Page 2
-
Starbucks confirms Blue Yonder attack impacted employee scheduling platform
The company is reverting to manual operations to make sure workers are paid on time, a spokesperson said.
-
New York fines Geico, Travelers $11.3M for pandemic-era breaches
The auto insurance companies were penalized for a series of attacks that exposed the personal data of 120,000 people in late 2020 and early 2021.
-
Ransomware hits supply chain software firm Blue Yonder ahead of Thanksgiving
The attack against Blue Yonder led to issues for Morrisons, a U.K.-based grocery chain, in its warehouse management system for fresh food and produce.
-
Gambling tech vendor’s IT systems impacted by cyberattack
International Game Technology, which makes slot machines and other gambling technology, said it took systems offline following a Nov. 17 cyberattack.
-
Palo Alto Networks pushes back as Shadowserver spots 2K of its firewalls exploited
The security vendor maintains only a limited number of customers’ firewalls have been exploited by a zero-day it patched earlier this week.
-
Corporate security teams want specialty cyber roles as regulatory pressure grows
A report from IANS and Artico Search shows businesses are looking to bring on chiefs of staff, business CISOs and privacy officers as federal and state regulators push for greater compliance.
-
Healthcare providers will need to boost cyber defenses amid AI adoption: Moody’s
AI could ease labor shortages, but health systems will need to increase cybersecurity spending to manage heightened risks, according to the credit ratings agency.
-
Microsoft unveils resiliency, security enhancements following July global IT outage
The updates are part of a larger effort at the company to overhaul its internal security culture.
-
Palo Alto Networks boasts as customers coalesce on its platforms
The cybersecurity vendor said it ended its fiscal Q1 with 1,100 platformization deals and remains on pace to reach at least 2,500 such deals within five years.
-
Attackers wield password-spray attacks to zero-in on targets, research finds
The highly effective brute-force attack method requires little effort, Trellix said. Organizations with weak password policies or no MFA are especially at risk.
-
HHS facing challenges as lead agency for healthcare cybersecurity: GAO
The department hasn’t implemented some policies recommended by the watchdog, which could pose a risk to cybersecurity in the sector as attacks increase, according to the Government Accountability Office.
-
Opinion
Security awareness and training is a method, not an outcome
In 2024, the idea of human risk management shifted from concept to reality as frustrated CISOs looked for solutions beyond security awareness and training to make real change.
-
Palo Alto Networks customers grapple with another actively exploited zero-day
The security vendor warned of an unconfirmed vulnerability in PAN-OS earlier this month. A CVE entry and patch came 10 days later.
-
Federal probe finds vulnerabilities across more than 300 US water systems
The Environmental Protection Agency lacks a documented plan to coordinate incident reporting with CISA, the agency’s Office of Inspector General found.
-
AI training vendor iLearningEngines discloses cyberattack in wake of SEC probe
The company said an attacker stole data, misdirected a $250,000 wire payment and deleted emails.
-
Easterly to step down from CISA director role on Inauguration Day
CISA confirmed that political appointees of the Biden administration will also depart the agency as the Trump administration takes over.
-
Splunk accelerates Cisco’s security business as core networking sales decline
Security revenue doubled to $2 billion in Cisco’s recent quarter. Without Splunk’s contribution, its total revenue would have dropped 14%.
-
Palo Alto Networks’ customer migration tool hit by trio of CVE exploits
CISA warned of two critical and actively exploited vulnerabilities in Expedition one week after another CVE came under active exploitation in the same product.
-
Microsoft revamps how it will disclose vulnerabilities
The company said the additional disclosure method using the Common Security Advisory Framework will help organizations better prioritize CVEs.
-
Feds find ‘broad and significant’ China espionage campaign in US telecom networks
The FBI and CISA warned the nation-state affiliated malicious activities are extensive and include the theft of sensitive call records and court-ordered information.
-
National cyber director calls for streamlined security regulations
Harry Coker Jr. assured critical infrastructure and private sector stakeholders that while standards are necessary, there is a need to harmonize burdensome compliance demands.
-
5th Circuit dismisses Cargill employee’s Kronos hack, discrimination claims
The decision is also a victory for UKG, whom the employee sued separately for privacy violation allegations stemming from a 2021 ransomware attack.
-
Zero-days from top security vendors were most exploited CVEs in 2023
The top five vulnerabilities exploited by attackers last year were found in security gear from Citrix, Cisco and Fortinet, the Five Eyes’ cyber agencies found.
-
Citrix Session Recording users warned of CVEs that allow hackers to gain control
Security researchers at watchTowr discovered the flaw and claim attackers can gain access without authentication, a finding which Citrix disputes.
-
US hopes to leverage UN cybercrime treaty toward ransomware fight
The Biden administration decided to back the controversial accord, despite widespread concerns about potential human rights abuses.