232 articles by Matt Kapko

• Royal messes with Texas

  May 26, 2023

• Barracuda patches actively exploited zero-day vulnerability in email gateways

  May 25, 2023

• SMBs, regional MSPs under fire from targeted phishing attacks

  May 24, 2023

• KeePass master password manager at risk as users await patch

  May 23, 2023

• Dallas under pressure as Royal ransomware group threatens leak

  May 22, 2023

• Critical infrastructure security spending to grow 83% by 2027: ABI Research

  May 19, 2023

• Why and how to report a ransomware attack

  May 18, 2023

• Dallas courts still closed 2 weeks post-ransomware attack

  May 17, 2023

• VMware’s ‘target-rich environment’ is growing more volatile, CrowdStrike warns

  May 16, 2023

• Emerging ransomware group quickly hits 4 critical infrastructure providers

  May 15, 2023

• Costs of software supply chain attacks could exceed $46B this year

  May 12, 2023

• PaperCut actively exploited by multiple threat actors, targeting education sector

  May 12, 2023

• Flood of ransom payments continues as officials mull ban

  May 11, 2023

• It’s becoming more common for ransomware to lock up data

  May 10, 2023

• Dallas restores core emergency dispatch systems

  May 9, 2023

• White House considers ban on ransom payments, with caveats

  May 8, 2023

• Dallas still recovering from ransomware on eve of municipal election

  May 5, 2023

• Dallas ransomware attack causes critical service outages

  May 4, 2023

• How 7 cybersecurity experts manage their passwords

  May 4, 2023

• Companies need a wakeup call to fix chronic security shortcomings, cyber experts say

  May 3, 2023

• Cybersecurity pros plant seeds of hope at RSA Conference

  May 2, 2023

• 3 areas of generative AI the NSA is watching in cybersecurity

  May 1, 2023

• Mandiant CEO’s 7 tips for cyber defense

  April 28, 2023

• Acting National Cyber Director downplays reports of interagency strife

  April 27, 2023

• White House to share roadmap for national cyber strategy implementation this summer

  April 26, 2023

• Teenagers, young adults pose prevalent cyberthreat to US, Mandiant says

  April 25, 2023

• Supply chain attack that hit 3CX caught at least 4 other victims, Symantec says

  April 24, 2023

• Threat actors can use ChatGPT to sharpen cyberthreats, but no need to panic yet

  April 21, 2023

• 3CX attack caused by another supply chain attack, Mandiant says

  April 20, 2023

• Microsoft summons weather events to name threat actors

  April 19, 2023

• NCR in recovery as ransomware disrupts widely used point-of-sale system

  April 18, 2023

• ChatGPT prompts experts to consider AI’s mark on cybersecurity

  April 18, 2023

• Cyber venture capital funding slows to a trickle, a sharp decline from 2022 investment

  April 14, 2023

• Rorschach ransomware, with a rare encryption speed, makes it even harder for companies to respond

  April 14, 2023

• Explore the core tactics of secure by design and default

  April 13, 2023

• How Target approaches identity and access management

  April 12, 2023

• Cyberattacks hit almost all companies last year, Sophos says

  April 4, 2023

• IBM file transfer service under active exploit, security researchers warn

  March 31, 2023

• Australia’s Crown Resorts hit in Clop ransomware spree

  March 30, 2023

• Marsh brokerage program lowers threshold for cyber insurance coverage

  March 29, 2023

• Clop ransomware group triggers new attack spree, hitting household brands

  March 28, 2023

• CISA summons outside tips to alert victims of early-stage ransomware

  March 27, 2023

• 5 steps organizations can take to counter IAM threats

  March 24, 2023

• Threat intelligence isn’t for everyone, Google says

  March 23, 2023

• Ill-prepared against cyberattacks? You’re not alone, Cisco says

  March 22, 2023

• Ransomware gangs incite fear in victims to fuel attacks

  March 21, 2023

• Zero-days fell by one-third in 2022, Mandiant says

  March 20, 2023

• Global cybersecurity spending to top $219B this year: IDC

  March 17, 2023

• Cybersecurity market confronts potential consequences of banking crisis

  March 16, 2023

• Ransomware hit critical infrastructure hard in 2022, FBI says

  March 15, 2023

• Bank failure panic fuels moment of opportunity for threat actors

  March 14, 2023

• Worried about data breaches? Blame the information sector

  March 9, 2023

• How will the government enforce the national cyber strategy?

