The Latest
-
Ill-prepared against cyberattacks? You’re not alone, Cisco says
The cybersecurity readiness gap looms large, and smaller organizations were ranked the least prepared.
-
Ransomware gangs incite fear in victims to fuel attacks
Attacks involving data theft nearly doubled and harassment spiked 20 times by late 2022, Palo Alto Networks Unit 42 said.
-
Outlook zero-day still vulnerable to attackers with prior access, researchers find
Days after Microsoft issued a patch, researchers demonstrated that threat actors could still bypass the mitigation steps from within a network.
-
Zero-days fell by one-third in 2022, Mandiant says
Zero-day vulnerabilities in security, IT and network management products, which are consistently connected to the internet, claimed nearly 1 in 5 exploits.
-
Security drives software purchases for half of US companies
The study from Capterra comes weeks after the U.S. rolled out plans to shift liability for weak product security onto the tech industry.
-
Global cybersecurity spending to top $219B this year: IDC
Persistent cyberattack threats, increased regulations and the demands of hybrid work are driving sustained growth.
-
SEC proposes cybersecurity disclosure rules for financial industry specialists
The changes would require broker-dealers and other entities to adopt written plans to minimize risk and promptly disclose major incidents.
-
Google Cloud joins FS-ISAC’s critical providers program to share threat intel
The move is part of a wider industry effort to enhance supply chain security in the financial services sector.
-
Outlook zero day linked to critical infrastructure attacks
State-linked actors have targeted oil and gas, transportation and defense industries in Europe.
-
Cybersecurity market confronts potential consequences of banking crisis
Bank seizures impose new challenges on vendors in every segment and may spur consolidation.
-
Retrieved from Wawa website.
Wawa to pay up to $28.5M in data breach settlement
The chain’s latest payout will go to the financial institutions involved in the 2019 incident, continuing a series of payments it has made to customers and states over the past year.
-
MKS Instruments hit by class-action litigation following ransomware attack
The company, a supplier to the semiconductor industry, has begun to recover its production capabilities and is working to upgrade its cyber defenses.
-
Ransomware hit critical infrastructure hard in 2022, FBI says
Many ransomware attacks go unreported to law enforcement, making it difficult for authorities to assess the full scope of impact.
-
Bank failure panic fuels moment of opportunity for threat actors
As regulators step in to operate Silicon Valley Bank, threat hunters and security executives warned organizations to look out for malicious activity.
-
CISA launches ransomware warning pilot for critical infrastructure providers
The agency already warned dozens of organizations about ProxyNotShell.
-
SVB turmoil could mean long-term uncertainty for enterprise IT
The demise of Silicon Valley Bank created a void in tech startup funding and raises questions about the health of the vendor ecosystem.
-
Shift to secure-by-design must start at university level, CISA director says
Jen Easterly says secure coding and memory safety should be incorporated into computer science curriculum.
-
CSO vs. CISO: What’s the difference and does it matter?
The person in charge of physical security used to monitor keys and supervise guards. Now, the physical and digital are colliding.
-
Deep Dive
Hacking healthcare: With 385M patient records exposed, cybersecurity experts sound alarm on breach surge
Healthcare companies must harden their defenses, but it may require regulators and lawmakers to raise the bar on security standards, experts say.
-
Blackbaud to pay $3M to settle SEC charges of a misleading ransomware investigation
The regulator said the cloud-based software provider made misleading disclosures about the scope of a 2020 ransomware attack.
-
GitHub to begin rollout of 2FA security upgrade for developers
The enhancement is part of a wider series of security measures following a series of malicious cyberattacks.
-
CrowdStrike grows subscriber base as customers consolidate security services
CEO George Kurtz took more shots at Microsoft as CrowdStrike draws customers looking to eliminate multiple vendors.
-
How will the government enforce the national cyber strategy?
Efforts to enact laws and regulations that impose greater responsibility on the technology sector aren’t likely to come quick or easy.
-
Worried about data breaches? Blame the information sector
Three in five records exposed in a data breach last year came from software, telecom, data processing and web hosting companies, Flashpoint found.
-
TSA unveils emergency cybersecurity requirements for airlines, airports
The requirements follow the release of the Biden administration’s national cybersecurity strategy, which includes enhanced measures for critical infrastructure.