Los Angeles school system shifts timeline of ransomware attack

Post-breach investigations are complex. The timeline and scope of damage inflicted often change as investigations unfold.

By Matt Kapko • Jan. 24, 2023

Experts question T-Mobile’s security culture as breach cycle churns

The gap between the threat actor’s intrusion and T-Mobile’s detection underscores multiple unresolved challenges.

By Matt Kapko • Jan. 20, 2023

Explore the Trendline➔

Top 5 stories from Cybersecurity Dive

tk

By Cybersecurity Dive staff

T-Mobile breached again, 37M customer accounts exposed

The incident marks the latest in a series of data breaches, the worst of which occurred in August 2021 and exposed the data of at least 76.6 million people.

By Matt Kapko • Jan. 19, 2023

PayPal warns 35,000 customers of exposure following credential stuffing attack

Impacted customers were notified of the incident nearly a month after it was discovered. It’s unclear where or how customer account credentials were obtained.

By Matt Kapko • Jan. 19, 2023

World Economic Forum officials warn global instability could lead to catastrophic cyber event

A report released at the WEF said top business leaders and security experts fear heightened geopolitical tensions could result in a major attack in the next two years.

By David Jones • Jan. 19, 2023

Mailchimp hit by second cyberattack in 6 months, 133 customers impacted

The social engineering incident is similar to an August cyberattack that targeted customers in the crypto industry.

By David Jones • Jan. 19, 2023

CircleCI probe links malware placed on engineer’s laptop to larger breach

An unauthorized actor, after stealing a valid SSO session, was able to exfiltrate data, including customer environment variables, tokens and keys.

By David Jones • Jan. 13, 2023

Citrix flaw exploited in ransomware attack against small US business

Threat actors linked to ransomware group Royal are actively exploiting a vulnerability in two Citrix products, researchers found.

By David Jones • Jan. 13, 2023

CircleCI working with AWS to identify, revoke keys impacted by security incident

The company assured customers there is no indication that AWS accounts were accessed. CircleCI has scheduled an incident report for Jan. 17.

By David Jones • Jan. 12, 2023

Ransomware attack exposes California transit giant’s sensitive data

Vice Society, a prolific ransomware group, leaked data it claims to have stolen from San Francisco’s Bay Area Rapid Transit.

By Matt Kapko • Jan. 10, 2023

FCC revives push to speed up telecom incident disclosures

Telecom operators are a primary target for threat actors. A change to breach reporting rules is long overdue, one analyst said.

By Matt Kapko • Jan. 10, 2023

Rackspace confirms ransomware attack hit a small percentage of its Hosted Exchange customers

The cloud services firm said an investigation found no evidence the attackers read, misused or disseminated customer data or emails.

By David Jones • Jan. 6, 2023

Slack employee tokens stolen, GitHub repository breached

The firm said the threat actor downloaded private code repositories, but none had customer data or the company’s code base.   

By David Jones • Jan. 5, 2023

Freight company Wabtec discloses June cyberattack impacting US, overseas operations

The Pittsburgh-based company began notifications in late December, months after stolen data posted on a LockBit site.

By David Jones • Jan. 4, 2023

Ransomware hit US schools at steady rate in 2022

The true numbers are likely much greater. Not all incidents are publicly disclosed or claimed as such by threat actors on the dark web.

By Matt Kapko • Jan. 4, 2023

Rackspace recovers old emails as customers await answers from ransomware probe

The cloud-services company previously said an investigation into the ransomware incident was almost complete, but has not yet released key details. 

By David Jones • Dec. 22, 2022

Apple CIO steps down from Rackspace board citing new job duties

Rackspace announced additional management changes while it recovers from a ransomware attack on its Hosted Exchange business. 

By David Jones • Dec. 19, 2022

Little Rock School District approves $250K payment in ransomware settlement

Federal agencies including the FBI discourage paying ransoms in such cyberattacks as there is no guarantee victims will recover their files. 

By Anna Merod • Dec. 19, 2022

Rackspace executives stand by ransomware response

Chief Product Officer Josh Prewitt said the company restored email access to more than three-quarters of its Hosted Exchange customers. But Rackspace officials pushed back on alleged connections to ProxyNotShell.

By David Jones • Dec. 16, 2022

Rackspace blames ransomware attack on financially motivated threat actor

The cloud services firm says an investigation into the Dec. 2 ransomware attack is close to wrapping up.

By David Jones • Dec. 15, 2022

Threat actors abuse legitimate Microsoft drivers to bypass security

Researchers from Mandiant and SentinelOne say attackers have deployed malware that can allow them to get around security controls. 

By David Jones • Dec. 13, 2022

California authorities confirm cyber intrusion, LockBit claims ransomware hit

Multiple state agencies are responding to support California's Department of Finance, though officials say no state funds were compromised.

By Matt Kapko • Dec. 12, 2022

Rackspace says more than two-thirds of customers regained email access

The cloud company continued efforts to transition customers to Microsoft 365 following a Dec. 2 ransomware attack.

By David Jones • Dec. 12, 2022

Rackspace scrambles to assist customers as ransomware probe continues

Microsoft is assisting the multicloud services firm after a ransomware attack left thousands of customers unable to access emails on Exchange.

By David Jones • Dec. 8, 2022

Ransomware attacks shift beyond US borders

U.S.-based organizations remain the top target for ransomware gangs, but the scale of that misfortune is waning, according to Moody’s.

By Matt Kapko • Dec. 6, 2022