The Latest
-
Deep Dive
CIOs turn to NIST to tackle generative AI’s many risks
Discover's CIO is one of many tech leaders working to limit generative AI missteps by turning to risk management frameworks to get deployment right from the outset.
-
ADT employee account data stolen in cyberattack
The alarm system company said an attacker accessed its network with compromised credentials obtained from an unnamed third party.
-
American Water Works investigates unauthorized cyber intrusion
The New Jersey-based utility said none of its water or wastewater operations were impacted by the hack.
-
Gender gap persists in cybersecurity field despite available opportunities
About half of women surveyed said they don’t feel like they would fit in or be able to be themselves, a Deloitte report said.
-
Counter Ransomware Initiative summit emphasizes arduous effort
An international collective of cyber officials continued discussions with the White House on how to counter ransomware attacks, reduce payments and increase response capabilities.
-
CISOs, C-suite remain at odds over corporate cyber resilience
Security and IT executives, more than a year after a SEC vote on incident disclosure, still face an uphill battle to articulate risk strategy.
-
Economic uncertainty cools CISO hiring and compensation growth
A report by IANS and Artico Search shows the pace of CISO hiring remained slow during the first half of 2024, but is beginning to ramp back up.
-
United Airlines leaned on real-time data to recover from the CrowdStrike outage
The airline modernized its technology foundations with better customer experiences in mind. Then, a major software outage underscored the importance of live data.
-
CISA’s vulnerability management program spotted 250 critical CVEs in 2023
The 51 federal civilian agencies involved in the program remediated 872 vulnerabilities last year, up 78% increase from 2022, according to CISA.
-
What’s next for CrowdStrike on the road to repair its reputation?
The cybersecurity vendor finds itself operating from a vulnerable position. Efforts to earn back trust are complex and some require industrywide support.
-
Ivanti up against another attack spree as hackers target its endpoint manager
Ivanti customers are facing a new series of exploitation attempts after the company pledged in April to launch a comprehensive overhaul of its internal security practices.
-
Phishing remains cloud intrusion tactic of choice for threat groups
The long-lasting effectiveness and success of phishing campaigns underscores the most central challenge in cybersecurity — people are the weakest link.
-
State CISOs up against a growing threat environment with minimal funding, report finds
A report by Deloitte and NASCIO warns that states do not have the resources necessary to fight state-backed and criminal threat groups.
-
Two-thirds of healthcare organizations hit by ransomware in past year: survey
Nearly 40% of healthcare organizations reported it took more than a month to recover after an attack, according to the survey by cybersecurity firm Sophos.
-
FCC reaches $31.5M settlement with T-Mobile over rash of data breaches
The company agreed to a major change in board-level governance and will make a series of upgrades to boost its cyber resilience.
-
Ransomware attacks surge despite international enforcement effort
Progress remains elusive as federal authorities point to ransomware payments inhibiting progress to reduce the volume and impact of attacks.
-
Top cybersecurity conferences to attend in 2025
Security experts from across sectors will come together to hear about the latest risk management strategies, novel hacking techniques, cyber governance and the technologies enterprises need to defend their networks.
-
CUPS vulnerability, a near miss, delivers another warning for open source
While a major crisis was averted, the disclosures may open up needed conversations about transparency and coordination, according to researchers.
-
Customers are done with passwords. Do businesses have a solution?
Research shows customers are frustrated with the login experience, and the friction can cost businesses customers.
-
A quartet of Linux CVEs draws exploit fears among open source community
Attackers can use the chained vulnerabilities to execute remote commands after a user initiates a print job.
-
MoneyGram faces backlog after cyberattack
The international wire transfer company has restarted some services since the incident, but is battling to fulfill transactions after taking its systems offline for much of the week.
-
For Google to reduce memory-safety defects, it focused on new code
Google’s experience provides software developers a roadmap to address one of the most persistent security problems: memory-safety CVEs.
-
CrowdStrike CEO pushes ‘resilient by design’ framework, promising changes
The cybersecurity vendor is embracing a new business framework to address security deployment lapses and the fragility of interconnected systems.
-
CISA again raises alarm on hacktivist threat to water utilities
The alert comes just days after an attack against a water treatment facility in Kansas.
-
CrowdStrike’s mea culpa: 5 takeaways from the Capitol Hill testimony
CrowdStrike was quick to apologize after a faulty content update triggered a global IT network outage. An executive detailed internal changes designed to prevent it from happening again.