517 articles by David Jones

• Ahead of summer holiday weekends, IT security leaders brace for deliberate cyber mischief

  May 26, 2023

• Broad campaign underway to access US critical infrastructure using small, home office devices

  May 25, 2023

• CISA updates ransomware guide 3 years after its debut

  May 24, 2023

• BEC attacks rise as criminal hackers employ new tactics to evade detection

  May 23, 2023

• Dole incurs $10.5M in direct costs from February ransomware attack

  May 18, 2023

• Cyber resilience programs falling short on preparing workers for a crisis

  May 18, 2023

• House hearing details cyber resilience efforts for energy, water and healthcare

  May 17, 2023

• Yum Brands faces class action suits from employees after ransomware attack

  May 16, 2023

• Western Digital cyberattack not expected to have material impact on future earnings

  May 15, 2023

• Criminal actors switch tactics after Microsoft began to block macros last year

  May 12, 2023

• Dragos says it thwarted extortion bid by known ransomware threat group

  May 11, 2023

• Walden says cybersecurity strategy mostly well-received

  May 10, 2023

• CISO anxiety returns amid heightened concern of material cyberattacks

  May 9, 2023

• Western Digital confirms customer data accessed by hackers in attack

  May 8, 2023

• Former Uber CSO avoids prison time for ransomware coverup

  May 5, 2023

• Google, Dashlane separately move to eliminate passwords

  May 4, 2023

• Merck cyber coverage upheld in NotPetya decision, seen as victory for policyholders

  May 3, 2023

• Most open source maintainers still consider themselves hobbyists, despite compensation pledges

  May 2, 2023

• Organizations are boosting resilience, getting faster at incident response

  May 1, 2023

• CISA seeks public comment on software security attestation form

  April 28, 2023

• Global cyber insurance prices continue to moderate in Q1

  April 27, 2023

• NCR restores more services following ransomware attack

  April 26, 2023

• More than 2K organizations at risk of major attacks linked to SLP vulnerability

  April 25, 2023

• Early warning threat information platform launched for OT

  April 24, 2023

• 3CX has a 7-part plan to shore up its security

  April 20, 2023

• Software industry leaders debate real costs and benefits of CISA security push

  April 14, 2023

• CISA, partner agencies unveil secure by design principles in historic shift of software security

  April 13, 2023

• CISA to unveil secure-by-design principles this week amid push for software security

  April 12, 2023

• 3CX threat actor named as company focuses on security upgrades, customer retention

  April 12, 2023

• Western Digital restores local access to My Cloud Home customers following security breach

  April 11, 2023

• Biden cyber officials see auto, food safety as models for security overhaul

  April 10, 2023

• 3CX updates Windows app for desktop following supply chain attack

  April 7, 2023

• Broad MFA, rapid patching a must to stop cyberattacks, Marsh McLennan finds

  April 6, 2023

• IT security leaders still told to keep data breaches quiet, study finds

  April 6, 2023

• 3CX makes progress restoring Windows app from state-linked supply chain attack

  April 5, 2023

• Palo Alto security software stung by ransomware strain

  April 4, 2023

• Western Digital cyber incident is credit negative: Moody’s analyst

  April 4, 2023

• Western Digital takes systems offline after threat actor gains access to company data

  April 3, 2023

• 3CX retains Mandiant to investigate supply chain attack with global reach

  March 31, 2023

• Supply chain attack against 3CX communications app could impact thousands

  March 30, 2023

• White House eyes the next frontier of cybersecurity — space

  March 30, 2023

• Lumen Technologies says ransomware attack disrupted call centers

  March 29, 2023

• Microsoft unveils Security Copilot built on GPT-4

  March 28, 2023

• Lumen Technologies hit with 2 separate security incidents

  March 28, 2023

• US looks to reimagine cybersecurity paradigm with burden shift, rebuilt infrastructure

  March 24, 2023

• CISA director urges top business leaders, board members to take cyber risk ownership

  March 24, 2023

• CISA revises cybersecurity performance goals

  March 22, 2023

• Outlook zero-day still vulnerable to attackers with prior access, researchers find

  March 20, 2023

• Security drives software purchases for half of US companies

  March 20, 2023

• Google Cloud joins FS-ISAC’s critical providers program to share threat intel

  March 17, 2023

• SEC proposes cybersecurity disclosure rules for financial industry specialists

  March 17, 2023

• Outlook zero day linked to critical infrastructure attacks

  March 16, 2023

• MKS Instruments hit by class-action litigation following ransomware attack

  March 15, 2023

• CISA launches ransomware warning pilot for critical infrastructure providers

  March 14, 2023

• Shift to secure-by-design must start at university level, CISA director says

  March 13, 2023

• Blackbaud to pay $3M to settle SEC charges of a misleading ransomware investigation

  March 10, 2023

• GitHub to begin rollout of 2FA security upgrade for developers

  March 9, 2023

• CrowdStrike grows subscriber base as customers consolidate security services

  March 9, 2023

• TSA unveils emergency cybersecurity requirements for airlines, airports

  March 8, 2023

• Dole doesn’t expect to recover full costs of ransomware attack

  March 8, 2023

• Insurance holding company Group 1001 says operations restored after ransomware attack

  March 7, 2023

• Who is liable for flawed software? New guidance upends the security standard

  March 6, 2023

• EPA unveils cybersecurity oversight for public drinking water systems

  March 3, 2023

• The US cyber strategy is out. Now, officials just have to implement it

  March 3, 2023

• MKS Instruments says February ransomware attack will clip $200M from revenue

  March 2, 2023

• White House releases national cyber strategy, shifting security burden

  March 2, 2023

• CISA red team cracks a critical infrastructure provider’s defenses, a lesson in lateral access

  March 1, 2023

• 3 CISA principles for secure by design

  Feb. 28, 2023

• CISA director urges tech industry to take responsibility for secure products

  Feb. 27, 2023

• Dole hit by ransomware, North America operations briefly disrupted

  Feb. 23, 2023

• IT security budgets triple as businesses confront more cyberattacks across Europe, US

