Page 2


  • A depiction of computer hardware.
    Image attribution tooltip
    solarseven via Getty Images

    Iran-linked threat actors exploiting Log4Shell via unpatched VMware, feds warn

    The actors compromised a federal civilian agency, CISA and the FBI said. Authorities warned VMware users to assume breach and hunt for threats if they skipped patches or workarounds.

  • Oil Or Gas Transportation With Blue Gas Or Pipe Line Valves On Soil And Sunrise Background
    Image attribution tooltip
    onurdongel via Getty Images

    Critical infrastructure providers ask CISA to place guardrails on reporting requirements

    Top companies and industry groups fear incident reporting mandates would overwhelm CISA with noise. 

  • McDonald's Q1 Earnings Up On Higher Menu Prices, Overseas Growth
    Image attribution tooltip
    Justin Sullivan / Staff via Getty Images

    McDonald’s to launch cybersecurity apprenticeship program

    The restaurant chain's initiative is among nearly 200 registered apprenticeships programs approved or under development as part of the White House's Cybersecurity Apprenticeship Sprint.

  • A person works next to a 5G logo.
    Image attribution tooltip
    David Ramos/Getty Images via Getty Images

    Nokia warns 5G security ‘breaches are the rule, not the exception’

    A majority of 5G network operators experienced up to six cyber incidents in the past year. Defenses are especially lacking for ransomware and phishing attacks.

  • Connection network in dark servers data center room storage systems.
    Image attribution tooltip
    sdecoret via Getty Images

    Confidential computing critical for cloud security, Google and Intel say

    Confidential computing aims to isolate and encrypt data in use. The technology is young, but it could deliver significant gains for cloud security.

  • Concept with expert setting up automated software on laptop computer.
    Image attribution tooltip
    NicoElNino via Getty Images

    High risk, critical vulnerabilities found in 25% of all software applications and systems

    Research from Synopsys showed weak SSL/TLS configurations were the most prevalent form of vulnerability.

  • A digital lock on a computer memory board with red and blue lights intersecting
    Image attribution tooltip
    Just_Super via Getty Images

    CISA wants to change how organizations prioritize vulnerabilities

    Federal authorities want to take the guesswork and manual decision making processes out of the messy world of vulnerabilities.

  • A row of blue lockers in an empty school hallway.
    Image attribution tooltip
    Stock Photo via Getty Images

    K-12 schools lack resources, funding to combat ransomware threat

    One-fifth of schools spend less than 1% of their IT budgets on security, a MS-ISAC report shows.

  • A group of business people stack their hands on top of one another
    Image attribution tooltip
    PeopleImages via Getty Images

    Why privacy professionals should work closely with company engineers

    Transcend's general counsel, Brandon Wiebe, said the increasingly technical nature of data privacy regulations requires cross-functional collaboration. 

  • Digital code data numbers and secure lock icons on hacker's hands working with keyboard computer on dark blue tone background.
    Image attribution tooltip
    Techa Tungateja via Getty Images

    CISA warns unpatched Zimbra users to assume breach

    Months after warnings to patch the Zimbra Collaboration Suite, government and private sector organizations are under attack from multiple threat actors.

  • Twitter's bird logo is seen on an office building.
    Image attribution tooltip
    Justin Sullivan / Staff via Getty Images

    Twitter, amid security and compliance officer exodus, could run afoul of FTC rules

    Regulatory attention is just the latest trouble for the embattled social media platform. Without chief security, privacy or compliance officers, following a consent decree becomes more difficult.

  • Industrial technology concept showing a shipping industry and communication network.
    Image attribution tooltip
    metamorworks via Getty Images

    5 security musts for industrial control systems

    OT involves a collection of dedicated systems and physics, and that creates distinct security requirements, said Robert M. Lee, CEO and co-founder at Dragos.

