Breaches
-
WhataWin/Getty Images via Getty Images
CISA summons outside tips to alert victims of early-stage ransomware
Post-breach notifications might seem too late for victim organizations, but swift action can prevent ransomware and data exfiltration.
By Matt Kapko • March 27, 2023 -
Retrieved from Wawa website.
Wawa to pay up to $28.5M in data breach settlement
The chain’s latest payout will go to the financial institutions involved in the 2019 incident, continuing a series of payments it has made to customers and states over the past year.
By Brett Dworski • March 16, 2023 -
Explore the Trendline➔
Andrii Yalanskyi via Getty Images
TrendlineThe Cybersecurity Dive Outlook on 2023
Corporate budget tightening is hitting security making CISO jobs that much harder.
By Cybersecurity Dive staff -
Chip Somodevilla via Getty Images
Blackbaud to pay $3M to settle SEC charges of a misleading ransomware investigation
The regulator said the cloud-based software provider made misleading disclosures about the scope of a 2020 ransomware attack.
By David Jones • March 10, 2023 -
Illustration: Yann Bastard for Industry Dive
Deep DiveHacking healthcare: With 385M patient records exposed, cybersecurity experts sound alarm on breach surge
Healthcare companies must harden their defenses, but it may require regulators and lawmakers to raise the bar on security standards, experts say.
By Jasmine Ye Han • March 10, 2023 -
sdecoret via Getty Images
Worried about data breaches? Blame the information sector
Three in five records exposed in a data breach last year came from software, telecom, data processing and web hosting companies, Flashpoint found.
By Matt Kapko • March 9, 2023 -
Suebsiri via Getty Images
Insurance holding company Group 1001 says operations restored after ransomware attack
The company did not pay a ransom following a February attack that disrupted operations at several of its member companies.
By David Jones • March 7, 2023 -
Hispanolistic via Getty Images
LastPass aftermath leaves long to-do list for business customers
Organizations using the password manager are exposed after a major breach compromised credentials and, potentially, business secrets.
By Matt Kapko • March 6, 2023 -
Bim via Getty Images
LastPass breach timeline: How a monthslong cyberattack unraveled
A threat actor evaded detection for months and blended in with legitimate activity after targeting 1 of 4 engineers with access to keys to the kingdom.
By Matt Kapko • Updated March 3, 2023 -
Thinkhubstudio via Getty Images
CISA red team cracks a critical infrastructure provider’s defenses, a lesson in lateral access
The voluntary assessment raises concerns as the unnamed organization with a mature security program was unable to detect simulated actors moving laterally across its systems for months.
By David Jones • March 1, 2023 -
Leon Neal via Getty Images
LastPass compromise grew worse after DevOps engineer targeted for encryption key
A threat actor used data from multiple breaches and a vulnerability on a high-level employee’s home computer to steal customer passwords.
By Matt Kapko • Feb. 28, 2023 -
Leon Neal via Getty Images
Phishing takes financial bite out of more victim organizations
The majority of organizations, 84%, experienced at least one successful phishing attack in 2022, Proofpoint research found.
By Matt Kapko • Feb. 28, 2023 -
Spencer Platt/Getty Images via Getty Images
For GoDaddy customers, a long dwell time means all could be victims
The web hosting provider has not shared additional details outlining the extent of the breach, but experts are highlighting the incident's multiple red flags.
By Matt Kapko • Feb. 23, 2023 -
Matt Cardy / Stringer via Getty Images
Attackers reduce complexity to catch more potential victims
Palo Alto Networks warns attackers are building economies of scale by conducting more efficient operations and complementing their skills with commercially available tools.
By Matt Kapko • Feb. 23, 2023 -
stefanovsky via Getty Images
Phishing, king of compromise, remains top initial access vector
IBM Security X-Force’s annual threat intelligence report highlights what makes phishing such a dangerous and persistent point of entry.
By Matt Kapko • Feb. 22, 2023 -
Spencer Platt via Getty Images
GoDaddy source code stolen as part of a multiyear campaign
An investigation into the root cause of the incident is ongoing. The web hosting provider declined to say how many potential customers are impacted.
By Matt Kapko • Feb. 17, 2023 -
Chip Somodevilla / Staff via Getty Images
FBI contains ‘isolated’ malicious activity on network
The agency said an investigation into the incident is ongoing. The origin and scope of the incident have yet to be confirmed.
By Matt Kapko • Feb. 17, 2023 -
sestovic via Getty Images
Companies grapple with post-breach disclosure risks
The concerns leading organizations to withhold information are aplenty, including reputational damage and financial impacts.
By Matt Kapko • Feb. 16, 2023 -
Philip Steury via Getty Images
Reddit says limited amount of source code, employee data accessed in phishing attack
Hackers stole an employee’s credentials in a sophisticated attack this week, after prompting workers to interact with a fake intranet site.
By David Jones • Feb. 10, 2023 -
scyther5 via Getty Images
98% of organizations worldwide connected to breached third-party vendors
A report by SecurityScorecard shows the extent to which third- and fourth-party relationships increase the risk of cyberattacks.
By David Jones • Feb. 2, 2023 -
sdecoret via Getty Images
Microsoft disables phishing campaign after researchers flag OAuth app abuse
Proofpoint researchers uncovered a malicious campaign where threat actors abused Microsoft’s “verified publisher” status and tricked executives into granting permissions.
By David Jones • Feb. 1, 2023 -
Suebsiri via Getty Images
GitHub resets code signing certificates following breach
The incident closely follows a series of indirect source code repository breaches impacting Slack and Okta.
By Matt Kapko • Feb. 1, 2023 -
solarseven via Getty Images
Most data breach notices lacked detail in 2022
Organizations were not forthright with the causes or potential risks stemming from disclosed incidents.
By Matt Kapko • Jan. 30, 2023 -
gorodenkoff via Getty Images
Almost half of critical manufacturing organizations face significant risk of data breach
A report presented at the World Economic Forum shows key sectors are under pressure from rising vulnerabilities and a slower rate of patching.
By David Jones • Jan. 23, 2023 -
Justin Sullivan/Getty Images via Getty Images
Experts question T-Mobile’s security culture as breach cycle churns
The gap between the threat actor’s intrusion and T-Mobile’s detection underscores multiple unresolved challenges.
By Matt Kapko • Jan. 20, 2023 -
Courtesy of Taco Bell
Ransomware attack against Yum! Brands follows several incidents targeting restaurant industry
Criminals see restaurants and mobile ordering apps as ripe targets for credential stuffing and financial fraud.
By David Jones • Jan. 20, 2023
