The downside of the remote work shift: 85% increase in Insider Risk

The Code42 2021 Data Exposure Report reveals a perfect storm for Insider Risk.

Feb. 16, 2021

Organizations running SolarWinds Orion online drops 25% since December: report

A report by RiskRecon shows only 8% of entities operating on the internet actually upgraded to later versions based on SolarWinds security recommendations.

By David Jones • Feb. 12, 2021

White House taps Neuberger to lead SolarWinds government response

The SolarWinds attack has opened a deeper conversation about the role of the federal government in coordinating cybersecurity policy and sharing intelligence with the private sector.

By David Jones • Feb. 11, 2021

Security flaws enabled Florida city water utility hack

Authorities found poor security hygiene — weak passwords and an outdated operating system — played a role in the hack.

By Samantha Schwartz • Updated Feb. 12, 2021

SolarWinds security to-do list post hack

One of the first changes security teams need to make is in how they consider adversaries' capabilities: Always assume the perimeter has been breached.

By Samantha Schwartz • Feb. 5, 2021

SolarWinds fallout could last for years, as power industry secures vulnerable equipment: Dragos CEO

The energy sector is experiencing a "digital transformation with a threat convergence," the CEO of security company Dragos told the U.S. Department of Energy.

By Robert Walton • Feb. 5, 2021

Mimecast to cut 4% of workforce in restructuring as breach probe continues

More than half of Mimecast's business stems from protecting Office 365, which has become a significant target for cyberattacks, Mimecast CEO Peter Bauer said.

By David Jones • Feb. 4, 2021

FireEye reports record revenue in first report since Red Team hack

The company's discovery of the SolarWinds attack has fueled additional customer demand, which should be reflected in deferred revenue during 2021.

By David Jones • Feb. 3, 2021

Supply chain attacks could open up vendor competition, Moody's says

The continued proliferation of ransomware attacks could lead cyber insurers to reexamine coverage terms. 

By David Jones • Feb. 2, 2021

Actors behind Ryuk testing different operations, challenging attribution

Ransomware's most prominent threat groups are forcing companies to make the malware a permanent part of their threat models. 

By Samantha Schwartz • Jan. 26, 2021

Biden to nominate Obama DHS alum as CISA director: report

Rob Silvers is reportedly stepping into the role left vacant by Chris Krebs after his termination.

By Samantha Schwartz • Jan. 25, 2021

Cyber defense panel sees more private sector coordination following SolarWinds

Defense and intelligence experts say federal agencies need to strengthen private sector support, intelligence sharing to prevent the next big nation-state attack. 

By David Jones • Jan. 20, 2021

Malwarebytes attack linked to SolarWinds' nation-state actors, CEO says

Microsoft notified the cybersecurity firm of a compromise involving Office 365 and Azure consistent with prior nation-state attacks.

By David Jones • Jan. 20, 2021

Symantec spots 4th malware related to SolarWinds hack

Raindrop took on the role of the memory-only dropper Teardrop for organizations of greater interest to the hackers.

By Samantha Schwartz • Jan. 19, 2021

Mimecast attributes supply chain attack to SolarWinds' hackers

The global email security provider was hit by a malicious attack that compromised a certificate used to authenticate some Microsoft 365 products. 

By David Jones • Updated Jan. 26, 2021

Hackers accessed cloud services using phishing, 'pass-the-cookie' attacks, CISA says

In one case, the agency found threat actors accessed a user's account "with proper multi-factor authentication," circumventing the favored security method. 

By Samantha Schwartz • Jan. 14, 2021

SolarWinds initially hacked in September 2019, 3rd malware found

In a new timeline, SolarWinds said hackers likely began testing the malicious code months before the backdoor was deployed.

By Samantha Schwartz • Jan. 12, 2021

Attackers used password spraying, guessing in SolarWinds hack

As experts investigate the damage, the latest CISA update points to a constant in cybersecurity: weak passwords.

By Samantha Schwartz • Jan. 11, 2021

Chris Krebs, Alex Stamos join SolarWinds for hack cleanup

SolarWinds has tapped two high-profile and outspoken security experts to guide its efforts to evolve into a more secure software development company.

By Samantha Schwartz • Jan. 8, 2021

Report: Officials investigating possible role of SolarWinds' vendor in compromise

The investigation is centered around whether JetBrains' software development tools are a conduit for compromise. The company has said it is unaware of the investigation. 

By Samantha Schwartz • Jan. 7, 2021

SolarWinds attack leads to renewed focus on IT relationships with corporate boards

Corporate governance and cybersecurity experts say IT officials need to clearly and regularly communicate potential risks and liabilities ahead of the next crisis. 

By David Jones • Jan. 7, 2021

Federal task force says Russia likely actor behind SolarWinds attack

As investigations continue, agencies are working to preserve private-sector trust.

By David Jones , Samantha Schwartz • Jan. 5, 2021

Healthcare cyberattacks spiked 45% since November, report finds

While most ransomware has a broad sector target, Check Point found Ryuk is tailored toward targets in the healthcare industry.

By Samantha Schwartz • Jan. 5, 2021

Fast-growing gaming industry faces rising threat of account compromise

A report from KELA shows one million compromised accounts and thousands of leaked employee credentials in underground markets. 

By David Jones • Jan. 5, 2021

Full impact of SolarWinds attack begins to emerge across tech sector, federal agencies

Several leading technology companies and other organizations are evaluating the impact of the SolarWinds breach and other recent nation-state attacks. 

By David Jones • Dec. 23, 2020