Cyberattacks
-
zefart/iStock/Getty via Getty Images
Passwordstate customers targeted with new round of phishing attacks
The phishing email is asking customers to download a modified hotfix file, called Moserware.zip, from a content delivery network not controlled by Click Studios.
By David Jones • April 29, 2021 -
Leon Neal via Getty Images
Cyberattack on Passwordstate tests confidence in password managers
The supply chain attack is raising questions about how best to deploy and secure the tools as corporations face heightened threats across the globe.
By David Jones • April 27, 2021 -
gilaxia via Getty Images
Codecov hack — likened to SolarWinds — targets software supply chain
Third-party actors were able to linger inside the software-testing firm’s environment for months, exfiltrating customer data.
By David Jones • UPDATED: April 30, 2021 at 10:58 a.m. -
Permission granted by E.A. Crunden
SolarWinds juggles stakeholders involved in response, recovery to level out business
Reputation, risk issues and cross-sector cooperation demand a cohesive plan to ensure recovery and repair. It also helps to know the federal response.
By Samantha Schwartz • April 22, 2021 -
sestovic/E+/Getty via Getty Images
25% of utilities exposed to SolarWinds hack amid growing ICS vulnerabilities, analysts say
Security experts warn it may be too soon to tell whether follow-on activity has occurred.
By Robert Walton • April 16, 2021 -
Depositphotos
How IT can support security in the event of a cyberattack
CIOs and CISOs operate as separate jobs leading different departments, but with work that overlaps. Who leads what in the event of an attack can become muddled.
By Jen A. Miller • April 13, 2021 -
zefart/iStock/Getty via Getty Images
Payments industry faces potential 'destructive attacks,' Biden cybersecurity official warns
Ransomware and infrastructure attacks are the biggest threats to the industry, a Biden administration cybersecurity official told the American Transaction Processors Coalition.
By Lynne Marek • April 09, 2021 -
'Advanced cyberconflict' is nearing, researchers say
Enterprises represent 35% of nation-state targets, whereas government or regulatory agencies are 12% of targets, according to the report.
By Samantha Schwartz • April 08, 2021 -
Permission granted by Johnson & Johnson
Deep Dive4 tools to fight fraud, counterfeits and cyberattacks in the COVID-19 vaccine supply chain
Visibility technologies and real-time data provide one version of the truth in a rapidly built supply chain.
By Deborah Abrams Kaplan • April 07, 2021 -
Getty
Ransomware wins make threat actors push aside other malware
While the FBI encourages a relationship with a victim organization, some businesses are hard pressed to involve law enforcement when fines could follow an attack.
By Samantha Schwartz • April 07, 2021 -
Daphne Howland/Cybersecurity Dive
Why SMBs miss out on the white-glove cyber insurance advantage
Insurance companies spend less time with SMBs evaluating individual risk profiles, weakening a piece of the global cyber economy.
By Samantha Schwartz • April 05, 2021 -
Molson Coors incident shines a light on industrial cyberattack vulnerabilities
The international brewery continues to face delays and financial impacts amid a wave of attacks against manufacturing.
By David Jones • March 30, 2021 -
Cybersecurity spending is up but so are breaches
Healthcare, media, entertainment and gaming experienced the greatest growth in breaches last year, coinciding with a "big shift" toward digital transformation, Canalys found.
By Samantha Schwartz • March 30, 2021 -
Security leaders: Expect more insider data leaks, threats in 2021
The rise stems from a lack of accurate insight from data loss prevention and cloud access security broker technologies.
By David Jones • March 29, 2021 -
Rangel, David. [photograph]. Retrieved from https://unsplash.com/photos/4m7gmLNr3M0.
Babuk ransomware group emerges with new claims against US companies
The threat actor emerges amid heightened ransomware concerns following the Microsoft Exchange server attacks.
By David Jones • March 26, 2021 -
Remote work gives rise to more executive credential theft
Threat actors are increasingly using social engineering to cultivate vulnerable end users and compromise networks, according to a CyberArk report.
By David Jones • March 25, 2021 -
zefart/iStock/Getty via Getty Images
Threat data sharing considered critical to defense amid rise in sophisticated attacks: report
A Ponemon Institute study shows the value of actionable data as lawmakers and the Biden administration work to encourage intelligence sharing.
By David Jones • March 24, 2021 -
SolarWinds threat actors accessing Microsoft 365 by altering permissions
Mandiant observed a threat actor linked to the SolarWinds campaign using a stealthy approach to read email in targeted mailboxes.
By David Jones • March 22, 2021 -
sestovic/E+/Getty via Getty Images
Microsoft Exchange fixes arrive, but some companies lack IT resources to repair
Security specialists and managed-service providers are filling the void at thousands of small firms that operate with limited IT and cybersecurity staffing.
By David Jones • March 19, 2021 -
SolarWinds compromise leaves Senate questioning agency cyber defenses
Existing cyber defense programs fell short in detecting and defending U.S. agencies, a shortcoming that exacerbated SolarWinds fallout.
By Samantha Schwartz • March 19, 2021 -
Mimecast migrates to Cisco following supply chain attack
A forensic investigation with FireEye's Mandiant unit confirmed the SolarWinds threat actor did not modify Mimecast's source code.
By David Jones • March 17, 2021 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
SolarWinds rethinks software builds, weeds out code disparities
An attacker would have to compromise two different environments to achieve the same attack on the same code if a company has reproducibility.
By Samantha Schwartz • March 17, 2021 -
Ransomware targeting Microsoft Exchange echoes WannaCry — with a human element
This isn't the first time nation-state exploit kits were released and other bad actors took advantage.
By Samantha Schwartz • March 16, 2021 -
Getty Images
White House looks to tighten private sector coordination, gain infrastructure insight
Following the Microsoft Exchange and SolarWinds attacks, the Biden administration is taking steps to close visibility gaps and encourage rapid intelligence sharing by private sector companies.
By David Jones • March 15, 2021 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
Post-SolarWinds, IT departments increase vendor scrutiny
It's still too soon to know the hack's full impact on IT, but so far, security experts report changing relationships with third-party vendors.
By Katie Malone • March 15, 2021
