Page 2


  • Microsoft logo at Mobile World Congress.
    Image attribution tooltip
    David Ramos via Getty Images
    Image attribution tooltip

    Congress wants to question Microsoft exec over security defects

    The committee wants to question Brad Smith, Microsoft’s president and vice chair, over the company’s security shortcomings and how it plans to strengthen security measures.

  • Fingers hover over a computer keyboard with numbers on a screen, against a shadowy backdrop.
    Image attribution tooltip
    jariyawat thinsandee via Getty Images
    Image attribution tooltip

    Only one-third of firms deploy safeguards against generative AI threats, report finds

    Generative AI gives attackers an edge over cyber defenders, according to a Splunk survey of security experts.

  • A signage of Microsoft is seen on March 13, 2020 in New York City.
    Image attribution tooltip
    Jeenah Moon via Getty Images
    Image attribution tooltip

    Officials see a real change in Microsoft’s security plans: financial accountability

    CISA Director Jen Easterly pointed to Microsoft’s decision to link security to executive compensation as a meaningful signal of its priorities.

  • The White House in Washington, D.C.
    Image attribution tooltip
    TriggerPhoto via Getty Images
    Image attribution tooltip

    White House wants to hold the software sector accountable for security

    Federal officials are taking steps toward a long-stated goal of shifting the security burden from technology users to the companies that build it.

  • New York Fire Department ambulance with emergency lights on at night driving through an intersection in Midtown Manhattan, blurry due to vehicle in motion
    Image attribution tooltip
    pidjoe via Getty Images
    Image attribution tooltip

    Some Ascension hospitals diverting emergency care after cybersecurity incident

    The health system’s electronic health records, MyChart patient portal and several systems for ordering tests and medications are unavailable, Ascension said.

  • Cybersecurity professionals walk into the RSA Conference at the Moscone Center in San Francisco on May 6, 2024.
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive/Cybersecurity Dive
    Image attribution tooltip

    CISA explains why it doesn’t call out tech vendors by name

    Federal officials rarely criticize tech companies when their mistakes result in attacks. The stinging conclusions CSRB levied at Microsoft are an exception, not the norm.

  • CISA Director Jen Easterly speaks at Carnegie Mellon University urging the tech industry to embrace secure-by-design product development.
    Image attribution tooltip
    Permission granted by Carnegie Mellon University
    Image attribution tooltip

    68 tech, security vendors commit to secure-by-design practices

    CISA said companies ranging from Microsoft to Palo Alto Networks signed the voluntary pledge in an effort to boost resiliency and increase transparency around CVEs and cyberattacks.

  • A view of Ascension St. Vincent's Riverside Hospital sign.
    Image attribution tooltip
    Cliff Hawkins via Getty Images
    Image attribution tooltip

    Ascension hit by cybersecurity incident disrupting clinical operations

    The major nonprofit health system detected “unusual activity” on some network systems Wednesday.

  • National Cyber Director Harry Coker speaks in Washington.
    Image attribution tooltip
    Permission granted by Information Technology Industry Council
    Image attribution tooltip

    The US really wants to improve critical infrastructure cyber resilience

    A report from the Office of the National Cyber Director highlights persistent threats targeting healthcare and water, echoing warnings from cyber officials earlier this year. 

  • A digital outline of a brain with lights emerging from the stem, creating a half circle that looks like the globe.
    Image attribution tooltip
    dem10 via Getty Images
    Image attribution tooltip

    Generative AI is a looming cybersecurity threat

    Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention. 

  • Two people sitting on tall chairs on a stage speaking.
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive
    Image attribution tooltip

    China-linked attackers are successfully targeting network security devices, worrying officials

    Espionage groups linked to China are heavily exploiting zero days, focusing on devices that lack endpoint detection and response capabilities, one expert said.

  • A picture of a stethoscope on top of a notebook with blue charts and investment images overlaid over it.
    Image attribution tooltip
    ipopba via Getty Images
    Image attribution tooltip

    CISA, FBI urge software companies to eliminate directory traversal vulnerabilities

    The software defects are linked to recent exploitation campaigns against critical infrastructure providers, including healthcare and schools. 

  • UnitedHealth Group CEO Andrew Witty
    Image attribution tooltip
    Kent Nishimura/Getty Images via Getty Images
    Image attribution tooltip

    Change Healthcare cyberattack: 5 technical takeaways from UnitedHealth CEO’s testimony

    Change Healthcare was running on legacy technology, which magnified the ransomware attack’s impact and hampered recovery efforts, Andrew Witty said.

  • Two programmers working on new project.
    Image attribution tooltip
    BalanceFormcreative via Getty Images
    Image attribution tooltip

    Tech skills gaps put pressure on existing IT staff

    Technologists surveyed by Pluralsight said skills gaps are adding to their workloads, especially across cybersecurity, cloud and software development jobs. 

  • Azure OpenAI confidentiality loophole
    Image attribution tooltip
    jeenah Moon via Getty Images
    Image attribution tooltip

    Microsoft restructures security governance, aligning deputy CISOs and engineering teams

    The company will enhance management roles under the CISO and partially tie compensation to security performance.