The Latest

• 

  When adopting security tools, less is more, Gartner says

  Security professionals say they want to consolidate vendors but, in actuality, Gartner fields far more calls about new technologies than reducing the cyber tech stack. 

  Strategy

• 

  Worries mount for MOVEit vulnerability, as likelihood of compromise expands

  MOVEit has customers across highly regulated industries, exemplifying the potential damage among government, finance and healthcare organizations.

  Vulnerability

• 

  FTC chair warns that AI businesses must still operate within existing laws

  The rapidly expanding technology cannot be used for fraud or discrimination and dominant players must allow the market to remain competitive, Lina Khan said Thursday.

  Policy & Regulation

• 

  Cybercriminals target C-suite, family members with sophisticated attacks

  A study by BlackCloak and Ponemon shows senior executives are being targeted for IP theft, doxxing and extortion, often through home office networks.

  Cyberattacks

• 

  MOVEit zero-day vulnerability under active exploit, data already stolen

  Mandiant found evidence of attacks over Memorial Day weekend and said it’s possible earlier instances of exploitation may still be uncovered.

  Vulnerability

• 

  CrowdStrike adds threat data to generative AI push

  The security vendor plans to use different LLMs for specific purposes. It may also build some of its own, CEO George Kurtz said.

  Strategy

• 

  CISOs still expect cyber budget increases amid economic pressure

  A study from Nuspire shows CISOs continue to focus on maximizing value as they seek more efficient and simplified security posture.

  Strategy

• 

  Only one-third of school districts have a full-time employee dedicated to cybersecurity

  For the last six years, cybersecurity has continued to be a top concern for ed tech leaders, according to a survey by the Consortium for School Networking.

  Strategy

• 

  Palo Alto Networks teases plans for generative AI across security services

  The security vendor is taking a restrained approach to deploying generative AI products, but the company’s leaders still believe the technology will herald a major shift for cybersecurity.

  Strategy

• 

  Moody’s cites credit risk from state-backed cyber intrusions into US critical infrastructure

  Key sectors could face short-term revenue impacts and long-term reputational harm and litigation risk, the credit ratings service said.

  Vulnerability

• 

  Barracuda zero-day vulnerability exploited for 7 months before detection

  The latest disclosure increases the potential for widespread compromise for customers using the security vendor’s email security gateway appliances.

  Vulnerability

• 

  PyPI to mandate 2FA by the end of 2023

  The mandate is part of a larger effort to prevent account takeover attacks.

  Strategy

• 

  ABB confirms ransomware attack resulted in data theft

  The Switzerland-based industrial automation giant said customer systems were not directly impacted. Key services and factories remain operational.

  Cyberattacks

• 

  Royal messes with Texas

  A trio of ransomware attacks targeting the Dallas metro area have the hallmarks of a targeted campaign. They also underscore a very real problem: society is becoming desensitized to disruption.

  Cyberattacks

• 

  Ahead of summer holiday weekends, IT security leaders brace for deliberate cyber mischief

  Recent history shows holiday weekends and vacations provide an attack surface bonanza for threat actors.

  Breaches

• 

  Barracuda patches actively exploited zero-day vulnerability in email gateways

  The security vendor declined to answer questions about how many customers were impacted and what, if any, customer data was compromised.

  Vulnerability

• 

  Broad campaign underway to access US critical infrastructure using small, home office devices

  A state-linked actor, Volt Typhoon, is attempting to gain a foothold across U.S. networks amid rising tensions in the Pacific, Microsoft and the Five Eyes authorities said.

  Cyberattacks

• 

  CISA updates ransomware guide 3 years after its debut

  The #StopRansomware guide, updated in partnership with the FBI, NSA and MS-ISAC, reflects aggressive new techniques used by threat actors, including double extortion.

  Strategy

• 

  Why cyber is also a CIO problem

  When an incursion occurs, IT teams need to have a recovery plan and backup systems ready for deployment.

  Strategy

• 

  SMBs, regional MSPs under fire from targeted phishing attacks

  Sophisticated cybercriminals are attacking vulnerable target rich and resource poor organizations to reach secondary victims via phishing campaigns, Proofpoint researchers warn.

  Cyberattacks

• 

  BEC attacks rise as criminal hackers employ new tactics to evade detection

  Threat actors are using cybercrime as a service to grow industrial strength campaigns and leveraging residential IP addresses.

  Strategy

• 

  KeePass master password manager at risk as users await patch

  The exploit only works if the master password is typed directly into KeePass. However, a patch won’t be available for weeks.

  Vulnerability

• 

  Dallas under pressure as Royal ransomware group threatens leak

  By listing Dallas on its leak site on the dark web, Royal rebutted the city’s claims that data was not compromised during the attack.

  Cyberattacks

• 

  IT security budgets are shifting as companies target risk reduction

  Organizations are designing their security spending around keeping the business secure and operations running smoothly.

  Strategy

• 

  Dole incurs $10.5M in direct costs from February ransomware attack

  The attack impacted about half of Dole's legacy company’s servers and one-quarter of its end-user computers.

  Cyberattacks

More stories