Colonial Pipeline hack highlights grid disruption risks even with IT-focused cyberattack

While the risk of malware migrating from IT to OT may be minimal, if it were to happen, the effects could be devastating, experts said. 

By Robert Walton • May 13, 2021

Colonial Pipeline disconnects OT systems to silo ransomware IT threat

Anxiety is rising among corporate security officials concerned about the impact of ransomware among critical infrastructure providers.

By David Jones • May 12, 2021

CISA left in the dark during Colonial Pipeline's initial response

With an agency mandate to share threat information with critical infrastructure, notification delays can stall industry response.

By Samantha Schwartz • May 12, 2021

Colonial Pipeline attack embodies security risk to nation's critical infrastructure

Security experts warned for years about attacks against critical infrastructure, but one analyst called this the most brazen yet.

By David Jones • Updated May 10, 2021

Cryptocurrency fuels ransomware payments. Without regulation, it could get worse

The rapid ascent of crypto, like other emerging technologies before it, has far outpaced the federal government's ability to regulate it.

By Samantha Schwartz • May 7, 2021

Targeted industrial control systems add cautionary flag to cyber defense strategies

A Defend Forward strategy used in the IT space may not translate well in the OT environment, according to panelists at the Hack the Capitol conference. 

By David Jones • May 6, 2021

Passwordstate customers targeted with new round of phishing attacks

The phishing email is asking customers to download a modified hotfix file, called Moserware.zip, from a content delivery network not controlled by Click Studios. 

By David Jones • April 29, 2021

Cyberattack on Passwordstate tests confidence in password managers

The supply chain attack is raising questions about how best to deploy and secure the tools as corporations face heightened threats across the globe.

By David Jones • April 27, 2021

Codecov hack — likened to SolarWinds — targets software supply chain

Third-party actors were able to linger inside the software-testing firm’s environment for months, exfiltrating customer data.

By David Jones • Updated April 30, 2021

SolarWinds juggles stakeholders involved in response, recovery to level out business

Reputation, risk issues and cross-sector cooperation demand a cohesive plan to ensure recovery and repair. It also helps to know the federal response.

By Samantha Schwartz • April 22, 2021

25% of utilities exposed to SolarWinds hack amid growing ICS vulnerabilities, analysts say

Security experts warn it may be too soon to tell whether follow-on activity has occurred.

By Robert Walton • April 16, 2021

How IT can support security in the event of a cyberattack

CIOs and CISOs operate as separate jobs leading different departments, but with work that overlaps. Who leads what in the event of an attack can become muddled. 

By Jen A. Miller • April 13, 2021

Payments industry faces potential 'destructive attacks,' Biden cybersecurity official warns

Ransomware and infrastructure attacks are the biggest threats to the industry, a Biden administration cybersecurity official told the American Transaction Processors Coalition. 

By Lynne Marek • April 9, 2021

'Advanced cyberconflict' is nearing, researchers say

Enterprises represent 35% of nation-state targets, whereas government or regulatory agencies are 12% of targets, according to the report.

By Samantha Schwartz • April 8, 2021

4 tools to fight fraud, counterfeits and cyberattacks in the COVID-19 vaccine supply chain

Visibility technologies and real-time data provide one version of the truth in a rapidly built supply chain.

By Deborah Abrams Kaplan • April 7, 2021

Ransomware wins make threat actors push aside other malware

While the FBI encourages a relationship with a victim organization, some businesses are hard pressed to involve law enforcement when fines could follow an attack.

By Samantha Schwartz • April 7, 2021

Why SMBs miss out on the white-glove cyber insurance advantage

Insurance companies spend less time with SMBs evaluating individual risk profiles, weakening a piece of the global cyber economy.

By Samantha Schwartz • April 5, 2021

Molson Coors incident shines a light on industrial cyberattack vulnerabilities

The international brewery continues to face delays and financial impacts amid a wave of attacks against manufacturing.

By David Jones • March 30, 2021

Cybersecurity spending is up but so are breaches

Healthcare, media, entertainment and gaming experienced the greatest growth in breaches last year, coinciding with a "big shift" toward digital transformation, Canalys found.

By Samantha Schwartz • March 30, 2021

Security leaders: Expect more insider data leaks, threats in 2021

The rise stems from a lack of accurate insight from data loss prevention and cloud access security broker technologies.

By David Jones • March 29, 2021

Babuk ransomware group emerges with new claims against US companies

The threat actor emerges amid heightened ransomware concerns following the Microsoft Exchange server attacks.

By David Jones • March 26, 2021

Remote work gives rise to more executive credential theft

Threat actors are increasingly using social engineering to cultivate vulnerable end users and compromise networks, according to a CyberArk report.

By David Jones • March 25, 2021

Threat data sharing considered critical to defense amid rise in sophisticated attacks: report

A Ponemon Institute study shows the value of actionable data as lawmakers and the Biden administration work to encourage intelligence sharing. 

By David Jones • March 24, 2021

SolarWinds threat actors accessing Microsoft 365 by altering permissions

Mandiant observed a threat actor linked to the SolarWinds campaign using a stealthy approach to read email in targeted mailboxes.

By David Jones • March 22, 2021

Microsoft Exchange fixes arrive, but some companies lack IT resources to repair

Security specialists and managed-service providers are filling the void at thousands of small firms that operate with limited IT and cybersecurity staffing. 

By David Jones • March 19, 2021