  Feb. 16, 2023

• Google backs federal push for tech to embrace ‘secure by design’

  Feb. 15, 2023

• Liberty Mutual launches global cyber office

  Feb. 14, 2023

• Companies often operate in dark with little applied threat intelligence

  Feb. 13, 2023

• Reddit says limited amount of source code, employee data accessed in phishing attack

  Feb. 10, 2023

• National cyber director to retire this month

  Feb. 9, 2023

• Half of executives expect an increase in cyber incidents targeting financial data: report

  Feb. 8, 2023

• Sports betting apps fumble open source, placing users at risk

  Feb. 7, 2023

• Corporate boards struggle to understand cybersecurity and digital transformation

  Feb. 6, 2023

• CVEs expected to rise in 2023, as organizations still struggle to patch

  Feb. 3, 2023

• 98% of organizations worldwide connected to breached third-party vendors

  Feb. 2, 2023

• Microsoft disables phishing campaign after researchers flag OAuth app abuse

  Feb. 1, 2023

• CISOs to face new budget hurdles in 2023 as economic anxiety lingers

  Jan. 31, 2023

• On deck for the business of cybersecurity: Fire sales and due diligence

  Jan. 31, 2023

• Microsoft surpasses $20B in security revenue as enterprise customers consolidate

  Jan. 30, 2023

• CISA’s public-private cyber collaborative to focus on energy, water

  Jan. 27, 2023

• Threat actors are using remote monitoring software to launch phishing attacks

  Jan. 26, 2023

• Exchange Server under pressure as opportunistic actors step up attacks

  Jan. 25, 2023

• Only half of companies have the budgets necessary to mitigate cybersecurity risks: study

  Jan. 24, 2023

• Almost half of critical manufacturing organizations face significant risk of data breach

  Jan. 23, 2023

• Ransomware attack against Yum! Brands follows several incidents targeting restaurant industry

  Jan. 20, 2023

• World Economic Forum officials warn global instability could lead to catastrophic cyber event

  Jan. 19, 2023

• Mailchimp hit by second cyberattack in 6 months, 133 customers impacted

  Jan. 19, 2023

• Cyber, business interruption remain top global corporate risks

  Jan. 18, 2023

• Four Microsoft Azure services found vulnerable to server-side request forgery

  Jan. 17, 2023

• CircleCI probe links malware placed on engineer’s laptop to larger breach

  Jan. 13, 2023

• Citrix flaw exploited in ransomware attack against small US business

  Jan. 13, 2023

• CircleCI working with AWS to identify, revoke keys impacted by security incident

  Jan. 12, 2023

• Surging cyberthreats, data concerns remain top dispute risks for organizations

  Jan. 12, 2023

• CISA adds Exchange Server, Windows vulnerabilities to catalog of exploited CVEs

  Jan. 11, 2023

• NRF forms cyberthreat intelligence partnership with RH-ISAC

  Jan. 11, 2023

• Beazley launches historic $45M cyber catastrophe bond

  Jan. 10, 2023

• CircleCI incident raises further concerns about security of software development

  Jan. 9, 2023

• Rackspace confirms ransomware attack hit a small percentage of its Hosted Exchange customers

  Jan. 6, 2023

• 6 security experts on what cyberthreats they expect in 2023

  Jan. 6, 2023

• Slack employee tokens stolen, GitHub repository breached

  Jan. 5, 2023

• Freight company Wabtec discloses June cyberattack impacting US, overseas operations

  Jan. 4, 2023

• Rackspace identifies ransomware threat actor behind December attack via Exchange

  Jan. 3, 2023

• Rackspace recovers old emails as customers await answers from ransomware probe

  Dec. 22, 2022

• New exploit for Microsoft’s ProxyNotShell mitigation side steps fix

  Dec. 22, 2022

• Remote, third-party workers raise security risks for enterprises: report

  Dec. 21, 2022

• MacOS vulnerability allows threat actors to bypass Apple Gatekeeper

  Dec. 20, 2022

• Apple CIO steps down from Rackspace board citing new job duties

  Dec. 19, 2022

• Rackspace executives stand by ransomware response

  Dec. 16, 2022

• Rackspace blames ransomware attack on financially motivated threat actor

  Dec. 15, 2022

• Threat actors abuse legitimate Microsoft drivers to bypass security

  Dec. 13, 2022

• Fortinet urges customers to upgrade systems amid critical vulnerability

  Dec. 13, 2022

• Rackspace says more than two-thirds of customers regained email access

  Dec. 12, 2022

• Fear, panic and Log4j: One year later

  Dec. 9, 2022

• Rackspace scrambles to assist customers as ransomware probe continues

  Dec. 8, 2022

• Microsoft taps security demand to drive M365 amid fragmented market

  Dec. 7, 2022

• Rackspace says ransomware disrupted its Hosted Exchange business

  Dec. 6, 2022

• Infostealer malware surges on dark web amid rise in MFA fatigue attacks

  Dec. 5, 2022

• Cyber Safety Review Board to probe Lapsus$ ransomware spree

  Dec. 2, 2022

• Defense Department launches zero trust, phasing out perimeter defense strategy

  Nov. 23, 2022

• Three-quarters of retail, hospitality applications have security flaws

  Nov. 22, 2022

• Palo Alto Networks reports strong fiscal Q1 as security needs outpace economic fears

  Nov. 21, 2022

• Offshore oil and gas at risk of potentially catastrophic cyberattack: GAO

  Nov. 18, 2022

• Iran-linked threat actors exploiting Log4Shell via unpatched VMware, feds warn

  Nov. 16, 2022

• Critical infrastructure providers ask CISA to place guardrails on reporting requirements

  Nov. 16, 2022

• High risk, critical vulnerabilities found in 25% of all software applications and systems

