HubSpot reports nearly 50 customer accounts compromised

The customer relationship management vendor said it notified all impacted customers, but it has not publicly disclosed how attackers gained unauthorized access.

Cisco Nexus devices zero day raises alarms despite CVSS score

Though the NX-OS CVE only has a 6.0 score, a suspected espionage actor is deploying custom malware to exploit a command injection vulnerability in a range of switching devices.

Supreme Court ruling on Chevron doctrine may upend future cybersecurity regulation

Experts expect new legal challenges against numerous agency cybersecurity requirements, including incident reporting mandates and rules governing critical infrastructure sectors.

Updated July 8, 2024

CDK eyes service restoration for all car dealers by Fourth of July

The software vendor is critical to the automotive retail supply chain. A systemwide outage following a cyberattack has impacted more than 15,000 car dealers since June 19.

Cybersecurity is now a top concern for auto industry, report finds

Automotive leaders fear exposure to threats will worsen as the sector invests more in technology to drive efficiencies, Rockwell Automation found.

TeamViewer’s IT network breached through compromised employee credentials

The remote access software provider said the impact of the attack from Midnight Blizzard was limited to its internal network and customer environments were not affected.

700,000 OpenSSH servers vulnerable to remote code execution CVE

The newly discovered vulnerability can be exploited by attackers to gain unauthenticated remote code execution with root privileges, Qualys researchers said.

Microsoft alerts additional customers of state-linked threat group attacks

The company told customers the Midnight Blizzard attacks disclosed in January were more widespread than previously known.

Industrial cyberattacks fuel surge in OT cybersecurity spending

Operators in mining, oil and gas, utilities and manufacturing are among the top spenders, according to ABI Research.

Memory-unsafe code runs rampant in critical open-source projects

CISA and the FBI are part of an international effort to eliminate memory-unsafe languages which were found in more than half of critical open-source projects.

CDK restores service for small group of car dealers

The software vendor said it will restore critical services in phases, but warned some integrations with third-party vendors might be delayed.

Progress discloses more MOVEit CVEs, one year after 2023’s fiasco

The enterprise software vendor and researchers have not observed active exploitation, but attempts are underway. Concerns are amplified by a spree of attacks that hit MOVEit last year.

Updated June 27, 2024

Cyber insurance terms drive companies to invest more in security, report finds

Though recovery costs continue to outpace coverage, companies are investing in network security to lower premiums and yield better policy terms.

CISA warns chemical facilities of potential data theft

The attack targeting the Chemical Facility Anti-Terrorism Standards program was linked to widely exploited vulnerabilities in Ivanti remote access VPNs.

Cloud security becoming top priority for companies worldwide

Application sprawl and the sensitive nature of the data organizations place in the cloud is complicating security, Thales found.

CDK cyberattack stalls industry as car dealers disclose widespread impacts

The car dealership software vendor discovered a cyberattack June 19 and has told customers it will restore systems within days.

Is the cybersecurity industry ready for AI?

As cybersecurity teams focus on how to thwart threat actors, they are missing the risks around the data they are sharing willingly.

Manufacturing cybersecurity at heart of new White House guidance

The increased priority on security comes as more clean energy supply chains face the threat of a cyberattack.

Nearly 150,000 ASUS routers potentially exposed to critical vulnerability

Researchers said the CVE, which has a CVSS score of 9.8, raises additional concerns about the security of edge, small office and home office devices.

Ransomware victims are becoming less likely to pay up

Despite a jump in ransom demands last year, companies are plotting better defenses against attacks that can incur deep business interruption costs, Marsh said.

Cyber, AI and data dominate upskilling priorities, Skillsoft finds

The three categories align with the positions businesses are having the greatest difficulty filling, according to the report.

Santander warns US employees bank account info stolen in third-party database hack

The bank in May confirmed a major breach involving customer data in multiple countries.

To fill cybersecurity skills gaps, experts look to novel measures

The pace of change is driving workforce skills gaps and traditional learning pathways can't keep up with the demand.

Updated July 9, 2024

IT pros worry over the data that fuels AI

More than 2 in 5 technologists have already had a negative AI experience, according to a SolarWinds survey.

MFA plays a rising role in major attacks, research finds

Poor configurations and deliberate MFA bypasses were at the center of numerous attacks in recent months, Cisco Talos found.