The Latest

  • SEC logo is on display outside its building in Washington, D.C.
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    MOVEit legal liabilities, expenses pile up for Progress Software

    The prospective financial hit from a widely exploited vulnerability in the file-transfer service is growing. Progress confronts lawsuits, regulator scrutiny and government investigations.

  • Young businessman working alone at his desk on desktop computer in an open space modern coworking office.
    Image attribution tooltip
    .shock via Getty Images
    Image attribution tooltip

    Risk escalates as communication channels proliferate

    The chance of losing data to a breach rises in tandem with the number of channels — like email and file sharing — that an organization uses.

  • Snowflake office building in San Mateo, CA.
    Image attribution tooltip
    Permission granted by Snowflake
    Image attribution tooltip

    Snowflake allows admins to enforce MFA as breach investigations conclude

    Three months after an attacker targeted more than 100 customer environments, Snowflake is making it easier for existing customers to enforce MFA, but it isn’t requiring it.

  • Shot of a young businesswoman looking stressed while using a laptop during a late night at work.
    Image attribution tooltip
    Layla Bird via Getty Images
    Image attribution tooltip

    As CISOs grapple with the C-suite, job satisfaction takes a hit

    Research found CISO job satisfaction has direct ties to how much — or little — access security leaders have to company management.

  • Image attribution tooltip
    Drew Angerer via Getty Images
    Image attribution tooltip

    Critical infrastructure providers seek guardrails on scope, timeline for CIRCIA rules

    In a last-minute push, critical infrastructure stakeholders urged federal officials to give more flexibility on the detail required during the first 72 hours of covered cyber incidents.

  • Car dealership.
    Image attribution tooltip
    Mario Tama/Staff/Getty Images News via Getty Images
    Image attribution tooltip

    Sonic Automotive’s sales dip as CDK cyberattack causes material impact

    The company reported ongoing service disruptions and said vehicle sales declined after an attack on a third-party vendor.

  • Rendering of digital data code in safety security technology concept.
    Image attribution tooltip
    iStock/Getty Images Plus via Getty Images
    Image attribution tooltip

    Microsoft warns of elevated risk in Rockwell Automation PanelView Plus CVEs

    Microsoft researchers warn the vulnerabilities can be exploited, potentially resulting in remote code execution and denial of service.

  • Workers in a HubSpot office
    Image attribution tooltip
    Courtesy of HubSpot
    Image attribution tooltip

    HubSpot reports nearly 50 customer accounts compromised

    The customer relationship management vendor said it notified all impacted customers, but it has not publicly disclosed how attackers gained unauthorized access.

  • A bicyclist rides by a sign that is posted in front of the Cisco Systems headquarters on August 10, 2011 in San Jose, California.
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Cisco Nexus devices zero day raises alarms despite CVSS score

    Though the NX-OS CVE only has a 6.0 score, a suspected espionage actor is deploying custom malware to exploit a command injection vulnerability in a range of switching devices.

  • Macquarie v Moab
    Image attribution tooltip
    Kevin Dietsch / Staff via Getty Images
    Image attribution tooltip

    Supreme Court ruling on Chevron doctrine may upend future cybersecurity regulation

    Experts expect new legal challenges against numerous agency cybersecurity requirements, including incident reporting mandates and rules governing critical infrastructure sectors.

    Updated July 8, 2024
  • New cars parked at a dealership.
    Image attribution tooltip
    Bilanol/iStock/Getty Images Plus via Getty Images
    Image attribution tooltip

    CDK eyes service restoration for all car dealers by Fourth of July

    The software vendor is critical to the automotive retail supply chain. A systemwide outage following a cyberattack has impacted more than 15,000 car dealers since June 19.

  • Cars are parked in a multistory garage.
    Image attribution tooltip
    dies-irae via Getty Images
    Image attribution tooltip

    Cybersecurity is now a top concern for auto industry, report finds

    Automotive leaders fear exposure to threats will worsen as the sector invests more in technology to drive efficiencies, Rockwell Automation found.