  Nov. 15, 2022

• K-12 schools lack resources, funding to combat ransomware threat

  Nov. 14, 2022

• CISA warns unpatched Zimbra users to assume breach

  Nov. 11, 2022

• Citrix CVEs need urgent security updates, CISA says

  Nov. 10, 2022

• SolarWinds under SEC probe related to 2020 supply chain attack

  Nov. 9, 2022

• Microsoft finally releases security updates for ProxyNotShell zero days

  Nov. 8, 2022

• Mondelē​​z settlement in NotPetya case renews concerns about cyber insurance coverage

  Nov. 8, 2022

• NIST seeks water industry feedback on boosting cyber resilience

  Nov. 4, 2022

• CISA director bullish on private sector cooperation toward cybersecurity goals

  Nov. 3, 2022

• US ransomware payments surge to $1.2B in 2021: Treasury

  Nov. 2, 2022

• OpenSSL releases patch for 2 high-severity vulnerabilities after prior warning

  Nov. 1, 2022

• Critical OpenSSL vulnerability causes security industry to hold its breath

  Nov. 1, 2022

• Industrial providers ramp up cyber risk posture as OT threats evolve

  Oct. 31, 2022

• White House convenes dozens of countries to fight ransomware

  Oct. 31, 2022

• CISA aims for target rich, resource poor sectors in rollout of security basics

  Oct. 28, 2022

• CISA releases long-awaited cybersecurity performance goals for critical infrastructure

  Oct. 27, 2022

• GitHub vulnerability raises risk of open source supply chain attack

  Oct. 27, 2022

• Microsoft security business surges as cloud segment hit by slumping economy

  Oct. 26, 2022

• FTC orders Drizly to tighten data security practices as 2.5M consumers exposed

  Oct. 25, 2022

• Help wanted for 3.4M jobs: Cyber workforce shortage is an acute, worldwide problem

  Oct. 24, 2022

• White House plans IoT security labeling program for spring 2023

  Oct. 21, 2022

• National cybersecurity strategy to debut within months, White House official says

  Oct. 20, 2022

• TSA rolls out long-anticipated cyber directive for freight, passenger rail systems

  Oct. 19, 2022

• Uber ex-CSO verdict raises thorny issues of cyber governance and transparency

  Oct. 19, 2022

• Apache urges users to upgrade Common Text version to block ‘Text4Shell’ vulnerability

  Oct. 19, 2022

• Critical vulnerability surfaces in Apache Commons Text library

  Oct. 17, 2022

• Fortinet attacks escalate as company warns large swath of customers to upgrade

  Oct. 17, 2022

• White House to roll out Energy Star-like ratings for IoT

  Oct. 12, 2022

• CISA adds Fortinet CVE to vulnerability catalog after attacks escalate

  Oct. 12, 2022

• CISOs, corporate boards in wide disagreement on cyber resilience

  Oct. 10, 2022

• Microsoft struggles to mitigate Exchange Server CVEs as it races to complete patch

  Oct. 6, 2022

• Microsoft updates guidance to prevent future Exchange server attacks

  Oct. 5, 2022

• CISA orders federal IT overhaul with automated asset inventory, software scanning

  Oct. 4, 2022

• Microsoft warns of potential escalation for Exchange server zero days

  Oct. 3, 2022

• Microsoft investigating 2 zero-day vulnerabilities in Exchange Server

  Sept. 30, 2022

• C-suite, boards are prioritizing cybersecurity, but still expect increased threats

  Sept. 30, 2022

• State-linked actor targets VMware hypervisors with novel malware

  Sept. 29, 2022

• Most organizations had a cloud-related security incident in the past year

  Sept. 28, 2022

• Strict security rules could push open source community out of federal work, expert says

  Sept. 27, 2022

• American Airlines phishing attack involved unauthorized access to Microsoft 365

  Sept. 26, 2022

• Malicious OAuth applications used to control Exchange tenants in sweepstakes scam

  Sept. 23, 2022

• Organizations rapidly shift tactics to secure the software supply chain

  Sept. 22, 2022

• Stolen single sign-on credentials for major firms available for sale on dark web

  Sept. 21, 2022

• American Airlines targeted by threat actor in July data incident

  Sept. 20, 2022

• White House guidance on third-party software seen as a major test of cyber risk strategy

  Sept. 19, 2022

• LastPass says it contained August breach, leaving customer data and vaults secure

  Sept. 16, 2022

• Industrial control systems face more cyber risks than IT, expert testifies

  Sept. 16, 2022

• White House sets minimum security standards for federal software use

  Sept. 14, 2022

• Security vendor consolidation a priority for majority of organizations worldwide

  Sept. 14, 2022

• US is shoring up gaps in cyber policy, but critical goals remain unfulfilled

  Sept. 13, 2022

• US Treasury sanctions Iran intelligence agency following Albanian government attack

  Sept. 12, 2022

• CISA announces RFI for critical infrastructure cyber reporting mandate

  Sept. 9, 2022

• Researchers warn older D-Link routers are under threat from Mirai malware variant

  Sept. 8, 2022

• CISA Director: Tech industry should infuse security at product design stage

  Sept. 7, 2022

• PyPI contributors targeted by JuiceLedger in latest attack against open source

  Sept. 6, 2022

• Feds push for developers to take lead in securing software supply chain

  Sept. 2, 2022

• CrowdStrike, Palo Alto earnings show resilience in cyber investments amid macro concerns

  Sept. 1, 2022

• Slack enhances platform security amid rapid expansion and heightened risk

  Aug. 31, 2022

• Google tackles open source security with vulnerability rewards program

  Aug. 30, 2022

• Changing cyber insurance guidance from Lloyd’s reflects a market in turmoil

  Aug. 29, 2022

• Researchers say Cisco firewall software remains vulnerable to attack despite patch

