148 articles by Matt Kapko

• CISA issues baseline cybersecurity recommendations for K-12 schools

  Jan. 26, 2023

• Breach hits GoTo, the parent company of LastPass

  Jan. 24, 2023

• Los Angeles school system shifts timeline of ransomware attack

  Jan. 24, 2023

• Experts question T-Mobile’s security culture as breach cycle churns

  Jan. 20, 2023

• T-Mobile breached again, 37M customer accounts exposed

  Jan. 19, 2023

• PayPal warns 35,000 customers of exposure following credential stuffing attack

  Jan. 19, 2023

• Threat actors lure phishing victims with phony salary bumps, bonuses

  Jan. 19, 2023

• A ransomware negotiator shares 3 tips for victim organizations

  Jan. 18, 2023

• CISA’s 2022 highlight reel details progress and potential for security coordination

  Jan. 17, 2023

• Open-source repository risk amplified on GitHub

  Jan. 12, 2023

• T-Mobile CSO: One wrong decision can wreak havoc

  Jan. 11, 2023

• Ransomware attack exposes California transit giant’s sensitive data

  Jan. 10, 2023

• FCC revives push to speed up telecom incident disclosures

  Jan. 10, 2023

• Tech priorities out of sync with security needs, CISA director says

  Jan. 9, 2023

• What’s at stake for 33M compromised LastPass users?

  Jan. 6, 2023

• 6 security experts on what cyberthreats they expect in 2023

  Jan. 6, 2023

• What we know about the LastPass breach (so far)

  Jan. 5, 2023

• Ransomware hit US schools at steady rate in 2022

  Jan. 4, 2023

• After LastPass hack, only its master passwords remain uncompromised

  Dec. 27, 2022

• National Cyber Director eyes retirement: report

  Dec. 22, 2022

• Okta’s GitHub source code stolen, company downplays impact

  Dec. 22, 2022

• Incident responders brace for end-of-year cyber scaries

  Dec. 19, 2022

• NIST bids adieu to SHA-1 cryptographic algorithm

  Dec. 16, 2022

• CISOs are becoming more technical

  Dec. 15, 2022

• Threat actor exploits critical Citrix vulnerability

  Dec. 13, 2022

• California authorities confirm cyber intrusion, LockBit claims ransomware hit

  Dec. 12, 2022

• Google stresses unmet need for software supply chain security

  Dec. 8, 2022

• Apple expands iCloud encryption, boosts MFA with security keys

  Dec. 8, 2022

• Internet Explorer is still a viable zero-day attack vector

  Dec. 7, 2022

• What does it take to be good at cybersecurity?

  Dec. 7, 2022

• Ransomware attacks shift beyond US borders

  Dec. 6, 2022

• Cuba ransomware group hitting US organizations in 5 critical sectors

  Dec. 5, 2022

• AWS builds a lake for multivendor security data sharing

  Dec. 2, 2022

• LastPass breach fallout spreads to expose customer data

  Dec. 1, 2022

• CrowdStrike CEO: SMB deals delayed as enterprises hold firm on cyber spend

  Dec. 1, 2022

• AWS CEO stresses the core elements of cloud security

  Nov. 30, 2022

• Where is AWS in the cybersecurity conversation?

  Nov. 29, 2022

• FCC bans imports of telecom gear from China-based companies

  Nov. 28, 2022

• ‘Tis the season for shopping and scams, CISA warns

  Nov. 23, 2022

• Growing Mastodon security community grapples with CISA impersonators

  Nov. 23, 2022

• Where will the security community turn, if not Twitter?

  Nov. 21, 2022

• Cybercriminals strike understaffed organizations on weekends and holidays

  Nov. 18, 2022

• SMB cyber budgets under pressure amid slowing economy

  Nov. 17, 2022

• Nokia warns 5G security ‘breaches are the rule, not the exception’

  Nov. 16, 2022

• Confidential computing critical for cloud security, Google and Intel say

  Nov. 15, 2022

• CISA wants to change how organizations prioritize vulnerabilities

  Nov. 14, 2022

• Twitter, amid security and compliance officer exodus, could run afoul of FTC rules

