The Latest
-
gilaxia via Getty Images
Codecov hack — likened to SolarWinds — targets software supply chain
Third-party actors were able to linger inside the software-testing firm’s environment for months, exfiltrating customer data.
UPDATED: April 30, 2021 at 10:58 a.m. -
zefart/iStock/Getty via Getty Images
Passwordstate customers targeted with new round of phishing attacks
The phishing email is asking customers to download a modified hotfix file, called Moserware.zip, from a content delivery network not controlled by Click Studios.
-
sestovic/E+/Getty via Getty Images
First Horizon breach highlights rising threats against financial institutions
The attack shows the potential risk financial institutions face when trying to protect customer account data and financial assets.
-
Tomohiro Ohsumi via Getty Images
Cybersecurity careers: Makeshift beginnings, technical pursuits
As the field becomes more visible, thanks to large cyberattacks and breaches invading mainstream media, more curious minds will seek employment.
-
damircudic via Getty Images
Work from home means far less security visibility, report says
The number of incidents are surging as companies shift to multicloud environments and struggle to track endpoint and IoT security.
-
Tomohiro Ohsumi via Getty Images
Software bug bests MacOS notarization protocols
The update, which fixes the bug, is available in MacOS version 11.3.
-
Leon Neal via Getty Images
Cyberattack on Passwordstate tests confidence in password managers
The supply chain attack is raising questions about how best to deploy and secure the tools as corporations face heightened threats across the globe.
-
David Ramos via Getty Images
Who is making enterprise security decisions?
A leader should sign off on security systems and protocols. However, protection is weaker if decisions bottleneck with one person.
-
zefart/iStock/Getty via Getty Images
Global supply chains grapple with international cyberpowers
Cybersecurity intertwines industry with geopolitics. Governments will have to grapple with how to balance national security, business continuity and intellectual property protection.
-
Brian Tucker/Cybersecurity Dive
Security officials want continuity, accountability from national cyber director
The role will form "the fabric" between the private and public sectors and act as liaison between Congress and the White House.
-
Adeline Kon for Cybersecurity Dive/Cybersecurity Dive
Deep DiveMarijuana is becoming more accepted. Will cybersecurity employers play along?
As more states legalize recreational use, employers in the public and private sector may need to change how they hire for cybersecurity.
-
Traitov/iStock/Getty via Getty Images
Attackers leverage Pulse Secure VPNs to target defense, financial industries
Cybersecurity and Infrastructure Security Agency warned federal agencies of "unacceptable risk" in the latest campaign linked to suspected APT actors.
-
Permission granted by Merck KGaA
Pfizer segmented IT/OT after a board-level security directive
The pharma company's IT and engineering organizations formed a combined security program in 2018, responsible for technology analysis and inventory.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
100-day DOE grid security push targets ICS, OT
The Department of Energy has also issued a request for information seeking recommendations for securing U.S. energy system supply chains.
-
Permission granted by E.A. Crunden
SolarWinds juggles stakeholders involved in response, recovery to level out business
Reputation, risk issues and cross-sector cooperation demand a cohesive plan to ensure recovery and repair. It also helps to know the federal response.
-
CISOs call for holistic enterprise approach to third-party security risk
Companies need to consider operational resilience, and take a more focused approach in their evaluation processes.
-
zefart/iStock/Getty via Getty Images
Companies take second look at third-party risk management programs
As part of the supply chain web, monitoring the vendors of a company's vendor, called Nth party risk, has become a critical part of protecting companies from potential threats.
-
damircudic via Getty Images
US companies plot return to office, raising questions on hybrid security
Remote workers are migrating to the corporate workspace, opening up a set of security challenges for CISOs.
-
skynesher/E+ via Getty Images
Protect the keys to the kingdom: Email cyberattacks open doors to core assets
Any type of cyberattack is bad news for an organization, but when email servers are breached, cybercriminals have ready access to a company's most sensitive assets.
-
How to translate threats and risk to C-suite
When communicating with the C-suite or shareholders, CISOs have to speak equal parts security and bottom line.
-
sestovic/E+/Getty via Getty Images
25% of utilities exposed to SolarWinds hack amid growing ICS vulnerabilities, analysts say
Security experts warn it may be too soon to tell whether follow-on activity has occurred.
-
Permission granted by Mondelez International
Mondelez revamped boring security training
Anything security does to agitate users, in terms of their accessibility or ease of use, will harden resistance to training.
-
Sean Gallup via Getty Images
Poor management of privileged accounts leaves organizations open to attack
Access gaps open the door for malicious threat actors to hide inside the corporate systems using trusted identities to exfiltrate data.
-
Getty Images
100M devices susceptible to NAME:WRECK DNS vulnerabilities, researchers say
Each vulnerability could lead to a denial of service attack, or an attacker could take control of a susceptible device through remote code execution.
-
Feds launch coordinated effort to mitigate remaining Microsoft Exchange flaws
A court-approved operation to remove web shells coincided with a push to get government and private sector systems patched with critical security updates.