  Aug. 26, 2022

• LastPass breached, portions of source code stolen, CEO says

  Aug. 26, 2022

• Threat actors again target critical SAP ICMAD vulnerabilities

  Aug. 23, 2022

• Media companies at high risk of malicious cyberattack: Report

  Aug. 22, 2022

• Risk of cyberattack emerges as top concern of US executives

  Aug. 19, 2022

• Mailchimp breach shines new light on digital identity, supply chain risk

  Aug. 18, 2022

• DigitalOcean, caught in Mailchimp security incident, drops email vendor

  Aug. 17, 2022

• Zero trust adoption skyrockets, nearing universal adoption

  Aug. 16, 2022

• CISA director lauds first-year efforts of public-private cyber collaborative

  Aug. 15, 2022

• Critical flaws on widely used Cisco firewalls left unpatched for months

  Aug. 12, 2022

• Log4j was the right incident for inaugural review, safety board says

  Aug. 11, 2022

• Blockchain, privacy advocates push back on Tornado Cash sanctions

  Aug. 10, 2022

• Businesses boost software supply chain security, but strategies remain fragmented

  Aug. 9, 2022

• Twitter vulnerability risk resurfaces, testing the security of pseudonymous users

  Aug. 8, 2022

• White House to incorporate performance metrics into national cybersecurity strategy

  Aug. 5, 2022

• US must take a lead role in cyber diplomacy, State Dept. nominee says

  Aug. 4, 2022

• Threat actors hide malware in legitimate — and high profile — applications

  Aug. 3, 2022

• Initial access brokers selling online access to unsuspecting MSPs

  Aug. 2, 2022

• Threat actors shifting tactics as Microsoft blocks, unblocks and reblocks macros

  July 29, 2022

• CISA expands cyber relationship with Ukraine authorities

  July 28, 2022

• Mandiant red team breaches OT servers to mimic crime group techniques

  July 27, 2022

• Uber reaches non-prosecution deal with feds after concealing data breach

  July 26, 2022

• Google backs federal review board's Log4j, open source security push

  July 25, 2022

• TSA revises cybersecurity requirements for oil and gas pipelines

  July 22, 2022

• Where 5 programs are investing to close cyber skills gap

  July 21, 2022

• White House takes on cyber workforce gap through 120-day apprenticeship sprint

  July 20, 2022

• State-backed threat actors use Google Drive, Dropbox to launch attacks

  July 19, 2022

• Google deal to buy Mandiant clears key antitrust hurdle

  July 19, 2022

• CISA eyes cross-pond cyber cooperation with London office

  July 18, 2022

• Companies cannot see — or protect — nearly half of all device endpoints

  July 13, 2022

• Microsoft rollback on macro blocking in Office sows confusion

  July 11, 2022

• Mid-sized companies grapple with response to cyber crises

  July 8, 2022

• Apple's coming security features an answer to government-backed spyware

  July 7, 2022

• Threat actors capitalize on red team tool capable of bypassing EDR, antivirus

  July 6, 2022

• Google TAG exposes hack-for-hire groups targeting activists and sensitive data

  July 5, 2022

• Federal authorities warn MedusaLocker ransomware targeting remote desktop vulnerabilities

  July 1, 2022

• Google enhances password manager to boost security across platforms

  June 30, 2022

• Cash-strapped Main Street organizations face global cyberthreats

  June 29, 2022

• New York names first chief cyber officer

  June 28, 2022

• Carnival to pay $5M for cyber violations to NY financial regulator

  June 27, 2022

• Organizations lag on confidence and policies to manage open source security

  June 24, 2022

• Department of Energy rethinks cyber resilience in strategy to secure the grid

  June 23, 2022

• Dozens of vulnerabilities threaten major OT device makers

  June 21, 2022

• Microsoft releases long sought patch for Office Follina zero day as CISA, customers assess impact

  June 15, 2022

• Microsoft resolves critical vulnerability in Azure Synapse after prior patches fall short

  June 14, 2022

• Tenable CEO calls out Microsoft on lack of transparency on vulnerabilities

  June 13, 2022

• Threat actors deploy new attack methods as Microsoft Follina vulnerability lingers

  June 10, 2022

• FBI, CISA issue warning on China-backed cyber threats against the telecom industry

  June 8, 2022

• Attackers aim for Atlassian Confluence zero day with mass, targeted exploitation

  June 7, 2022

• Atlassian releases fix for critical zero day impacting Confluence

  June 3, 2022

• CISA issues warning after critical zero day hits Atlassian's Confluence

  June 3, 2022

• Russia, backed by ransomware gangs, actively targeting US, FBI director says

  June 2, 2022

• Microsoft zero day under attack as industry awaits patch

  June 1, 2022

• Microsoft Office zero day leaves researchers scrambling over the holiday weekend

  May 31, 2022

• Oil and gas industry pledges cyber cooperation at World Economic Forum

  May 26, 2022

• Feds remain in the dark as ransomware disclosure lags

  May 25, 2022

• Russian disinformation campaigns disrupt Ukraine narrative

  May 24, 2022

• Feds release grim reminder: Threat actors prey on basic security mishaps

  May 20, 2022

• Biden administration makes inroads amid zero trust rollout

  May 19, 2022

• How the Colonial Pipeline attack instilled urgency in cybersecurity

  May 17, 2022

• Tech giants pledge multimillion down payment to secure open source

  May 13, 2022

• White House cyber executive order still has unfinished business

  May 12, 2022

• US, allies blame Russia for Viasat cyberattack

  May 11, 2022

• Colonial Pipeline faces nearly $1M in penalties as federal regulator discloses violations

  May 6, 2022

• Microsoft, Apple and Google double down on FIDO passwordless standard

  May 5, 2022

• Ukraine cyberthreat activity ramps up against critical infrastructure, governments

