Page 2

TSA revises cybersecurity requirements for oil and gas pipelines

The agency released performance-based requirements after extensive industry debate following the May 2021 Colonial Pipeline ransomware attack.

Atlassian urges rapid response after Confluence hardcoded password leaked

The company's customers are confronting the second critical vulnerability on Confluence in as many months.

Network vulnerabilities declined in 2021, but attacks hit all-time high

Five of the 10 most-exploited vulnerabilities last year were identified before 2020, and No. 3 dates back to 2017.

Where 5 programs are investing to close cyber skills gap

In line with a White House push to close the cyber skills gap, technology firms, nonprofits and other organizations have launched a range of programs to develop a new generation of workers.

LockBit ransomware hitting network servers

The latest tactic used to deploy the prolific malware allows threat actors to end processes, stop services and duplicate more quickly.

California privacy rules target dark patterns through technology design

California Privacy Rights Act provisions that will go into effect in January will provide more control to consumers over how companies use their data. 

New ransomware discovered using Rust, atypical encryption

Luna’s use of platform-agnostic code allows threat actors to initiate attacks on different operating systems concurrently.

White House takes on cyber workforce gap through 120-day apprenticeship sprint

A cyber workforce and education summit at the White House Tuesday was designed to address the long-standing shortage of qualified and diverse candidates for security operations teams. 

State-backed threat actors use Google Drive, Dropbox to launch attacks

The Russia-linked threat actor behind the SolarWinds attack used cloud storage services to deploy malicious payloads using Cobalt Strike. 

US effort to rip and replace hardware made in China is ballooning in cost

A yearslong push to remove telecom equipment deemed a national security threat continues to vex regulators.

Data breach at debt collector affects almost 2M healthcare patients

It’s the second-largest health data breach this year after the Shields Health Care Group cyberattack in March, the Department of Health and Human Services breach reporting portal shows.

Google deal to buy Mandiant clears key antitrust hurdle

The Department of Justice cleared the deal last week, but the $5.4 billion agreement remains subject to approval by foreign regulators.

CISA releases indicators of compromise for hard-hit VMware Horizon

Federal authorities warn a more complex form of malware is providing advanced persistent threat actors with vast command and control capabilities.

Ransomware attacks surge in education sector

Colleges and universities are particularly challenged as repercussions of ransomware hit them harder and longer than other organizations.

CISA eyes cross-pond cyber cooperation with London office

Federal agencies have worked closely with allies to combat malicious cyber activity and illicit use of cryptocurrency.

Fake GitHub commits can trick developers into using malicious code

Threat actors can easily alter the identity and timestamp associated with software updates, putting developers at serious risk, Checkmarx research shows.

The US is losing the cyberspace race

Decades-old policies have failed to stem a growing threat, the Council of Foreign Relations said. What if the U.S. embraced a more limited and realistic strategy?

Cyber insurers split on what's most important in a security posture assessment

To keep up with demand, cyber insurers acknowledge the need to rethink the underwriting process, research from Panaseer shows.

Log4j is far from over, cyber review board says

Exploitation of Log4j occurred at lower levels than experts predicted, yet it remains an "endemic vulnerability," the Cyber Safety Review Board said.

Companies cannot see — or protect — nearly half of all device endpoints

Managing corporate devices was hard pre-pandemic. But as digital sprawl bloomed, visibility fell further behind. 

Threat actors favor brute force attacks to hit cloud services

Google Cloud warned that organizations face their greatest threat due to weak passwords and vulnerable software.

Hospital ransomware concerns rise after payment vendor breach, North Korea threats

A recently disclosed ransomware attack could have exposed patient data from more than 650 healthcare providers.

Mid-sized companies grapple with response to cyber crises

Limited resources, staffing and executive awareness can hamper attack response capabilities.

As cyber talent demand heats up, hiring managers should shift expectations

Companies trying to fill cybersecurity roles need to stop looking for unicorns and expand their search to qualified, but often overlooked, job candidates.  

Microsoft rollback on macro blocking in Office sows confusion

The company said it remains "fully committed" to disabling macros by default, and the temporary measure will make the product more user friendly.