  March 8, 2023

• Organizations tempt risk as they deploy code more frequently

  March 7, 2023

• LastPass aftermath leaves long to-do list for business customers

  March 6, 2023

• JetBlue taps new CISO as major deals hang in balance

  March 3, 2023

• LastPass breach timeline: How a monthslong cyberattack unraveled

  March 2, 2023

• LastPass CEO admits disclosure mistakes, pledges improved communications

  March 1, 2023

• LastPass compromise grew worse after DevOps engineer targeted for encryption key

  Feb. 28, 2023

• Phishing takes financial bite out of more victim organizations

  Feb. 28, 2023

• Los Angeles school district confirms sensitive student data leaked

  Feb. 27, 2023

• Ukraine discovers lingering breaches 1 year into Russia invasion

  Feb. 24, 2023

• For GoDaddy customers, a long dwell time means all could be victims

  Feb. 23, 2023

• Attackers reduce complexity to catch more potential victims

  Feb. 23, 2023

• Phishing, king of compromise, remains top initial access vector

  Feb. 22, 2023

• GoDaddy source code stolen as part of a multiyear campaign

  Feb. 17, 2023

• FBI contains ‘isolated’ malicious activity on network

  Feb. 17, 2023

• Companies grapple with post-breach disclosure risks

  Feb. 16, 2023

• Cybersecurity jobs least likely to be impacted by economic uncertainty, (ISC)2 says

  Feb. 16, 2023

• What’s known about the ESXiArgs ransomware hitting VMware servers

  Feb. 15, 2023

• Economic volatility to exacerbate cyber risk in 2023

  Feb. 14, 2023

• VMware ransomware was on the rise leading up to ESXiArgs spree, research finds

  Feb. 13, 2023

• VMware ransomware evolves to evade data recovery, reinfects servers

  Feb. 10, 2023

• Layoffs come for cybersecurity, too

  Feb. 9, 2023

• Unsophisticated ransomware campaign targeting VMware ripe for copycats

  Feb. 8, 2023

• Ransomware attack spree hits thousands of VMware servers

  Feb. 6, 2023

• Hive takedown puts ‘small dent’ in ransomware problem

  Feb. 6, 2023

• Okta CEO blames overhiring, ‘execution challenges’ for layoffs

  Feb. 2, 2023

• T-Mobile CEO spins recent breach, says its cybersecurity chops ‘showed up’

  Feb. 1, 2023

• GitHub resets code signing certificates following breach

  Feb. 1, 2023

• On deck for the business of cybersecurity: Fire sales and due diligence

  Jan. 31, 2023

• Box CEO on the ‘perfect storm’ of challenges in cybersecurity

  Jan. 31, 2023

• Most data breach notices lacked detail in 2022

  Jan. 30, 2023

• Industrial organizations may worry too much about ICS vulnerabilities

  Jan. 27, 2023

• CISA issues baseline cybersecurity recommendations for K-12 schools

  Jan. 26, 2023

• Breach hits GoTo, the parent company of LastPass

  Jan. 24, 2023

• Los Angeles school system shifts timeline of ransomware attack

  Jan. 24, 2023

• Experts question T-Mobile’s security culture as breach cycle churns

  Jan. 20, 2023

• T-Mobile breached again, 37M customer accounts exposed

  Jan. 19, 2023

• PayPal warns 35,000 customers of exposure following credential stuffing attack

  Jan. 19, 2023

• Threat actors lure phishing victims with phony salary bumps, bonuses

  Jan. 19, 2023

• A ransomware negotiator shares 3 tips for victim organizations

  Jan. 18, 2023

• CISA’s 2022 highlight reel details progress and potential for security coordination

  Jan. 17, 2023

• Open-source repository risk amplified on GitHub

  Jan. 12, 2023

• T-Mobile CSO: One wrong decision can wreak havoc

  Jan. 11, 2023

• Ransomware attack exposes California transit giant’s sensitive data

  Jan. 10, 2023

• FCC revives push to speed up telecom incident disclosures

  Jan. 10, 2023

• Tech priorities out of sync with security needs, CISA director says

  Jan. 9, 2023

• What’s at stake for 33M compromised LastPass users?

