The Latest
-
scyther5 via Getty Images
98% of organizations worldwide connected to breached third-party vendors
A report by SecurityScorecard shows the extent to which third- and fourth-party relationships increase the risk of cyberattacks.
-
sdecoret via Getty Images
Microsoft disables phishing campaign after researchers flag OAuth app abuse
Proofpoint researchers uncovered a malicious campaign where threat actors abused Microsoft’s “verified publisher” status and tricked executives into granting permissions.
-
Suebsiri via Getty Images
GitHub resets code signing certificates following breach
The incident closely follows a series of indirect source code repository breaches impacting Slack and Okta.
-
Vertigo3d via Getty Images
Companies face data privacy maze, skills gap
New state privacy laws coming into effect could add pressure for companies trying to navigate the changing regulatory landscape.
-
aiisha5 via Getty Images
On deck for the business of cybersecurity: Fire sales and due diligence
Enterprise cybersecurity is navigating market turmoil and vendor consolidation. Here’s what experts expect to happen to the industry in 2023.
-
MicroStockHub via Getty Images
CISOs to face new budget hurdles in 2023 as economic anxiety lingers
Boards and the C-suite still see cybersecurity as a cost center, forcing CISOs to rethink their approach amid a rise in cost cutting.
-
Justin Sullivan/Getty Images via Getty Images
Box CEO on the ‘perfect storm’ of challenges in cybersecurity
“These are very, very complicated, dynamic, chaotic times on the security front,” Aaron Levie said.
-
Naomi Eide/Cybersecurity Dive
Deep DiveA first-hand look inside Walmart’s robust security operations
The retail behemoth invited a handful of journalists to its tech offices in Bentonville, Arkansas. The scope of Walmart’s operations speaks to the lengths enterprises must go to remain secure.
-
Jeenah Moon via Getty Images
Microsoft surpasses $20B in security revenue as enterprise customers consolidate
The company’s cybersecurity business is growing, but CEO Satya Nadella warned that customers, in an uncertain economy, are exercising caution.
-
solarseven via Getty Images
Most data breach notices lacked detail in 2022
Organizations were not forthright with the causes or potential risks stemming from disclosed incidents.
-
Thinkhubstudio via Getty Images
CISA’s public-private cyber collaborative to focus on energy, water
The Joint Cyber Defense Collaborative dedicated its 2023 agenda to particularly vulnerable sectors and open source use in industrial systems.
-
Scott Olson via Getty Images
Industrial organizations may worry too much about ICS vulnerabilities
The pressure to constantly patch is more likely to damage industrial plants, Dragos CEO Robert M. Lee said.
-
gorodenkoff via Getty Images
Threat actors are using remote monitoring software to launch phishing attacks
A joint warning from CISA, the NSA and MS-ISAC warns APT actors could leverage legitimate tools using help-desk themed lures to gain persistence.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA issues baseline cybersecurity recommendations for K-12 schools
Insufficient funding and IT staffing levels make many CISA recommendations difficult for K-12 schools to achieve.
-
TU IS via Getty Images
Exchange Server under pressure as opportunistic actors step up attacks
Bitdefender Labs warns threat actors are using the ProxyNotShell/OWASSRF exploit chains to launch attacks.
-
Suebsiri via Getty Images
Opinion
Battle of the breach: Prioritizing proactive ransomware defense
Industry will soon face a reality where organizations are attacked every two seconds by threat actors that continue to evolve. So now what?
-
sdecoret via Getty Images
Breach hits GoTo, the parent company of LastPass
Damage caused by a cyberattack on a shared cloud storage service is adding to the fallout for both companies.
-
Stein Photo via Getty Images
Los Angeles school system shifts timeline of ransomware attack
Post-breach investigations are complex. The timeline and scope of damage inflicted often change as investigations unfold.
-
Yuri Arcurs via Getty Images
Only half of companies have the budgets necessary to mitigate cybersecurity risks: study
A report from Neustar shows macroeconomic pressures are leading to a squeeze on IT security spending.
-
gorodenkoff via Getty Images
Almost half of critical manufacturing organizations face significant risk of data breach
A report presented at the World Economic Forum shows key sectors are under pressure from rising vulnerabilities and a slower rate of patching.
-
Courtesy of Taco Bell
Ransomware attack against Yum! Brands follows several incidents targeting restaurant industry
Criminals see restaurants and mobile ordering apps as ripe targets for credential stuffing and financial fraud.
-
Justin Sullivan/Getty Images via Getty Images
Experts question T-Mobile’s security culture as breach cycle churns
The gap between the threat actor’s intrusion and T-Mobile’s detection underscores multiple unresolved challenges.
-
Justin Sullivan via Getty Images
T-Mobile breached again, 37M customer accounts exposed
The incident marks the latest in a series of data breaches, the worst of which occurred in August 2021 and exposed the data of at least 76.6 million people.
-
Sean Gallup via Getty Images
PayPal warns 35,000 customers of exposure following credential stuffing attack
Impacted customers were notified of the incident nearly a month after it was discovered. It’s unclear where or how customer account credentials were obtained.
-
Philip Steury via Getty Images
Threat actors lure phishing victims with phony salary bumps, bonuses
Multiple campaigns underscore threat actors’ ability to shift tactics and target employees by exploiting current events and themes.
