Dallas still recovering from ransomware on eve of municipal election

City officials say the attack would not affect the election, but many services remain down.

Google, Dashlane separately move to eliminate passwords

In unrelated moves, the companies highlighted a growing effort to phase out dependence on passwords amid a rise in phishing attacks.

Dallas ransomware attack causes critical service outages

Websites for the city and its police department, which serves a population of nearly 1.3 million people, currently return 503 error pages.

How 7 cybersecurity experts manage their passwords

Cybersecurity Dive asked CISOs and other cyber experts what they do with their passwords. Here’s how they manage the mess that awaits us all.

Merck cyber coverage upheld in NotPetya decision, seen as victory for policyholders

A court victory in the closely watched insurance case is expected to stabilize a turbulent market and provide some assurance for organizations amid a rise in nation-state activity.

Companies need a wakeup call to fix chronic security shortcomings, cyber experts say

One researcher wonders if the industry needs another Snowden-like moment to spring organizations into action.

Cybersecurity pros plant seeds of hope at RSA Conference

Optimism floated on the surface during the annual industry gathering. For one keynote on stage, it was the central theme.

Most open source maintainers still consider themselves hobbyists, despite compensation pledges

A study by Tidelift shows a compensation gap for the key producers of open source applications, raising questions about how to properly secure software supply chains.

3 areas of generative AI the NSA is watching in cybersecurity

Generative AI is a “technological explosion,” NSA Cybersecurity Director Rob Joyce said. While it is game changing, it hasn’t yet delivered. 

Organizations are boosting resilience, getting faster at incident response

While the number of data security incidents remained level between 2021 and 2022, companies improved recovery thanks to stronger security measures, BakerHostetler found.

Mandiant CEO’s 7 tips for cyber defense

Organizations’ institutional knowledge is an advantage that no adversary can match, Kevin Mandia told RSA Conference attendees.

CISA seeks public comment on software security attestation form

The release is part of a larger effort by the Biden administration to strengthen software security at the development stage.

Acting National Cyber Director downplays reports of interagency strife

There’s been no sign of tension between U.S. cybersecurity officials during Kemba Walden’s tenure, at least from her perspective.

Global cyber insurance prices continue to moderate in Q1

Marsh data shows rate increases slowing, stemming in part from new entrants into the cyber insurance market and fewer ransomware attacks in 2022.

White House to share roadmap for national cyber strategy implementation this summer

Acting National Cyber Director Kemba Walden said the strategy is built to have a 10-year shelf life, allowing for flexibility as new technologies and threats emerge. 

OpenAI adds more data privacy guardrails for ChatGPT

The company is allowing users to turn off chat history and export data as it seeks to reach enterprise customers.

NCR restores more services following ransomware attack

The company, which provides point-of-sale and back-office services, is still working to regain full access for restaurant and retail customers.

More than 2K organizations at risk of major attacks linked to SLP vulnerability

Over 54,000 SLP-speaking instances and 670 product types are vulnerable, researchers from BitSight and Curesec found, including VMware ESXi Hypervisor. 

Teenagers, young adults pose prevalent cyberthreat to US, Mandiant says

The brains behind high-profile attacks last year, teenagers and young adults use sophisticated social engineering techniques for intrusions.

Supply chain attack that hit 3CX caught at least 4 other victims, Symantec says

Malware-laced financial trading software X_Trader ensnared two critical infrastructure organizations in the energy sector. 

IT managers uneasy with snooping software: report

Surveillance tools may cause an uptick in staff attrition and make hiring more difficult, a 1E survey found. 

Early warning threat information platform launched for OT

The platform will provide a vendor-agnostic option for sharing early threat information and intelligence across industries, the group said Monday. 

Threat actors can use ChatGPT to sharpen cyberthreats, but no need to panic yet

Startling dangers, such as autonomous attack mechanisms and sophisticated malware coding, have yet to materialize. For now, the threat is more specific.

3CX has a 7-part plan to shore up its security

The company is planning significant security upgrades and changes to network operations after a historic attack from a state-linked actor.

Microsoft summons weather events to name threat actors

Under the new taxonomy, a blizzard or typhoon designation represents a nation-state actor and financially motivated threat actors fall under the family name tempest.