  May 4, 2022

• Critical CVEs put Aruba Networks, Avaya enterprise switches at risk

  May 3, 2022

• Familiar names top 2021's most-exploited vulnerabilities list

  May 2, 2022

• M&A sets record pace as ransomware, nation-state threats fuel security demand

  April 29, 2022

• Ransomware attacks, payouts soared worldwide in 2021: report

  April 27, 2022

• Emotet botnet tests new techniques after global crackdown

  April 26, 2022

• AWS reissues Log4Shell hotpatch after vulnerabilities found

  April 22, 2022

• Cyber agencies renew warnings of Russia-linked threats against industrial targets

  April 21, 2022

• Threat detection accelerates in Asia, Europe, as notification trends shift

  April 19, 2022

• Authorities warn dangerous new malware can shut down, sabotage industrial sites

  April 14, 2022

• Microsoft intercepts Zloader botnet, a distributor for Ryuk ransomware

  April 14, 2022

• Datto, SailPoint acquired for more than $6B each amid growing cyber consolidation

  April 11, 2022

• Microsoft blocks Russian cyberattacks linked to Ukraine war

  April 8, 2022

• DOJ disrupts Russia-backed Cyclops Blink botnet

  April 7, 2022

• Federal authorities urged to bolster intel sharing amid nation-state threats

  April 6, 2022

• State Department launches cyber bureau amid rising global tensions

  April 5, 2022

• Viasat network cyberattack linked to newly discovered Russian wiper

  April 1, 2022

• Biden administration's FY 2023 budget includes 11% increase for cyber

  March 30, 2022

• Nation-state threat actors remain steps ahead of defenders

  March 28, 2022

• White House warns US of possible Russian cyberattack linked to Ukraine invasion

  March 21, 2022

• Cyberthreats grow as US, NATO countries press Russia sanctions

  March 18, 2022

• Russian state-sponsored actors target PrintNightmare, MFA settings

  March 16, 2022

• What cyber incident reporting rules mean for critical infrastructure

  March 15, 2022

• Congress adds historic cyber incident reporting rule to massive $1.5 trillion package

  March 11, 2022

• CrowdStrike shares surge on strong Q4 earnings and robust annual forecast

  March 10, 2022

• Russian cyberattacks surprisingly limited in Ukraine, US officials say

  March 9, 2022

• Google swoops in to buy Mandiant for $5.4B after weeks of market speculation

  March 8, 2022

• Sinclair losses mount as ransomware costs exceed insurance policy

  March 7, 2022

• Ukraine war tests cyber insurance exclusions

  March 3, 2022

• New wiper, worm attacks emerge in Ukraine targeting government and industry

  March 1, 2022

• Cyberattack on Nvidia results in data leak, credential theft

  Feb. 25, 2022

• DHS to lead federal response to Russia-Ukraine crisis

  Feb. 25, 2022

• Botnets, data wiping malware spread as Ukraine incursion begins

  Feb. 24, 2022

• Colonial Pipeline names cybersecurity veteran as first CISO

  Feb. 23, 2022

• Security hampers enterprise cloud adoption: report

  Feb. 22, 2022

• US links Russia to Ukraine DDoS attacks

  Feb. 18, 2022

• Critical SAP CVEs leave broad exposure, fixes require downtime

  Feb. 17, 2022

• Officials warn of asymmetric cyberattacks as Ukraine conflict simmers

  Feb. 16, 2022

• Log4j highlights ongoing cyber risk from free, open source software: Moody's

  Feb. 11, 2022

• Critical SAP vulnerabilities spur CISA, researcher pleas for urgent patching

  Feb. 10, 2022

• Apache tells US Senate committee the Log4j vulnerability could take years to resolve

  Feb. 9, 2022

• NIST targets software supply chain with guidance on security standards

  Feb. 7, 2022

• DHS adds review board to advise federal response to major cyberattacks

  Feb. 3, 2022

• Threat actors pressure OT, critical infrastructure by leaking sensitive data

  Feb. 2, 2022

• Conflict over Ukraine raises cyber risk for US enterprises

  Feb. 1, 2022

• Blackberry links initial access broker activity to Log4Shell exploit in VMware Horizon

  Jan. 26, 2022

• DHS warns local authorities, critical infrastructure providers over potential Russia threat

  Jan. 25, 2022

• Boards, CISOs seek alignment on OT security challenges

  Jan. 24, 2022

• Ukraine tensions raise cyberthreats against US companies, critical infrastructure

  Jan. 21, 2022

• Log4j raises cyber risk for public finance entities, Fitch warns

  Jan. 19, 2022

• Cobalt Strike targets VMware Horizon after UK warnings of Log4Shell threats

  Jan. 18, 2022

• Big tech pushes White House for open source funding, standards after Log4j

  Jan. 14, 2022

• FCC seeks stronger breach reporting rules for telecoms

  Jan. 13, 2022

• Log4j threat activity limited, but CISA says actors lay in wait

  Jan. 11, 2022

• Log4Shell threat activity targeting VMware Horizon, UK researchers warn

  Jan. 10, 2022

• Can SOAR technology help SOCs regain the advantage in threat detection?

  Jan. 7, 2022

• FTC threatens enforcement on firms lax about Log4j vulnerability

  Jan. 5, 2022

• Log4j activity expected to play out well into 2022

  Jan. 4, 2022

• US allies call for Log4j vigilance as organizations struggle to detect vulnerabilities

  Dec. 23, 2021

• Organizations still downloading vulnerable Log4j versions

  Dec. 22, 2021

• Federal authorities brace for long holiday as Log4j threat activity rises

  Dec. 20, 2021

• Log4j: What we know (and what's yet to come)

  Dec. 17, 2021

• Log4j attacks poised to rise as threat actors search for attack vectors

  Dec. 16, 2021

• Log4j threat expands as second vulnerability emerges and nation states pounce

  Dec. 15, 2021

• Log4j under siege, millions of devices vulnerable

  Dec. 14, 2021

• Federal authorities, technology vendors race to contain Log4j vulnerability

  Dec. 13, 2021

• Is the security of legacy IT providers prompting a confidence crisis?