  • TeamViewer office headquarters.
    Image attribution tooltip
    Courtesy of TeamViewer
    Image attribution tooltip

    TeamViewer’s IT network breached through compromised employee credentials

    The remote access software provider said the impact of the attack from Midnight Blizzard was limited to its internal network and customer environments were not affected.

  • A closeup shot of long colorful lines of code on a computer screen.
    Image attribution tooltip
    Wirestock via Getty Images
    Image attribution tooltip

    700,000 OpenSSH servers vulnerable to remote code execution CVE

    The newly discovered vulnerability can be exploited by attackers to gain unauthenticated remote code execution with root privileges, Qualys researchers said.

  • Microsoft President and Vice Chair Brad Smith speaks April 12, 2023, at the Semafor World Economy Summit in Washington D.C.
    Image attribution tooltip
    Drew Angerer via Getty Images
    Image attribution tooltip

    Microsoft alerts additional customers of state-linked threat group attacks

    The company told customers the Midnight Blizzard attacks disclosed in January were more widespread than previously known.

  • Pumpjack in Fort Stockton, Texas.
    Image attribution tooltip
    Brandon Bell/Getty Image via Getty Images
    Image attribution tooltip

    Industrial cyberattacks fuel surge in OT cybersecurity spending

    Operators in mining, oil and gas, utilities and manufacturing are among the top spenders, according to ABI Research.

  • software, code, computer
    Image attribution tooltip

    Markus Spiske

    Image attribution tooltip

    Memory-unsafe code runs rampant in critical open-source projects

    CISA and the FBI are part of an international effort to eliminate memory-unsafe languages which were found in more than half of critical open-source projects.

  • Vehicles for sale at an AutoNation car dealership.
    Image attribution tooltip
    Mario Tama/Staff/Getty Images News via Getty Images
    Image attribution tooltip

    CDK restores service for small group of car dealers

    The software vendor said it will restore critical services in phases, but warned some integrations with third-party vendors might be delayed.

  • Binary code of ones and zeros
    Image attribution tooltip
    deberrar/Getty Images via Getty Images
    Image attribution tooltip

    Progress discloses more MOVEit CVEs, one year after 2023’s fiasco

    The enterprise software vendor and researchers have not observed active exploitation, but attempts are underway. Concerns are amplified by a spree of attacks that hit MOVEit last year.

    Updated June 27, 2024
  • A person goes over insurance options
    Image attribution tooltip
    time99lek via Getty Images
    Image attribution tooltip

    Cyber insurance terms drive companies to invest more in security, report finds

    Though recovery costs continue to outpace coverage, companies are investing in network security to lower premiums and yield better policy terms.

  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA warns chemical facilities of potential data theft

    The attack targeting the Chemical Facility Anti-Terrorism Standards program was linked to widely exploited vulnerabilities in Ivanti remote access VPNs.

  • A male IT specialist holds a laptop and discusses work with a female server technician in a data center, standing before a rack server cabinet with a cloud server icon and visualization.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Cloud security becoming top priority for companies worldwide

    Application sprawl and the sensitive nature of the data organizations place in the cloud is complicating security, Thales found.

  • Car dealership.
    Image attribution tooltip
    Mario Tama/Staff/Getty Images News via Getty Images
    Image attribution tooltip

    CDK cyberattack stalls industry as car dealers disclose widespread impacts

    The car dealership software vendor discovered a cyberattack June 19 and has told customers it will restore systems within days.

  • Cybersecurity professionals walk into the RSA Conference at the Moscone Center in San Francisco on May 6, 2024.
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive/Cybersecurity Dive
    Image attribution tooltip

    Is the cybersecurity industry ready for AI?

    As cybersecurity teams focus on how to thwart threat actors, they are missing the risks around the data they are sharing willingly.

  • Two technicians work on a solar panel as a drone flies overhead.
    Image attribution tooltip
    whyframestudio via Getty Images
    Image attribution tooltip

    Manufacturing cybersecurity at heart of new White House guidance

    The increased priority on security comes as more clean energy supply chains face the threat of a cyberattack.