  Jan. 6, 2023

• 6 security experts on what cyberthreats they expect in 2023

  Jan. 6, 2023

• What we know about the LastPass breach (so far)

  Jan. 5, 2023

• Ransomware hit US schools at steady rate in 2022

  Jan. 4, 2023

• After LastPass hack, only its master passwords remain uncompromised

  Dec. 27, 2022

• National Cyber Director eyes retirement: report

  Dec. 22, 2022

• Okta’s GitHub source code stolen, company downplays impact

  Dec. 22, 2022

• Incident responders brace for end-of-year cyber scaries

  Dec. 19, 2022

• NIST bids adieu to SHA-1 cryptographic algorithm

  Dec. 16, 2022

• CISOs are becoming more technical

  Dec. 15, 2022

• Threat actor exploits critical Citrix vulnerability

  Dec. 13, 2022

• California authorities confirm cyber intrusion, LockBit claims ransomware hit

  Dec. 12, 2022

• Google stresses unmet need for software supply chain security

  Dec. 8, 2022

• Apple expands iCloud encryption, boosts MFA with security keys

  Dec. 8, 2022

• Internet Explorer is still a viable zero-day attack vector

  Dec. 7, 2022

• What does it take to be good at cybersecurity?

  Dec. 7, 2022

• Ransomware attacks shift beyond US borders

  Dec. 6, 2022

• Cuba ransomware group hitting US organizations in 5 critical sectors

  Dec. 5, 2022

• AWS builds a lake for multivendor security data sharing

  Dec. 2, 2022

• LastPass breach fallout spreads to expose customer data

  Dec. 1, 2022

• CrowdStrike CEO: SMB deals delayed as enterprises hold firm on cyber spend

  Dec. 1, 2022

• AWS CEO stresses the core elements of cloud security

  Nov. 30, 2022

• Where is AWS in the cybersecurity conversation?

  Nov. 29, 2022

• FCC bans imports of telecom gear from China-based companies

  Nov. 28, 2022

• ‘Tis the season for shopping and scams, CISA warns

  Nov. 23, 2022

• Growing Mastodon security community grapples with CISA impersonators

  Nov. 23, 2022

• Where will the security community turn, if not Twitter?

  Nov. 21, 2022

• Cybercriminals strike understaffed organizations on weekends and holidays

  Nov. 18, 2022

• SMB cyber budgets under pressure amid slowing economy

  Nov. 17, 2022

• Nokia warns 5G security ‘breaches are the rule, not the exception’

  Nov. 16, 2022

• Confidential computing critical for cloud security, Google and Intel say

  Nov. 15, 2022

• CISA wants to change how organizations prioritize vulnerabilities

  Nov. 14, 2022

• Twitter, amid security and compliance officer exodus, could run afoul of FTC rules

  Nov. 10, 2022

• 5 security musts for industrial control systems

  Nov. 10, 2022

• CISA’s K-12 cyber education program goes nationwide

  Nov. 9, 2022

• Precise ransomware strikes boost threat actors’ success rate

  Nov. 8, 2022

• CISA demystifies phishing-resistant MFA

  Nov. 4, 2022

• No, your CEO is not texting you

  Nov. 3, 2022

• FTC slams Chegg for chronic, ‘careless security’