  Dec. 8, 2021

• A year later, Nobelium-linked threat actors still target businesses, government

  Dec. 6, 2021

• Insurer Lloyd's slashes coverage on state-sponsored cyberattacks, reflecting battered market

  Dec. 3, 2021

• Majority of US retailers, critical infrastructure unscathed after holiday cyber warnings

  Nov. 30, 2021

• Crypto becoming the preferred currency of cybercriminals and rogue governments

  Nov. 24, 2021

• GoDaddy breach raises questions about how to secure identity in the enterprise

  Nov. 23, 2021

• Enterprises prepare for ransomware threats during Thanksgiving

  Nov. 22, 2021

• 30K Microsoft Exchange Servers remain vulnerable to new tactics

  Nov. 18, 2021

• Companies urged to alert federal law enforcement in ransomware cases

  Nov. 17, 2021

• Threat actor breaches HPE's Aruba Central via data repository access key

  Nov. 16, 2021

• Banks outpace other industries in cyber investments, defense strategies: report

  Nov. 15, 2021

• A year after SolarWinds, third-party risk still threatens the software supply chain

  Nov. 12, 2021

• US backs Paris-led effort on cybersecurity cooperation

  Nov. 11, 2021

• Trust is becoming a CISO priority, boosts customer stickiness

  Nov. 10, 2021

• DOJ unveils charges, money seizures in multinational crackdown against REvil

  Nov. 9, 2021

• Pentagon revamps CMMC program to help SMBs meet compliance standards

  Nov. 5, 2021

• Sinclair Broadcast still assessing financial impact of ransomware attack

  Nov. 4, 2021

• Ransomware actors attempt to toy with stock valuation, disrupt M&A, FBI says

  Nov. 3, 2021

• Most companies dealing with employee misuse of business apps: report

  Nov. 2, 2021

• SolarWinds threat actor targets cloud services, Microsoft 365 mailboxes

  Nov. 1, 2021

• Twitter eyes phishing deterrence with security key rollout

  Oct. 29, 2021

• Corporate boards, C-suite finally prioritize cyber after years of business risk

  Oct. 27, 2021

• Supply chain attacks lift debate on how to manage software vulnerabilities

  Oct. 21, 2021

• Sinclair Broadcast becomes latest media group to face ransomware attack

  Oct. 19, 2021

• Federal agencies warn of ransomware targeting water, wastewater treatment plants

  Oct. 18, 2021

• Ransomware summit takeaways: Pledges to disrupt safe havens, money laundering

  Oct. 15, 2021

• Biden administration seeks international progress on ransomware fight

  Oct. 14, 2021

• Cybersecurity tool sprawl leading to burnout, false positives: report

  Oct. 13, 2021

• War room preparation key to ransomware response, experts say

  Oct. 11, 2021

• DOJ cracks down on ransomware with cyber task force, civil fraud initiative

  Oct. 7, 2021

• Insider threat environment faces challenges amid changing corporate landscape

  Oct. 6, 2021

• Top global companies falling short in protecting domain security

  Oct. 5, 2021

• REvil, DarkSide highlight surge in Q2 ransomware attacks: report

  Oct. 4, 2021

• Threat actors more frequently — and successfully — target Active Directory

  Sept. 30, 2021

• Microsoft, under attack from threat actors, positions itself as cyber guardian

  Sept. 29, 2021

• Microsoft warns of new credential-stealing backdoor from SolarWinds threat actor

  Sept. 28, 2021

• Ransomware compromises customer data in farm co-op attack

  Sept. 23, 2021

• Enterprises plan major investments as remote work escalates security risk: report

  Sept. 22, 2021

• BlackMatter gang targets Iowa agriculture cooperative in a test of critical infrastructure

  Sept. 21, 2021

• Companies must develop operational plan for ransomware recovery

  Sept. 17, 2021

• Boards rethink incident response playbook as ransomware surges

  Sept. 15, 2021

• Executives fail to make software supply chain security a priority, report finds

  Sept. 14, 2021

• Fortinet credential drop linked to fissure in ransomware group

  Sept. 10, 2021

• InfoSec teams under pressure to compromise security for productivity: report

  Sept. 9, 2021

• Exploits underway for Microsoft zero day leveraging Office documents

  Sept. 8, 2021

• Cybersecurity discussion growing in regulatory filings

  Sept. 8, 2021

• Neuberger amplifies Labor Day ransomware fears

  Sept. 3, 2021

• Machine identity remains a mystery, threatening digital security

  Sept. 2, 2021

• Ransomware capitalizes on holiday weekends. Feds urge vigilance over Labor Day

  Sept. 1, 2021

• Azure flaw exposes enterprise databases, raising questions on cloud security

  Aug. 30, 2021

• Facility management worried about OT cybersecurity, but few plan to fix it

  Aug. 27, 2021

• More threats target Linux, a foundation for the cloud, report finds

  Aug. 25, 2021

• Microsoft Exchange vulnerabilities targeted in ProxyShell attacks

  Aug. 24, 2021

• Men more likely to engage in risky online behavior: report

  Aug. 20, 2021

• Up to 83M IoT devices at risk of remote access

  Aug. 18, 2021

• How much does phishing really cost the enterprise?

