Page 2
-
D-Link tells customers to sunset actively exploited storage devices
The networking hardware vendor advised owners of the affected devices to retire and replace them. There is no patch available for the vulnerability.
-
Omni Hotels & Resorts hit by cyberattack
The hotel chain has been responding to the attack since March 29, when it shut down some of its systems.
-
CISA assessing threat to federal agencies from Microsoft adversary Midnight Blizzard
Microsoft previously warned that the Russia-linked threat group was expanding malicious activity following the hack of senior company executives, which it disclosed in January.
-
Cybersecurity venture funding remains weak, near three-year low
Quarterly funding levels hit $2.3 billion in Q1 2024, a far cry from the $8 billion high the market achieved in the final quarter of 2021, according to Pinpoint Search Group.
-
Ivanti pledges security overhaul after critical vulnerabilities targeted in lengthy exploit spree
CEO Jeff Abbott said significant changes are underway. The beleaguered company committed to improve product security, share learnings and be more responsive to customers.
-
What CISA wants to see in CIRCIA reports
The most consequential federal critical infrastructure cyber incident regulation will be on the books in 18 months. Here are some of CIRCIA's main asks.
-
Microsoft Exchange state-linked hack entirely preventable, cyber review board finds
The technology giant’s corporate culture fell short on security investments and risk management, and needs significant reforms, according to a damning report by the U.S. Cyber Safety Review Board.
-
Motivations behind XZ Utils backdoor may extend beyond rogue maintainer
Security researchers are raising questions about whether the actor behind an attempted supply chain attack was engaged in a random, solo endeavor.
-
CISA asserts no data stolen during Ivanti-linked attack on the agency
Threat actors gained access to and potentially compromised two CISA systems weeks after the agency applied Ivanti’s initial mitigation measures.
-
AT&T hit with class action suit over massive data breach
The breach was a “direct result” of AT&T’s failure to implement adequate cybersecurity procedures, the suit alleges.
-
Red Hat warns of backoor in widely used Linux utility
With a CVSS of 10, CISA urged users and developers to downgrade to an uncompromised version, search for any malicious activity and report findings back to the agency.
-
Progress Software continues to cooperate with SEC probe into MOVEit exploitation
The company said it still cannot quantify the potential impact of multiple government agency inquiries.
-
What’s missing for SMBs? A solid cybersecurity culture
Small businesses can be especially vulnerable to cyberattacks because of their limited resources, and few have employees on staff who truly understand the value of secure business operations.
-
Boards need to brush up on cybersecurity governance, survey finds
SEC cyber disclosure rules are calling attention to corporate boards’ need to enhance their approach to cybersecurity oversight and compliance.
-
Water woes: A federal push for cyber mitigation is highlighting the sector’s fault lines
The water utility industry says they recognize the heightened threat environment, but the current federal push fails to account for their resource constraints.
-
How CISO salaries are faring as businesses ask more of security
As CISOs become more welcomed as full members of the C-suite, they are enjoying the compensation and perks that come with the status.
-
CISA issues notice for long-awaited critical infrastructure reporting requirements
CIRCIA will require covered entities to promptly disclose major cyber incidents and ransomware payments.
-
Security concerns creep into generative AI adoption
As the AI ecosystem grows and more tools connect to internal data, threat actors have a wider field to introduce vulnerabilities.
-
Senior lawmaker questions UnitedHealth over Change cyberattack
Rep. Jamie Raskin, D-Md., said UnitedHealth’s “rapid consolidation and vertical integration” has major consequences for the healthcare sector, including increased control of the health IT market.
-
Software makers urged to flush SQL injection vulnerabilities
CISA and FBI officials linked attacks against MOVEit file transfer software to preventable defects.
-
Phishing remains top route to initial access
Tricking individuals to reveal sensitive information turns human behavior and trust into a weapon.
-
Hospital groups question HHS about data breach reporting after Change Healthcare attack
In a Thursday letter, the American Hospital Association urged the HHS’ Office of Civil Rights to reduce “duplicative” breach notifications from the cyberattack.
-
Marsh launches group captive insurance firm for cyber
The company wants to provide larger, financially stable companies with alternatives for managing risk, after years of volatility in pricing and coverage.
-
Novel variant of wiper linked to Viasat attack during Ukraine war raises new fears
Researchers at SentinelLabs warn the new variant, called AcidPour, could place IoT, networking devices at risk.
-
Threat groups hit enterprise software, network infrastructure hard in 2023
Recorded Future observed an approximately threefold increase in actively exploited high-risk vulnerabilities in enterprise software and network infrastructure, such as VPNs.