The Latest

  • Image attribution tooltip
    Drew Angerer via Getty Images

    Boards, CISOs seek alignment on OT security challenges

    CISOs at industrial companies should inform senior leadership of the unique risks and challenges of potential ransomware and supply chain attacks.

  • Image attribution tooltip
    onurdongel via Getty Images
    Opinion

    It's time to focus on critical infrastructure systems security

    Cyber-physical systems rely on legacy infrastructure and new, vulnerability-filled assets. The recipe has created an ideal attack surface for malicious actors. 

  • Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

    Ukraine tensions raise cyberthreats against US companies, critical infrastructure

    CISA is urging companies to prepare for cyber activity as an offensive malware that can wipe hard drives clean spreads in Ukraine.

  • CIO involvement in security grows as CEOs target risk reduction

    An IDG survey found security improvements are driving IT budget increases. 

  • Image attribution tooltip
    Win McNamee via Getty Images

    Biden gives defense, intel agencies 180 days to apply MFA, encryption

    The White House's memorandum builds on past requirements to bolster U.S. cyber standards. This time, the administration is targeting agencies that handle classified intelligence. 

  • Image attribution tooltip
    iStock / Getty Images Plus via Getty Images

    Extracting portions of open source in software development threatens app security

    While companies employ safeguards to detect flaws in applications, the likelihood of organizations running a complete database of all the places a vulnerability lives is slim.

  • Image attribution tooltip
    Mario Tama via Getty Images

    Log4j raises cyber risk for public finance entities, Fitch warns

    Local agencies and critical sites face increased operational and financial risk as the vulnerability opens organizations to ransomware or other malicious activity. 

  • Image attribution tooltip
    DKosig via Getty Images

    Cobalt Strike targets VMware Horizon after UK warnings of Log4Shell threats

    Researchers say the threat emulation tool may endanger thousands of vulnerable servers.

  • Image attribution tooltip
    Drew Angerer via Getty Images

    Big tech pushes White House for open source funding, standards after Log4j

    Technology officials are calling on cross-sector collaboration to prevent a recurrence of a Log4j-style security crisis. 

  • Image attribution tooltip
    Chip Somodevilla / Staff via Getty Images

    Feds want businesses to report cyberattacks — the agency doesn't matter

    The FBI's Bryan Vorndran compared a cyberattack to a house robbery: Law enforcement assists with attack response while CISA is representative of an alarm company tasked with prevention. 

  • Image attribution tooltip
    BackyardProduction via Getty Images

    FCC seeks stronger breach reporting rules for telecoms

    After massive breaches at T-Mobile and other telecoms, the proposed regulations would create faster consumer disclosure and mandate reporting of inadvertent cases.

  • Image attribution tooltip
    Jeenah Moon via Getty Images

    Microsoft pushes patch for wormable HTTP vulnerability, exploitation undetected so far

    An attacker does not need to interact with a user or have privileged access to infect a system. 

  • Image attribution tooltip
    da-kuk via Getty Images

    Google Drive, OneDrive top cloud apps for malware delivery: report

    Netskope's findings are based on blocked malware, so the hacker's attempts to get a user to open a malicious download were initially successful. 

  • Image attribution tooltip
    Kevin Dietsch / Staff via Getty Images

    Log4j threat activity limited, but CISA says actors lay in wait

    Microsoft is warning about new activity from a threat actor exploiting the vulnerability in VMware Horizon to deploy ransomware.

  • Image attribution tooltip
    Getty Images

    Cloud security a shared responsibility. Where's the confusion?

    The cloud meant replacing on-premise risks with a new kind risk. Some companies are unsure how to translate those responsibilities into actions.

  • Image attribution tooltip
    Peter Macdiarmid via Getty Images

    What happens if threat data isn't shared?

    Threats only have meaning if companies decide they do; if an organization does not deem a threat serious enough, they can go unshared. 

  • Image attribution tooltip
    vchal via Getty Images

    Log4Shell threat activity targeting VMware Horizon, UK researchers warn

    NHS Digital warned unknown threat actors are targeting the servers in order to create web shells and enable future data theft, ransomware or other attacks.

  • Image attribution tooltip
    rfranca via Getty Images

    Phishing lures await in Google Docs comments

    Email addresses are hidden when someone mentions a user in a comment, so the human instinct to question the legitimacy of the notification decreases. 

  • Image attribution tooltip
    metamorworks via Getty Images

    Can SOAR technology help SOCs regain the advantage in threat detection?

    Google's acquisition of Siemplify has placed a focus on whether automation can help restore balance in the fight against sophisticated attackers.

  • Image attribution tooltip
    Poike via Getty Images

    NY attorney general probes widespread credential stuffing, 17 companies affected

    The OAG worked with the impacted companies to uncover how threat actors bypassed security safeguards, which led almost all the companies to strengthen security controls.

  • Image attribution tooltip
    DKosig via Getty Images

    The value of threat modeling in an evolving security landscape

    The flow of information is more unpredictable than it was just a few years ago, so the threat modeling that was once used doesn't work today. 

  • Image attribution tooltip
    Leon Neal via Getty Images

    What's at stake in a credential stuffing attack

    Attackers gain a network foothold by using stolen credentials under the guise of an authenticated trusted employee or third party.

  • Image attribution tooltip
    Carol Highsmith. (2005). "Apex Bldg." [Photo]. Retrieved from Wikimedia Commons.

    FTC threatens enforcement on firms lax about Log4j vulnerability

    The FTC warning underscores a commitment by federal regulators to ensure a more secure environment for enterprise and consumer software, according to legal experts and industry analysts. 

  • Image attribution tooltip
    peterschreiber.media via Getty Images

    C-suite leaders are confident in ransomware protections, despite more attacks

    While it's important for non-IT and security leaders to have buy-in, CISOs have the responsibility to level with their C-suite counterparts on the true threat of ransomware, (ISC)² research shows.

  • Image attribution tooltip
    sefa ozel via Getty Images

    Log4j activity expected to play out well into 2022

    As industry returns from the holiday break, organizations are assessing potential security threats from Log4j, ranging from coin miners to hands-on-keyboard attacks.