  Aug. 17, 2021

• Insider risk surges as resignations mount

  Aug. 13, 2021

• Criminal middlemen administer access to privileged accounts

  Aug. 12, 2021

• APT actors target Microsoft 365 using novel techniques

  Aug. 6, 2021

• Decade-old router flaw allows cross-network access, Tenable finds

  Aug. 4, 2021

• Ransomware, supply chain attacks put cyber insurers on notice

  July 28, 2021

• OT cyberattacks could threaten human safety by 2025: Gartner

  July 26, 2021

• No ransom paid to obtain decryptor, Kaseya says

  July 23, 2021

• Lack of visibility leaves critical infrastructure vulnerable to ransomware

  July 22, 2021

• White House ties cyberattacks to China, but private sector awaits stronger action

  July 20, 2021

• WFH shift tests resilience of financial services amid surge in phishing, ransomware

  July 16, 2021

• Behind the Firewall: How 6 security execs screen vendors

  July 16, 2021

• Kaseya restores SaaS monitoring service after REvil ransomware attack

  July 12, 2021

• Kaseya: What's known (and unknown) about the ransomware attack

  July 9, 2021

• Kaseya postpones service restoration, apologizes for attack

  July 8, 2021

• Kaseya misses first attempt to restore SaaS following REvil attack

  July 7, 2021

• Kaseya wrestles with service restoration following supply chain attack

  July 6, 2021

• Ransomware attack against Kaseya creates rippling supply chain compromise

  July 2, 2021

• Cloud targeted in widespread brute force campaign

  July 2, 2021

• Cobalt Strike rising in prominence among criminal threat actors

  July 1, 2021

• Critical goods industries face existential ransomware decisions

  June 30, 2021

• Spoofing, spear phishing dominate BEC attacks: report

  June 29, 2021

• Microsoft customer service agent briefly hit by fresh Nobelium attacks

  June 28, 2021

• Behind the Firewall: How 5 cyber execs got started in security

  June 25, 2021

• Gaps in DOD supply chain leave Pentagon vulnerable: report

  June 24, 2021

• Infosec execs still lack direct access to the CEO: study

  June 22, 2021

• Attacks against container supply chains grow more sophisticated

  June 21, 2021

• Critical infrastructure sites face greater cyberthreat amid remote connectivity

  June 18, 2021

• Biden confronts Putin on cyberattacks, private sector optimistic

  June 17, 2021

• CISOs, CIOs see heightened mobile security threat amid shift to hybrid

  June 16, 2021

• Patched Microsoft Teams vulnerability shows the delicacy of messaging platforms

  June 15, 2021

• Codecov to sunset Bash Uploader following April supply chain attack

  June 14, 2021

• Behind the Firewall: How 9 execs implement cybersecurity at home

  June 11, 2021

• Colonial CEO defends oversight response, urges transparency on ransomware

  June 10, 2021

• Colonial CEO says ransomware hackers exploited legacy VPN

  June 9, 2021

• Apple's privacy, security features seen as favorable to enterprise remote work

  June 8, 2021

• Data breaches, poor cyber practices raise cost of borrowing: study

  June 7, 2021

• CISOs earn higher profile with remote work, evolving threats

  June 3, 2021

• Phishing attack against US government, NGOs shakes assumptions on containment

  June 2, 2021

• APT actors ramp up cyber campaign targeting Pulse Secure VPNs

  May 28, 2021

• Behind the Firewall: 4 cyber executives on security disasters they avoided

  May 28, 2021

• Compromised cloud costs companies $6.2M annually, study finds

  May 27, 2021

• Threat actors scan for vulnerabilities faster than enterprises can respond: Palo Alto

  May 26, 2021

• Off-the-shelf tools, unsophisticated techniques threaten industrial systems

  May 25, 2021

• Ransomware seen as top cyberthreat as extortion demands, payouts soar

  May 24, 2021

• SolarWinds CEO extends hack timeline, rethinks intern blame

  May 20, 2021

• White House to take proactive role in ransomware fight

  May 19, 2021

• AI will change scale and scope of hacking, security expert says

  May 18, 2021

• Ransomware fears escalate as Irish health service, Toshiba unit targeted

  May 14, 2021

• Colonial Pipeline begins fuel delivery relaunch after ransomware attack

  May 13, 2021

• Colonial Pipeline disconnects OT systems to silo ransomware IT threat

  May 12, 2021

• Critical infrastructure flaws surface after years of underinvestment, inaction

  May 11, 2021

• Colonial Pipeline attack embodies security risk to nation's critical infrastructure

  May 10, 2021

• VPN vulnerabilities haunt defense industry as threat actors find new openings

  May 10, 2021

• Targeted industrial control systems add cautionary flag to cyber defense strategies

  May 6, 2021

• Cyberthreats dog the US supply chain, complicated by global competition

  May 5, 2021

• Password managers are a necessary — yet vulnerable — last line of defense

  May 4, 2021

• XDR to succeed legacy technologies as emerging threats pressure security

  May 3, 2021

• First Horizon breach highlights rising threats against financial institutions

  April 29, 2021

• Passwordstate customers targeted with new round of phishing attacks

  April 29, 2021

• Work from home means far less security visibility, report says

  April 28, 2021

• Cyberattack on Passwordstate tests confidence in password managers

  April 27, 2021

• Codecov hack — likened to SolarWinds — targets software supply chain

  April 23, 2021

• Attackers leverage Pulse Secure VPNs to target defense, financial industries

  April 22, 2021

• CISOs call for holistic enterprise approach to third-party security risk

  April 21, 2021

• Companies take second look at third-party risk management programs

  April 20, 2021

• US companies plot return to office, raising questions on hybrid security

  April 19, 2021

• Poor management of privileged accounts leaves organizations open to attack

  April 15, 2021

• Feds launch coordinated effort to mitigate remaining Microsoft Exchange flaws

  April 14, 2021

• Half of business continuity changes hurt cybersecurity, study shows

  April 12, 2021

• Enterprise security leaders fear rising AI use among threat actors: report

  April 9, 2021

• VPN security falls short as demand increases for remote workforce at scale

  April 7, 2021

• Employees can't quit habit of writing down, sharing passwords

  April 6, 2021

• Enterprises lag on firmware security spending in face of rising threat

  April 1, 2021

• Molson Coors incident shines a light on industrial cyberattack vulnerabilities

  March 30, 2021

• Security leaders: Expect more insider data leaks, threats in 2021

  March 29, 2021

• Babuk ransomware group emerges with new claims against US companies

  March 26, 2021

• Remote work gives rise to more executive credential theft

  March 25, 2021

• Threat data sharing considered critical to defense amid rise in sophisticated attacks: report

