The Latest

• 

  SMBs hit by rise in legitimate tool-based attacks

  Attackers are moving away from malware and evading detection by abusing remote monitoring and management software, according to Huntress research.

  Cyberattacks

• 

  Sponsored by Tines

  The top cybersecurity events and conferences in 2024, according to security pros

  Which security conferences are teams prioritizing in 2024? A new report reveals the 7 most popular events in the cybersecurity calendar.

  Leadership & Careers

• 

  Companies are getting smarter about cyber incidents

  Although incidents are up and risks are expanding, businesses are better prepared to send threat actors away empty-handed, a specialist says.

  Strategy

• 

  CISA explains how to apply secure-by-design principles

  The focus should be on what manufacturers are doing to keep their customers safe, not the damage attackers might be inflicting, CISA’s Bob Lord said. 

  Policy & Regulation

• 

  Threat actors behind Las Vegas casino attacks are social-engineering mavens

  Scattered Spider threat actors are attacking large companies and their IT help desks to steal data for extortion, according to federal cyber authorities.

  Cyberattacks

• 

  ‘Honesty’: Estes details its playbook for responding to a cyberattack

  Being open about the incident engendered goodwill from customers and colleagues, executives said.

  Cyberattacks

• 

  Stanley Steemer hack breached data of almost 67K customers

  The cleaning company said attackers gained access to its systems nearly a month before the intrusion was discovered in March.

  Breaches

• 

  FCC proposes 3-year cybersecurity pilot for schools, libraries

  The agency will seek public comment on the proposal, which will explore how the Universal Service Fund can support school and library cyber concerns.

  Policy & Regulation

• 

  Cisco looks to Splunk for security business growth

  Security remains a small part of Cisco’s business, but Splunk could bolster the company’s ability to grow and improve other offerings.

  Strategy

• 

  Clorox CISO departs months after cyberattack

  The C-suite change comes in the aftermath of a cyberattack that damaged IT infrastructure, led to widespread disruption and negatively impacted earnings. 

  Cyberattacks

• 

  New York proposes ‘nation-leading’ hospital cybersecurity regulations

  The rules, which would require facilities to develop response plans and hire a chief information security officer, aim to safeguard hospitals from growing threats and keep them operating during an attack.

  Cyberattacks

• 

  Palo Alto Networks’ largest customers get no-cost incident response

  Available through January, the response program comes at a time of heightened demand for rapid forensic services, particularly in light of the coming SEC incident response enforcement. 

  Strategy

• 

  5 Juniper CVEs actively exploited in the wild

  The vendor warned the Junos OS vulnerabilities can be chained to remotely execute code.

  Vulnerability

• 

  File-transfer services, rich with sensitive data, are under attack

  This year has seen a trio of supply-chain attacks that created turmoil for thousands of corporate victims and their customers.

  Breaches

• 

  Rackspace records $5M in expenses related to 2022 ransomware attack

  The cloud services company expects insurance to cover its incident costs, however multiple lawsuits are still pending.

  Strategy

• 

  Dragos again targeted by ransomware group, this time from AlphV

  The industrial cybersecurity specialist previously thwarted a shakedown attempt in May and says the current threat has not been substantiated.

  Cyberattacks

• 

  Weeks after Boeing attack, ransomware group leaks allegedly stolen files

  The company’s data was leaked two weeks after the prolific Russia-affiliated group, LockBit, claimed responsibility for the attack.

  Cyberattacks

• 

  Henry Schein says customer data breached in cyber incident

  The company lowered its 2023 sales and earnings forecasts in response to the incident, which took some of its distribution systems offline.

  Cyberattacks

• 

  As Congress weighs budget priorities, top cyber execs urge CISA funding support

  The group, led by Tenable CEO Amit Yoran, raised concerns that significant cuts to the agency would undermine efforts to combat rising threats to critical infrastructure and federal systems.

  Policy & Regulation

• 

  For Maine, the MOVEit attack is personal

  With 1.3 million individuals compromised, the level of exposure on an individual basis is one that's representative of a compromise of its entire population.

  Breaches

• 

  Chinese banking giant’s US arm hit by ransomware attack

  The hack reportedly disrupted the trading of U.S. Treasuries. The Industrial and Commercial Bank of China Financial Services said it is investigating the attack and progressing recovery efforts.

  Cyberattacks

• 

  Mr. Cooper customers’ data exposed by cyberattack

  The mortgage servicing provider has yet to determine how many of its 4.3 million customers had data compromised or the extent of potential damage.

  Cyberattacks

• 

  MGM Resorts anticipates no further disruptions from September cyberattack

  The company expects insurance to cover more than $100 million in losses stemming from lost bookings and disruptions at its Las Vegas properties.

  Strategy

• 

  Ransomware targeting casinos is on the rise, FBI warns

  Threat actors have used phishing attacks and exploited vulnerabilities in third-party vendor remote access tools to target the casino gaming industry.

  Cyberattacks

• 

  CitrixBleed sparks race to patch, hunt for malicious activity

  CISA urged organizations to patch, mitigate and report any positive findings as Citrix NetScaler ADC and NetScaler Gateway users remain exposed to session hijack.

  Vulnerability

• 

  Cyberattack hits Singapore’s Marina Bay Sands hotel and casino

  The Las Vegas Sands Corp.-owned property said the intrusion exposed the personal data of about 665,000 people.

  Cyberattacks

More stories