  Nov. 10, 2022

• 5 security musts for industrial control systems

  Nov. 10, 2022

• CISA’s K-12 cyber education program goes nationwide

  Nov. 9, 2022

• Precise ransomware strikes boost threat actors’ success rate

  Nov. 8, 2022

• CISA demystifies phishing-resistant MFA

  Nov. 4, 2022

• No, your CEO is not texting you

  Nov. 3, 2022

• FTC slams Chegg for chronic, ‘careless security’

  Nov. 1, 2022

• ‘Point solutions just need to die’: The end of the one-trick security tool

  Oct. 31, 2022

• How cybersecurity experts are reacting to CISA’s security goals

  Oct. 28, 2022

• Vice Society’s ransomware playbook, queries for potential victims leaked

  Oct. 26, 2022

• Ransomware activity persists, but lags 2021 highs

  Oct. 25, 2022

• 4 security predictions from Google’s cyber leaders

  Oct. 21, 2022

• CISA’s priority sectors for 2023: water, hospitals, K-12

  Oct. 21, 2022

• 4 ways Target dynamically tracks the most alarming threats

  Oct. 20, 2022

• Cybersecurity spending on pace to surpass $260B by 2026

  Oct. 18, 2022

• Mandiant CEO pledges to automate threat intel under Google

  Oct. 17, 2022

• Mandiant propels Google Cloud’s security prospects

  Oct. 11, 2022

• What is phishing-resistant multifactor authentication? It’s complicated.

  Oct. 10, 2022

• Incident responders report alarming rates of mental strain

  Oct. 7, 2022

• LA schools system downplays impact of leaked data

  Oct. 6, 2022

• Multifactor authentication is not all it’s cracked up to be

  Oct. 5, 2022

• Los Angeles schools’ data leaked after ransomware attack

  Oct. 3, 2022

• State and local governments report spike in ransomware attacks

  Oct. 3, 2022

• Vice Society raises ransomware pressure on Los Angeles school district

  Sept. 30, 2022

• Google Cloud research links CI/CD to security prowess

  Sept. 29, 2022

• US organizations hit by almost half of all ransomware since 2020

  Sept. 28, 2022

• Australia’s telecom giant Optus avoids ransom demand as attacker reverses course

  Sept. 27, 2022

• Australia’s second-largest wireless carrier suffers major cyberattack

  Sept. 23, 2022

• How common telecom cyber risks snowball in cloud, open source

  Sept. 23, 2022

• The tools and strategies schools need for ransomware defense

  Sept. 22, 2022

• Ransom demand escalates fallout from Los Angeles schools cyberattack

  Sept. 21, 2022

• Uber details how it got hacked, claims limited damage

  Sept. 19, 2022

• US government rejects ransom payment ban to spur disclosure

  Sept. 19, 2022

• Threat actor breaches many of Uber’s critical systems

  Sept. 16, 2022

• Microsoft cloud security exec challenges organizations to ditch outdated practices

  Sept. 16, 2022

• CISA can’t definitively say if ransomware is getting better or worse

  Sept. 15, 2022

• Cloud security pros expect elevated risk for serious data breaches

  Sept. 14, 2022

• Energy providers hit by North Korea-linked Lazarus exploiting Log4j VMware vulnerabilities

  Sept. 13, 2022

• Google closes $5.4B Mandiant acquisition

  Sept. 12, 2022

• Los Angeles school district hit by ransomware attack

  Sept. 6, 2022

• Most organizations remain unprepared for ransomware attacks

  Sept. 6, 2022

• Okta CEO pushes for passwordless future in wake of phishing attacks

  Sept. 2, 2022

• Multifactor authentication has its limits, but don’t blame the technology

  Sept. 1, 2022

• CISOs aim to balance investments, outsourcing against risks

  Aug. 31, 2022

• Okta entangled by Twilio phishing attack

  Aug. 30, 2022

• Twilio discloses more victims as phishing attack effects cascade

  Aug. 29, 2022

• Tips for how to safeguard against third-party attacks

  Aug. 25, 2022

• Ransomware attack surges tied to crypto spikes

  Aug. 24, 2022

• Credential stuffing hammers US businesses as account data for sale in bulk

  Aug. 23, 2022

• Third-party attacks spike as attackers target software connections

  Aug. 22, 2022

• LockBit ransomware group claims responsibility for Entrust attack

  Aug. 19, 2022

• Google Cloud’s CISO is a short-term cyber pessimist, but a long-term optimist

  Aug. 18, 2022

• The same old problems nag cybersecurity professionals

  Aug. 17, 2022

• Twilio phishing attack fallout spreads to Signal

  Aug. 15, 2022

• How attackers are breaking into organizations

  Aug. 15, 2022

• US falters while ‘cybercriminals have been eating our lunch,’ ex-CISA chief Krebs says