  March 24, 2021

• Spending on IAM, zero trust to rise as companies extend remote work

  March 23, 2021

• SolarWinds threat actors accessing Microsoft 365 by altering permissions

  March 22, 2021

• Microsoft Exchange fixes arrive, but some companies lack IT resources to repair

  March 19, 2021

• Mimecast migrates to Cisco following supply chain attack

  March 17, 2021

• White House looks to tighten private sector coordination, gain infrastructure insight

  March 15, 2021

• Microsoft deploys more updates to contain Exchange server fallout

  March 12, 2021

• Enterprises scramble to secure Microsoft Exchange as cybercriminals rush in

  March 10, 2021

• Microsoft Exchange server compromise escalates as mitigation efforts fall short

  March 8, 2021

• 3 new malware strains show persistence, sophistication of SolarWinds actor

  March 5, 2021

• Qualys confirms data breach related to Accellion after documents leak

  March 4, 2021

• Malicious email campaigns target business platforms following remote work surge

  March 4, 2021

• Exploited Microsoft Exchange campaign hits hundreds of organizations, researchers find

  March 3, 2021

• Companies overestimate ability to manage remote worker security

  March 2, 2021

• Google Cloud enters cyber insurance collaboration with Allianz, Munich Re

  March 2, 2021

• SolarWinds missed early security warnings

  March 1, 2021

• SolarWinds execs warn of short-term impacts from cyberattack, as renewal rates slow

  Feb. 26, 2021

• Researchers find vulnerabilities inside multiple virtual event, business platforms

  Feb. 25, 2021

• Senate SolarWinds hearing turns attention to breach notification laws, intel sharing

  Feb. 24, 2021

• Apple faces malware threats as it makes an enterprise push

  Feb. 23, 2021

• Microsoft says it was not a SolarWinds attack vector, after completing internal probe

  Feb. 19, 2021

• Water system hack reveals thousands of organizations vulnerable to Window 7 exposure

  Feb. 19, 2021

• Ransomware, poor security drove spike in healthcare breaches in 2020

  Feb. 17, 2021

• Organizations running SolarWinds Orion online drops 25% since December: report

  Feb. 12, 2021

• White House taps Neuberger to lead SolarWinds government response

  Feb. 11, 2021

• SolarWinds fallout turns security eye to Microsoft Office 365

  Feb. 9, 2021

• Mimecast to cut 4% of workforce in restructuring as breach probe continues

  Feb. 4, 2021

• FireEye reports record revenue in first report since Red Team hack

  Feb. 3, 2021

• Supply chain attacks could open up vendor competition, Moody's says

  Feb. 2, 2021

• Supply chain attacks renew focus on limiting privileged access to cloud data

  Jan. 29, 2021

• Cyberattacks cost financial firms $4.7M on average last year: report

  Jan. 28, 2021

• Biden campaign cyber chief named federal CISO

  Jan. 27, 2021

• Privacy investments mitigate security losses, report finds

  Jan. 26, 2021

• Cyberthreat trends in the remote work landscape

  Jan. 25, 2021

• Cyber defense panel sees more private sector coordination following SolarWinds

  Jan. 20, 2021

• Malwarebytes attack linked to SolarWinds' nation-state actors, CEO says

  Jan. 20, 2021

• Financial services companies embrace cloud as security concerns grow

  Jan. 15, 2021

• Mimecast attributes supply chain attack to SolarWinds' hackers

  Jan. 14, 2021

• With cyber bureau, State Department brings diplomacy to threat landscape

  Jan. 11, 2021

• SolarWinds attack leads to renewed focus on IT relationships with corporate boards

  Jan. 7, 2021

• Federal task force says Russia likely actor behind SolarWinds attack

  Jan. 5, 2021

• Fast-growing gaming industry faces rising threat of account compromise

  Jan. 5, 2021

• Full impact of SolarWinds attack begins to emerge across tech sector, federal agencies

  Dec. 23, 2020

• SolarWinds breach reminds companies to be proactive in managing trust, disclosure

  Dec. 22, 2020

• Tracking SolarWinds cyberattack fallout, play-by-play

  Dec. 18, 2020

• After years in the lab, IBM ready to take homomorphic encryption into the mainstream

  Dec. 18, 2020

• FireEye killswitch stops SolarWinds hack

  Dec. 16, 2020

• SolarWinds Orion vulnerability: What security teams need to know

  Dec. 15, 2020

• IT execs face growing pressure to balance security with productivity

  Dec. 14, 2020

• SolarWinds Orion flaw linked to government cyberattacks

  Dec. 14, 2020

• Federal agencies warn of heightened cyberthreats against K-12 schools

  Dec. 11, 2020

• NSA calls out Russia-backed exploit of VMware virtual workspace platform

  Dec. 8, 2020

• Kmart's reported ransomware attack highlights ongoing threat to retail

  Dec. 4, 2020

• IoT cyber bill clears Congress — what's next for industry players?

  Dec. 3, 2020

• Proactive technology upgrades prevent security nightmares, report finds

  Dec. 1, 2020

• Sharp rise in IT spending as cyberthreats evolve, Crowdstrike finds

  Nov. 25, 2020

• Home Depot codifies data reforms in $17.5M breach settlement with states

  Nov. 25, 2020

• Defense industry CISOs prepare for cybersecurity compliance audits

  Nov. 23, 2020

• Carnegie researchers seek urgent action to combat financial cyberthreats

  Nov. 20, 2020

• Famed hacker Mudge to lead Twitter security after summer of attacks

  Nov. 17, 2020

• Voice, SMS not secure enough for multifactor authentication, Microsoft says

  Nov. 16, 2020

• Biden faces scrutiny on key appointments and policy priorities on privacy, cybersecurity

  Nov. 13, 2020

• Cybersecurity hiring spikes as pandemic forces global workforce restructuring

  Nov. 11, 2020