify government officials when ransomware intrusions occur, but that simple act might prevent the next attack.

  • A stack of $20 U.S. bills lay on top of a scattering of more $20 bills.
    Image attribution tooltip
    Maksym Kapliuk via Getty Images

    State education leaders prioritize cybersecurity, but lack funding

    In a survey by the State Educational Technology Directors Association, 57% of respondents said their state provides a low amount of funding for cybersecurity.

  • A photo of the White House.
    Image attribution tooltip
    PorqueNoStudios/iStock via Getty Images

    White House sets minimum security standards for federal software use

    The Office of Management and Budget is requiring agencies to get a self-attestation from software producers showing compliance with NIST guidance.

  • Golden circuit cloud showing cloud computing technology
    Image attribution tooltip
    PhonlamaiPhoto via Getty Images

    Cloud security pros expect elevated risk for serious data breaches

    Just one out of five cybersecurity and engineering professionals escaped the previous year without incident.

  • Picture of a cybersecurity lock
    Image attribution tooltip
    iStock via Getty Images

    Security vendor consolidation a priority for majority of organizations worldwide

    Gartner research shows a surge in organizations that want to reduce the complexity of their security stacks.

  • Sen. Angus King was part of a panel with Suzanne Spaulding and Mike Montgomery at the Billington CyberSecurity Summit in Washington D.C.
    Image attribution tooltip
    Courtesy of Billington CyberSecurity Summit

    US is shoring up gaps in cyber policy, but critical goals remain unfulfilled

    Legislators say the Cyberspace Solarium Commission led to significant national security enhancements, but analysts are calling for urgent momentum on a federal law on data privacy and security.