Worried about data breaches? Blame the information sector

Three in five records exposed in a data breach last year came from software, telecom, data processing and web hosting companies, Flashpoint found.

TSA unveils emergency cybersecurity requirements for airlines, airports

The requirements follow the release of the Biden administration’s national cybersecurity strategy, which includes enhanced measures for critical infrastructure.

Dole doesn’t expect to recover full costs of ransomware attack

The complex insurance market means the ability to recover financially in many cases is difficult, but Dole said the overall impact of the incident was limited.

Cloud skills gap raises cyber concerns for banks

As financial sector companies push forward with modernization, difficulty sourcing talent looms as a potential security risk.

Organizations tempt risk as they deploy code more frequently

An imbalance between developers and security professionals on staff spotlights a disconnect between these business functions and objectives.

Insurance holding company Group 1001 says operations restored after ransomware attack

The company did not pay a ransom following a February attack that disrupted operations at several of its member companies.

LastPass aftermath leaves long to-do list for business customers

Organizations using the password manager are exposed after a major breach compromised credentials and, potentially, business secrets.

Who is liable for flawed software? New guidance upends the security standard

Development practices and safe harbor provisions are the subject of major debate as work to implement the White Houses’ cyber strategy begins.

EPA unveils cybersecurity oversight for public drinking water systems

An agency memorandum marks the first new initiative on critical infrastructure since the White House released its national cyber strategy.

The US cyber strategy is out. Now, officials just have to implement it

Industry stakeholders signal a willingness to discuss further steps, while congressional leaders hint additional action may be on the table. 

JetBlue taps new CISO as major deals hang in balance

Keith Anderson joins the airline as federal regulators scrutinize a pair of high-profile deals.

White House releases national cyber strategy, shifting security burden

The long-anticipated policy will push the technology industry to shoulder more of the load for cyber risk, while promoting long-term investments and global cooperation against common threats. 

LastPass breach timeline: How a monthslong cyberattack unraveled

A threat actor evaded detection for months and blended in with legitimate activity after targeting 1 of 4 engineers with access to keys to the kingdom.

Updated March 3, 2023

MKS Instruments says February ransomware attack will clip $200M from revenue

The technology supplier for semiconductor manufacturing and advanced electronics had to temporarily halt some of its operations, disrupting its supply chain, following the attack. 

LastPass CEO admits disclosure mistakes, pledges improved communications

The criticism leveled at LastPass has grown as the password manager shared more alarming details on the compromise.

CISA red team cracks a critical infrastructure provider’s defenses, a lesson in lateral access

The voluntary assessment raises concerns as the unnamed organization with a mature security program was unable to detect simulated actors moving laterally across its systems for months.

An ongoing SOC skills shortage could spell trouble for compliance

Without skilled analysts to monitor the SOC, the risk of a successful cyberattack breaking through a company’s defenses grows. 

3 CISA principles for secure by design

The Biden administration is expected to emphasize safer development practices when it rolls out the national security strategy for cyber. 

LastPass compromise grew worse after DevOps engineer targeted for encryption key

A threat actor used data from multiple breaches and a vulnerability on a high-level employee’s home computer to steal customer passwords.

Phishing takes financial bite out of more victim organizations

The majority of organizations, 84%, experienced at least one successful phishing attack in 2022, Proofpoint research found.

CISA director urges tech industry to take responsibility for secure products

Industry can no longer blame and shame customers who are victims of sophisticated attacks, Jen Easterly said.

Los Angeles school district confirms sensitive student data leaked

Highly sensitive health records, including psychological evaluations, of about 2,000 students were leaked as a result of the ransomware attack that hit the Los Angeles Unified School District last year.

For GoDaddy customers, a long dwell time means all could be victims

The web hosting provider has not shared additional details outlining the extent of the breach, but experts are highlighting the incident's multiple red flags.

Ukraine discovers lingering breaches 1 year into Russia invasion

Multiple Ukraine government website breaches were discovered on the eve of the one-year mark of Russia’s invasion.

Stressed much? It’s chronic in cybersecurity

Gartner expects the psychological toll of security to spur high levels of churn for security leaders. One solution may be governance and reporting structure.