SEC charges SolarWinds, its CISO with fraud

The company allegedly misled investors regarding its cybersecurity practices and failed to disclose known risks, according to a complaint.

By David Jones • Updated Oct. 31, 2023

Five Guys discloses hack of 2 employees’ emails

The disclosure comes weeks after the company agreed to settle a federal class action suit stemming from a 2022 attack.

By David Jones • Oct. 30, 2023

Boeing assessing ransomware group’s claim of ‘sensitive’ data theft

A prolific Russia-affiliated group threatened to leak data if the aerospace company doesn't make contact by Nov. 2.

By Matt Kapko • Oct. 30, 2023

How to protect sensitive school data during a cyberattack

The CFO of a Texas school district recommends safer ways to request sensitive employee data and stronger password and verification policies.

By Kara Arundel • Oct. 27, 2023

High-profile summer attacks linked to same aggressive ransomware group

Microsoft researchers described Octo Tempest, or Oktapus, as one of the most dangerous financial criminal groups currently in operation.

By Matt Kapko • Oct. 27, 2023

Philadelphia discloses email compromise 5 months after initial detection

An ongoing investigation uncovered a two-month dwell time in the city’s email system that exposed some individuals’ sensitive information.

By Matt Kapko • Oct. 26, 2023

Novel zero-day exploits fuel Q3 surge in DDoS attacks

Exploits of the HTTP/2 Rapid Reset vulnerability led to record-breaking attacks as global threat activity continued into October.

By David Jones • Oct. 26, 2023

LastPass working through ‘systemic’ security overhaul

“We didn’t just address the issues that were the cause of the breach,” CEO Karim Toubba said. Still, nearly 1 in 10 customers are fleeing the password manager.

By Matt Kapko • Oct. 25, 2023

1Password caught in Okta breach, impacting employee-facing apps

The password manager came forward after BeyondTrust and Cloudflare disclosed similar Okta environment breaches. All three victims claim no data was compromised.

By Matt Kapko • Oct. 24, 2023

Citrix urges NetScaler ADC, Gateway customers to patch

The company warned of session hijacking and targeted attacks against a critical vulnerability.

By David Jones • Oct. 24, 2023

Cisco urges IOS XE customers to patch as thousands of devices remain infected

The company released enhanced guidance after security researchers were temporarily unable to detect exploited devices.

By David Jones • Oct. 24, 2023

Okta attacked again, this time hitting its support system

A threat actor accessed customer support tickets and files containing sensitive data. Okta declined to say how many customers are impacted.

By Matt Kapko • Updated Oct. 23, 2023

Cisco releases security fix for widely-exploited IOS XE software vulnerability

An unidentified threat actor is linked to attacks dating back to mid-September, resulting in about 42,000 exploited devices.

By David Jones • Updated Oct. 23, 2023

Critical flaw in JetBrains TeamCity exploited weeks after patch issued

State-linked actors are targeting the CI/CD platform, and the vendor warns backdoors are lingering undetected.

By David Jones • Oct. 20, 2023

Citrix Netscaler patch for critical CVE bypassed by malicious hackers

Citrix issued the patch on Oct. 10 for critical vulnerabilities in Netscaler ADC and Netscaler Gateway, but Mandiant is urging users to terminate all sessions.

By David Jones • Updated Oct. 19, 2023

Cisco’s critical IOS XE software zero day is a ‘bad situation’

Researchers from VulnCheck said they have found thousands of implanted hosts.

By David Jones • Oct. 17, 2023

US data compromises hit all-time high

Supply-chain attacks and zero-day exploits, such as the widespread attacks against the MOVEit file-transfer service, are surging, according to the Identity Theft Resource Center.

By Matt Kapko • Oct. 16, 2023

Critical Atlassian Confluence CVE under exploit by prolific state-linked actor

Microsoft researchers warn a threat actor with ties to China has been exploiting the vulnerability since mid-September.

By David Jones • Oct. 13, 2023

Microsoft tops CISA’s list of exploited CVEs used in ransomware attacks

CISA updated its Known Exploited Vulnerabilities Catalog to alert organizations to CVEs linked to ransomware.

By Matt Kapko • Oct. 13, 2023

Estes cyberattack affected carrier’s phones, other communications

The LTL carrier is moving freight and remains "open for business," President and COO Webb Estes said in a video message.

By Colin Campbell • Oct. 12, 2023

Progress Software’s financial hit from MOVEit cuts deeper

With insurance coverage dwindling, and class-action lawsuits and financial restitution claims piling up, more trouble could be on the way for the software company.

By Matt Kapko • Oct. 11, 2023

Most CISOs confront ransomware — and pay ransoms

The number of ransomware attacks organizations face has a direct correlation with the frequency with which ransoms are paid.

By Matt Kapko • Oct. 11, 2023

Cloud giants sound alarm on record-breaking DDoS attacks

Google, AWS and Cloudflare warned the HTTP/2 Rapid Reset attacks are beyond anything ever recorded. 

By David Jones • Oct. 10, 2023

Caesars Entertainment says social-engineering attack behind August breach

In a filing with the Maine attorney general, the gaming company said the attack began in mid-August and impacted tens of thousands of the state's residents.

By David Jones • Oct. 9, 2023

5 ways to help instill a cybersecurity culture within your organization

Educate your workforce on the importance of mitigating cybersecurity threats to help prevent a cyberattack on your organization.

Oct. 9, 2023