The Latest
-
insagostudio via Getty Images
Encevo stays resilient post-attack, but it’s still assessing the data damage
The Luxembourg energy supplier’s ability to thwart a shutdown likely empowered its refusal to pay a ransom.
-
Justin Sullivan via Getty Images
Twitter vulnerability risk resurfaces, testing the security of pseudonymous users
A threat actor learned of the vulnerability, which allowed an account identity to be exposed by entering a simple email or phone number.
-
Leon Neal via Getty Images
Slack resets passwords en masse after invite link vulnerability
The bug, which went undetected for five years, impacts at least 60,000 users but likely more.
-
WhataWin via Getty Images
The 11 most-prevalent malware strains of 2021 fuel cybercrime
Cybercriminals remain the most prolific users of malware, wielding these top strains to deliver ransomware and steal data.
-
Stefan Zaklin via Getty Images
US must take a lead role in cyber diplomacy, State Dept. nominee says
Nathaniel Fick told lawmakers the U.S. should promote international cyber norms to protect national security from authoritarian threats.
-
Chip Somodevilla / Staff via Getty Images
White House to incorporate performance metrics into national cybersecurity strategy
The Office of the National Cyber Director is working across multiple federal agencies and private sector partners to set priorities and assess effectiveness.
-
Hospitals have low level of accountability for connected device breaches
Only an average of 3.4% of hospitals’ IT budgets are being spent on device security, a recent survey shows.
-
anyaberkut via Getty Images
Ransomware defense guidance risks hang-ups under many steps
Small and mid-sized businesses don’t typically have the resources to meet every safeguard. But every action, however small, helps.
-
Chainarong Prasertthai via Getty Images
Threat actors hide malware in legitimate — and high profile — applications
Researchers from VirusTotal show how attackers use social engineering techniques to launch malicious attacks behind trusted applications.
-
matejmo via Getty Images
VMware discloses new authentication bypass vulnerability
The virtualization giant advised customers to immediately deploy patches and said it’s not aware of any exploitation in the wild.
-
DKosig via Getty Images
Initial access brokers selling online access to unsuspecting MSPs
The ads for initial access to MSPs follow warnings from the FBI, CISA and intelligence partners from the Five Eyes.
-
JZ Hunt via Getty Images
Luxembourg energy supplier Encevo hit by ransomware attack
The group behind the attack threatened to leak more than 150 gigabytes of sensitive data on Monday.
-
vchal via Getty Images
Most cyberattacks come from ransomware, email compromise
Attackers are scanning for vulnerabilities in unpatched systems within 15 minutes, stressing the pace and scale of the threat.
-
Asia-Pacific Images Studio via Getty Images
OpinionTips for translating cyber risk into board-friendly language
Just because boards are more aware of the rise in cyberattacks does not mean they understand how digital technology and cybersecurity translate into business risk.
-
Motortion via Getty Images
Threat actors shifting tactics as Microsoft blocks, unblocks and reblocks macros
Proofpoint researchers say criminal hackers are turning to container files and Windows shortcuts to distribute malware.
-
Traitov/iStock/Getty via Getty Images
Data breach costs spread downstream, IBM says
Nearly half of all organizations studied by IBM have minimal or no cloud security practices in place.
-
sestovic via Getty Images
Entrust acknowledges June cyberattack, remains tight-lipped on the details
The cybersecurity vendor has yet to disclose how the incident occurred, the type of data stolen and if ransomware was involved.
-
Retrieved from Jen Easterly/CISA.
CISA expands cyber relationship with Ukraine authorities
The agreement formalizes closer ties between Ukraine and the key U.S. cybersecurity agency after the war with Russia led to increased threat activity.
-
Chainarong Prasertthai via Getty Images
Mandiant red team breaches OT servers to mimic crime group techniques
Researchers are not aware of financially motivated actors using these techniques in the wild.
-
Noah Berger/Getty Images via Getty Images
AWS wants to be an enterprise security strategy advisor
The cloud giant advised customers to focus on specific needs, and rely on embedded defenses running automatically behind the scenes.
-
Layla Bird via Getty Images
Relentless vulnerabilities and patches induce cybersecurity burnout
Cybersecurity professionals are confronting a chronic vulnerability-patch cycle and the situation is getting worse.
-
Drew Angerer via Getty Images
Uber reaches non-prosecution deal with feds after concealing data breach
The ride-sharing firm had been under investigation by the Federal Trade Commission, when the 2016 data breach occurred, an event undisclosed until new management entered the picture.
-
marchmeena29 via Getty Images
Breach rule would give credit unions longer reporting window than banks
The 72-hour timeframe falls in line with the Critical Infrastructure Act that President Joe Biden signed in March, but is twice as long as the reporting window banks have had to comply with since May.
-
Justin Sullivan via Getty Images
Google backs federal review board's Log4j, open source security push
The technology firm said it will continue investments and engage in more secure software practices to help prevent a future crisis similar to Log4j.
-
Justin Sullivan/Getty Images via Getty Images
T-Mobile agrees to $500M settlement for 2021 cyberattack
The wireless carrier suffered a massive data breach in the summer of 2021, the fifth publicly acknowledged incident of its type in three years.
