Page 2

Threat actors more frequently — and successfully — target Active Directory

Attacks on AD played a prominent role during the high-profile SolarWinds campaign and LockBit 2.0 ransomware attacks.

Timely patching remains pain point even as high-profile bugs linger

With business continuity already challenged by COVID-19, patches interfering with business productivity became more of a challenge for security teams. 

Microsoft warns of new credential-stealing backdoor from SolarWinds threat actor

The newly identified malware, called FoggyWeb, has been observed since April and is used to steal from compromised AD FS servers. 

How hackers are making the leap from cloud to the software build processes

The security problem with third-party container applications is not, however, indicative of infrastructure flaws.

Ripple effects from a cyber incident take a year to develop: report

Organizations are likely to both generate and suffer the downstream consequences of cyber incidents because of the technological reliance companies have on one another.

25% of providers saw mortality rates rise after ransomware attacks, survey finds

This study of health delivery organizations is one of the first finding a direct impact on patient care. It comes roughly a year after a patient in Germany died as a result of delayed care following a ransomware attack.

How CISA's head wants to reform federal cybersecurity

Without a federal incident reporting law, CISA and the private sector lack efficient information-sharing capabilites, Director Jen Easterly said.

Ransomware compromises customer data in farm co-op attack

A Minnesota-based co-op became the second agricultural firm in recent days to be the target of ransomware, just weeks after the FBI and CISA warned of a wider threat to the industry.

UPDATED: Sept. 24, 2021 at 6:59 p.m.

How to translate threats and risk to C-suite

When communicating with the C-suite or shareholders, CISOs have to speak equal parts security and bottom line. 

Remote work had little effect on employees' password habits: report

Employees are still reusing credentials, as vendors explore a passwordless future, according to a report from LastPass' Psychology of Passwords.

After 400 attacks, feds warn of Conti ransomware

Nearly a year after U.S. security agencies warned the healthcare sector about Ryuk, the same threat actors are reemerging as a risk to businesses.

Treasury sanctions crypto exchange Suex in push to thwart ransomware

While more legal measures await international cybercrime, the government is sending interim messages to ransomware gangs.

4 questions to ask after discovering a cyberattack

Identifying signs of an ongoing attack or backdoor deployment is nearly impossible for digital laggards.

Enterprises plan major investments as remote work escalates security risk: report

Companies face significant challenges in managing security as the work-from-home model moves from an emergency stopgap to a more permanent environment. 

Is there too much transparency in cybersecurity?

Between information sharing, software accountability, or incident response and disclosures, companies have to find the disclosure sweet spot.

BlackMatter gang targets Iowa agriculture cooperative in a test of critical infrastructure

Iowa-based New Cooperative, one of the largest grain suppliers in the state, is facing a demand to pay $5.9 million in ransom.

How to support overworked, understaffed security operations

Strapped for resources, companies can either have their security practitioners wear too many hats, or outsource the responsibilities. 

What to know about software bill of materials

The Biden administration wants more transparency in the software supply chain. Will private industry join in?

Companies must develop operational plan for ransomware recovery

In the face of more frequent and sophisticated attacks, companies need to identify their most critical assets and work to limit cyberattack fallout.

FTC warns app makers fall under breach notification rule

A breach must be reported regardless of whether it was the result of malicious action, the agency said. Any unauthorized access, including sharing information without consent, would trigger the rule.

Companies confident in cybersecurity despite growing threats: report

There's a perception of "safety in numbers," Beazley's survey found. "Time will tell if such high levels of confidence are well placed."

Boards rethink incident response playbook as ransomware surges

Corporate boards are no longer rubber-stamping assurances from CIOs or CISOs but are bringing in outside experts, asking more questions and preparing for the risk of personal liability.

Cybersecurity drills don't have to be 'fight or flight,' training creators say

Cyber training has followed "a very dangerous path," the co-founders of Hook Security said. But a humorous approach may turn things around.

How companies can defend against credential theft

Unique passwords are the best defense against credential stuffing. But users, unless forced to act differently, will stick with what makes access easy.

Executives fail to make software supply chain security a priority, report finds

The disconnect between rhetoric and performance in the software development and security industries are part of an internal debate: Which sector should take the lead?