  Nov. 1, 2022

• ‘Point solutions just need to die’: The end of the one-trick security tool

  Oct. 31, 2022

• How cybersecurity experts are reacting to CISA’s security goals

  Oct. 28, 2022

• Vice Society’s ransomware playbook, queries for potential victims leaked

  Oct. 26, 2022

• Ransomware activity persists, but lags 2021 highs

  Oct. 25, 2022

• 4 security predictions from Google’s cyber leaders

  Oct. 21, 2022

• CISA’s priority sectors for 2023: water, hospitals, K-12

  Oct. 21, 2022

• 4 ways Target dynamically tracks the most alarming threats

  Oct. 20, 2022

• Cybersecurity spending on pace to surpass $260B by 2026

  Oct. 18, 2022

• Mandiant CEO pledges to automate threat intel under Google

  Oct. 17, 2022

• Mandiant propels Google Cloud’s security prospects

  Oct. 11, 2022

• What is phishing-resistant multifactor authentication? It’s complicated.

  Oct. 10, 2022

• Incident responders report alarming rates of mental strain

  Oct. 7, 2022

• LA schools system downplays impact of leaked data

  Oct. 6, 2022

• Multifactor authentication is not all it’s cracked up to be

  Oct. 5, 2022

• Los Angeles schools’ data leaked after ransomware attack

  Oct. 3, 2022

• State and local governments report spike in ransomware attacks

  Oct. 3, 2022

• Vice Society raises ransomware pressure on Los Angeles school district

  Sept. 30, 2022

• Google Cloud research links CI/CD to security prowess

  Sept. 29, 2022

• US organizations hit by almost half of all ransomware since 2020

  Sept. 28, 2022

• Australia’s telecom giant Optus avoids ransom demand as attacker reverses course

  Sept. 27, 2022

• Australia’s second-largest wireless carrier suffers major cyberattack

  Sept. 23, 2022

• How common telecom cyber risks snowball in cloud, open source

  Sept. 23, 2022

• The tools and strategies schools need for ransomware defense

  Sept. 22, 2022

• Ransom demand escalates fallout from Los Angeles schools cyberattack

  Sept. 21, 2022

• Uber details how it got hacked, claims limited damage

  Sept. 19, 2022

• US government rejects ransom payment ban to spur disclosure

  Sept. 19, 2022

• Threat actor breaches many of Uber’s critical systems

  Sept. 16, 2022

• Microsoft cloud security exec challenges organizations to ditch outdated practices

  Sept. 16, 2022

• CISA can’t definitively say if ransomware is getting better or worse

  Sept. 15, 2022

• Cloud security pros expect elevated risk for serious data breaches

  Sept. 14, 2022

• Energy providers hit by North Korea-linked Lazarus exploiting Log4j VMware vulnerabilities

  Sept. 13, 2022

• Google closes $5.4B Mandiant acquisition

  Sept. 12, 2022

• Los Angeles school district hit by ransomware attack

  Sept. 6, 2022

• Most organizations remain unprepared for ransomware attacks

  Sept. 6, 2022

• Okta CEO pushes for passwordless future in wake of phishing attacks

  Sept. 2, 2022

• Multifactor authentication has its limits, but don’t blame the technology

  Sept. 1, 2022

• CISOs aim to balance investments, outsourcing against risks

  Aug. 31, 2022

• Okta entangled by Twilio phishing attack

  Aug. 30, 2022

• Twilio discloses more victims as phishing attack effects cascade

  Aug. 29, 2022

• Tips for how to safeguard against third-party attacks

  Aug. 25, 2022

• Ransomware attack surges tied to crypto spikes

  Aug. 24, 2022

• Credential stuffing hammers US businesses as account data for sale in bulk

  Aug. 23, 2022

• Third-party attacks spike as attackers target software connections

  Aug. 22, 2022

• LockBit ransomware group claims responsibility for Entrust attack

  Aug. 19, 2022

• Google Cloud’s CISO is a short-term cyber pessimist, but a long-term optimist

  Aug. 18, 2022

• The same old problems nag cybersecurity professionals

  Aug. 17, 2022

• Twilio phishing attack fallout spreads to Signal

  Aug. 15, 2022

• How attackers are breaking into organizations

  Aug. 15, 2022

• US falters while ‘cybercriminals have been eating our lunch,’ ex-CISA chief Krebs says