  Aug. 12, 2022

• Internal Cisco data stolen after employee hit by voice phishing attack

  Aug. 11, 2022

• Don’t count on government, tech vendors to fix security woes, former CISA chief Krebs says

  Aug. 10, 2022

• AWS, Splunk lead open source effort to spot and curb cyberattacks

  Aug. 10, 2022

• Cloudflare thwarts ‘sophisticated’ phishing attack strategy that bruised Twilio

  Aug. 9, 2022

• Twilio employees duped by text message phishing attack

  Aug. 8, 2022

• Encevo stays resilient post-attack, but it’s still assessing the data damage

  Aug. 8, 2022

• Slack resets passwords en masse after invite link vulnerability

  Aug. 5, 2022

• The 11 most-prevalent malware strains of 2021 fuel cybercrime

  Aug. 5, 2022

• Ransomware defense guidance risks hang-ups under many steps

  Aug. 4, 2022

• VMware discloses new authentication bypass vulnerability

  Aug. 2, 2022

• Luxembourg energy supplier Encevo hit by ransomware attack

  Aug. 1, 2022

• Most cyberattacks come from ransomware, email compromise

  Aug. 1, 2022

• Data breach costs spread downstream, IBM says

  July 29, 2022

• Entrust acknowledges June cyberattack, remains tight-lipped on the details

  July 28, 2022

• AWS wants to be an enterprise security strategy advisor

  July 27, 2022

• Relentless vulnerabilities and patches induce cybersecurity burnout

  July 26, 2022

• T-Mobile agrees to $500M settlement for 2021 cyberattack

  July 25, 2022

• Atlassian urges rapid response after Confluence hardcoded password leaked

  July 22, 2022

• Network vulnerabilities declined in 2021, but attacks hit all-time high

  July 22, 2022

• New ransomware discovered using Rust, atypical encryption

  July 20, 2022

• LockBit ransomware hitting network servers

  July 20, 2022

• US effort to rip and replace hardware made in China is ballooning in cost

  July 18, 2022

• CISA releases indicators of compromise for hard-hit VMware Horizon

  July 18, 2022

• Fake GitHub commits can trick developers into using malicious code

  July 18, 2022

• The US is losing the cyberspace race

  July 15, 2022

• Ransomware attacks surge in education sector

  July 14, 2022

• Threat actors favor brute force attacks to hit cloud services

  July 12, 2022

• What to watch with 5G network security

  July 8, 2022

• Latest Marriott breach shows a human error pattern

  July 7, 2022

• Hive ransomware group migrates code to Rust, accelerating data encryption

  July 6, 2022

• Ransomware groups shift tactics and objectives

  June 15, 2022

• How and why ransomware responses go haywire

  June 13, 2022

• 5 takeaways from the RSA Conference

  June 13, 2022

• America's cyber chiefs have a long to-do list

  June 9, 2022

• Threat hunters minimize Russia's cyber prowess

  June 9, 2022

• Food supplier cyber risk spreads 1 year after JBS attack

  June 2, 2022

• Conti ransomware gang grows brash and flames out. What's next?

  May 31, 2022

• Persistent vulnerabilities put VMware on the defense

  May 27, 2022

• Google Cloud positions itself as a 'standalone security brand'

  May 24, 2022

• Critical VMware vulnerabilities resurface after threat actors evade patches within 48 hours

  May 19, 2022

• CISOs say they're at less risk of a substantial cyberattack

  May 17, 2022

• Enterprises rarely follow advice to never pay ransoms

  May 16, 2022

• Emotet reemerges as top malware in circulation

  May 12, 2022

• SEO-savvy threat actors drive surge in malware downloads

  May 10, 2022

• Vet software security as part of enterprise procurement, NIST says

  May 9, 2022

• Threat actor launches email attacks to lift corporate M&A secrets, Mandiant says

  May 5, 2022