The Latest
-
4 questions to ask after discovering a cyberattack
Identifying signs of an ongoing attack or backdoor deployment is nearly impossible for digital laggards.
-
Enterprises plan major investments as remote work escalates security risk: report
Companies face significant challenges in managing security as the work-from-home model moves from an emergency stopgap to a more permanent environment.
-
Patrick Lux via Getty Images
Is there too much transparency in cybersecurity?
Between information sharing, software accountability, or incident response and disclosures, companies have to find the disclosure sweet spot.
-
Scott Olson via Getty Images
BlackMatter gang targets Iowa agriculture cooperative in a test of critical infrastructure
Iowa-based New Cooperative, one of the largest grain suppliers in the state, is facing a demand to pay $5.9 million in ransom.
-
How to support overworked, understaffed security operations
Strapped for resources, companies can either have their security practitioners wear too many hats, or outsource the responsibilities.
-
Markus Spiske
What to know about software bill of materials
The Biden administration wants more transparency in the software supply chain. Will private industry join in?
-
Sean Gallup via Getty Images
Companies must develop operational plan for ransomware recovery
In the face of more frequent and sophisticated attacks, companies need to identify their most critical assets and work to limit cyberattack fallout.
-
Carol Highsmith. (2005). "Apex Bldg." [Photo]. Retrieved from Wikimedia Commons.
FTC warns app makers fall under breach notification rule
A breach must be reported regardless of whether it was the result of malicious action, the agency said. Any unauthorized access, including sharing information without consent, would trigger the rule.
-
David Ramos via Getty Images
Companies confident in cybersecurity despite growing threats: report
There's a perception of "safety in numbers," Beazley's survey found. "Time will tell if such high levels of confidence are well placed."
-
Brendan Smialowski / Stringer via Getty Images
Boards rethink incident response playbook as ransomware surges
Corporate boards are no longer rubber-stamping assurances from CIOs or CISOs but are bringing in outside experts, asking more questions and preparing for the risk of personal liability.
-
Sean Gallup via Getty Images
Cybersecurity drills don't have to be 'fight or flight,' training creators say
Cyber training has followed "a very dangerous path," the co-founders of Hook Security said. But a humorous approach may turn things around.
-
Bjork, Marten. Retrieved from Unsplash.
How companies can defend against credential theft
Unique passwords are the best defense against credential stuffing. But users, unless forced to act differently, will stick with what makes access easy.
-
gilaxia via Getty Images
Executives fail to make software supply chain security a priority, report finds
The disconnect between rhetoric and performance in the software development and security industries are part of an internal debate: Which sector should take the lead?
-
'Big game hunters': Ransomware groups target their perfect victim
Research from KELA found U.S. companies with upwards of $100 million in revenue are favored targets.
-
Photo by MART PRODUCTION from Pexels
What do tech workers want?
The COVID-19 pandemic proved that companies could accommodate flexible work and employees have more choice to join companies with better pay.
-
Joe Raedle via Getty Images
Fortinet credential drop linked to fissure in ransomware group
Researchers linked a new ransomware syndicate called Groove to the Fortinet VPN credential dump, following a rift involving affiliates of Babuk.
-
Jeenah Moon via Getty Images
Exploits underway for Microsoft zero day leveraging Office documents
Until a patch is developed, the company recommends disabling ActiveX in Internet Explorer. But Huntress researchers found the workaround is not functional in all cases.
UPDATED: Sept. 10, 2021 at 10:45 a.m. -
Permission granted by Screenshot via BlueVoyant
What ransomware negotiations look like
Fear can overwhelm the decision of whether to pay a ransom. But in negotiations, companies have to take a backseat.
-
InfoSec teams under pressure to compromise security for productivity: report
Younger workers are fueling a backlash against corporate security policies designed to protect companies from malicious attacks, a study from HP Wolf Security shows.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
A security expert's guide to the top-exploited vulnerabilities
The biggest and baddest ransomware groups love an easy vulnerability.
-
David Ramos via Getty Images
Cybersecurity discussion growing in regulatory filings
A surge in ransomware combined with an increase in M&A activity is raising the profile of cybersecurity as a key discussion point in public filings and discussions with investors.
-
Sean Gallup via Getty Images
REvil vanished from the internet. But ransomware attackers never fully disappear
The hacking group's absence left echoes of high-profile ransomware attacks in its wake. But few think the group is gone for good. Consider this a brief respite.
-
Cyber Command urges immediate patching for Atlassian Confluence bug
Atlassian Cloud customers are not impacted by the vulnerability.
-
Sean Gallup via Getty Images
Microsoft Exchange vulnerabilities targeted in ProxyShell attacks
Conti affiliates are now using ProxyShell exploits to target organizations during ransomware attacks, researchers found.
UPDATED: Sept. 7, 2021 at 10:04 a.m. -
Chip Somodevilla via Getty Images
Neuberger amplifies Labor Day ransomware fears
The FBI alerted the food and agricultural industries of the increased risk of ransomware attacks, citing a series of damaging incidents against farms and production facilities.