  Aug. 12, 2022

• Internal Cisco data stolen after employee hit by voice phishing attack

  Aug. 11, 2022

• Don’t count on government, tech vendors to fix security woes, former CISA chief Krebs says

  Aug. 10, 2022

• AWS, Splunk lead open source effort to spot and curb cyberattacks

  Aug. 10, 2022

• Cloudflare thwarts ‘sophisticated’ phishing attack strategy that bruised Twilio

  Aug. 9, 2022

• Twilio employees duped by text message phishing attack

  Aug. 8, 2022

• Encevo stays resilient post-attack, but it’s still assessing the data damage

  Aug. 8, 2022

• Slack resets passwords en masse after invite link vulnerability

  Aug. 5, 2022

• The 11 most-prevalent malware strains of 2021 fuel cybercrime

  Aug. 5, 2022

• Ransomware defense guidance risks hang-ups under many steps

  Aug. 4, 2022

• VMware discloses new authentication bypass vulnerability

  Aug. 2, 2022

• Luxembourg energy supplier Encevo hit by ransomware attack

  Aug. 1, 2022

• Most cyberattacks come from ransomware, email compromise

  Aug. 1, 2022

• Data breach costs spread downstream, IBM says

  July 29, 2022

• Entrust acknowledges June cyberattack, remains tight-lipped on the details

  July 28, 2022

• AWS wants to be an enterprise security strategy advisor

  July 27, 2022

• Relentless vulnerabilities and patches induce cybersecurity burnout

  July 26, 2022

• T-Mobile agrees to $500M settlement for 2021 cyberattack

  July 25, 2022

• Atlassian urges rapid response after Confluence hardcoded password leaked

  July 22, 2022

• Network vulnerabilities declined in 2021, but attacks hit all-time high

  July 22, 2022

• New ransomware discovered using Rust, atypical encryption

  July 20, 2022

• LockBit ransomware hitting network servers

  July 20, 2022

• US effort to rip and replace hardware made in China is ballooning in cost

  July 18, 2022

• CISA releases indicators of compromise for hard-hit VMware Horizon

  July 18, 2022

• Fake GitHub commits can trick developers into using malicious code

  July 18, 2022

• The US is losing the cyberspace race

  July 15, 2022

• Ransomware attacks surge in education sector

  July 14, 2022

• Threat actors favor brute force attacks to hit cloud services

  July 12, 2022

• What to watch with 5G network security

  July 8, 2022

• Latest Marriott breach shows a human error pattern

  July 7, 2022

• Hive ransomware group migrates code to Rust, accelerating data encryption

  July 6, 2022

• Ransomware groups shift tactics and objectives

  June 15, 2022

• How and why ransomware responses go haywire

  June 13, 2022

• 5 takeaways from the RSA Conference

  June 13, 2022

• America's cyber chiefs have a long to-do list

  June 9, 2022

• Threat hunters minimize Russia's cyber prowess

  June 9, 2022

• Food supplier cyber risk spreads 1 year after JBS attack

  June 2, 2022

• Conti ransomware gang grows brash and flames out. What's next?

  May 31, 2022

• Persistent vulnerabilities put VMware on the defense

  May 27, 2022

• Google Cloud positions itself as a 'standalone security brand'

  May 24, 2022

• Critical VMware vulnerabilities resurface after threat actors evade patches within 48 hours

  May 19, 2022

• CISOs say they're at less risk of a substantial cyberattack

  May 17, 2022

• Enterprises rarely follow advice to never pay ransoms

  May 16, 2022

• Emotet reemerges as top malware in circulation

  May 12, 2022

• SEO-savvy threat actors drive surge in malware downloads

  May 10, 2022

• Vet software security as part of enterprise procurement, NIST says

  May 9, 2022

• Threat actor launches email attacks to lift corporate M&A secrets, Mandiant says

  May 5, 2022