  • Image depicts the implementation of cybersecurity with a lock displayed over a screen.
    Image attribution tooltip
    anyaberkut via Getty Images

    Citrix CVEs need urgent security updates, CISA says

    Though there's no active exploitation yet, Tenable researchers warn they expect threat actors to target the Citrix systems in the near term.

  • SolarWinds
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images

    SolarWinds under SEC probe related to 2020 supply chain attack

    The company also disclosed a proposed $26 million settlement of a class action suit related to the cyberattack. 

  • High School Students and Teacher wearing face masks and social distancing in Classroom Setting working on laptop technology - stock photo
    Image attribution tooltip
    Stock Photo via Getty Images

    CISA’s K-12 cyber education program goes nationwide

    Cyber.org Range will introduce students to cybersecurity concepts and prepare them for intermediate-level jobs in a severely understaffed industry.

  • A lit Microsoft log seen above a group of people in shadow.
    Image attribution tooltip
    Jeenah Moon via Getty Images

    Microsoft finally releases security updates for ProxyNotShell zero days

    The company linked a limited set of recent Exchange Server attacks to state-backed threat actors.

  • A stack of snack food packages from Mondelez International, including Wheat Thins, Oreos, Ritz and Sour Patch kids.
    Image attribution tooltip
    Courtesy of Mondelē​​z International

    Mondelē​​z settlement in NotPetya case renews concerns about cyber insurance coverage

    The legal dispute between the snack giant and insurer Zurich American, which lasted four years, raises further questions about how insurers cover acts of cyber war.

  • Ransomware spelled out in a creative depiction.
    Image attribution tooltip
    Just_Super via Getty Images

    Precise ransomware strikes boost threat actors’ success rate

    Threat actors are amassing specialized skills and tools from a broader group of cybercriminals to target organizations with more sophisticated tactics.

  • The east side of the US Capitol in the early morning. Senate Chamber in the foreground.
    Image attribution tooltip
    drnadig via Getty Images

    Senator proposes cybersecurity mandates for health systems

    Cybersecurity can no longer be treated as a secondary concern and must become incorporated into every organization’s core business model, according to the chairman of the Senate Select Committee on Intelligence.

  • cybersecurity stock photo
    Image attribution tooltip
    Yudram_TA via Getty Images

    Face it, password policies and managers are not protecting users

    Passwords haven’t worked as a solid security strategy in a long time. The policies are there, so why are passwords security’s weak spot?

  • An illustrated computer with security symbols, including a person in a face mask holding a fishing pole with things representing PII dislpayed.
    Image attribution tooltip
    bagira22 via Getty Images
    Opinion

    How to implement an effective system to address third-party risk

    Current processes for assessing and managing third-party cybersecurity risks are cumbersome and ineffective. CISOs must adopt new principles to address business exposure.

  • Image depicts the implementation of cybersecurity with a lock displayed over a screen.
    Image attribution tooltip
    anyaberkut via Getty Images

    CISA demystifies phishing-resistant MFA

    The “gold standard” safeguard isn’t a one-size-fits-all or all-or-nothing endeavor. For most organizations, a phased approach works best.

  • View from above of vast vats of brown liquid.
    Image attribution tooltip
    Courtesy of Brown and Caldwell

    NIST seeks water industry feedback on boosting cyber resilience

    The Biden administration is turning its security attention to the water and wastewater treatment industry, which has become vulnerable to cyberattacks as facilities grow more digital.

  • Funny glasses depicted against a gray wall
    Image attribution tooltip
    iStock / Getty Images via Getty Images

    No, your CEO is not texting you

    Everyone wants to stay on good terms with their employer. Threat actors know this too, and they exploit this weakness accordingly. Don’t fall for it.

  • CISA Director Jen Easterly
    Image attribution tooltip

    Center for Strategic and International Studies

    CISA director bullish on private sector cooperation toward cybersecurity goals

    Jen Easterly urged U.S. companies to embrace the agency’s efforts to raise cybersecurity performance, create resilient products and share more information.