Supply chain attacks could open up vendor competition, Moody's says

The continued proliferation of ransomware attacks could lead cyber insurers to reexamine coverage terms. 

By David Jones • Feb. 2, 2021

Actors behind Ryuk testing different operations, challenging attribution

Ransomware's most prominent threat groups are forcing companies to make the malware a permanent part of their threat models. 

By Samantha Schwartz • Jan. 26, 2021

Biden to nominate Obama DHS alum as CISA director: report

Rob Silvers is reportedly stepping into the role left vacant by Chris Krebs after his termination.

By Samantha Schwartz • Jan. 25, 2021

Cyber defense panel sees more private sector coordination following SolarWinds

Defense and intelligence experts say federal agencies need to strengthen private sector support, intelligence sharing to prevent the next big nation-state attack. 

By David Jones • Jan. 20, 2021

Malwarebytes attack linked to SolarWinds' nation-state actors, CEO says

Microsoft notified the cybersecurity firm of a compromise involving Office 365 and Azure consistent with prior nation-state attacks.

By David Jones • Jan. 20, 2021

Symantec spots 4th malware related to SolarWinds hack

Raindrop took on the role of the memory-only dropper Teardrop for organizations of greater interest to the hackers.

By Samantha Schwartz • Jan. 19, 2021

Mimecast attributes supply chain attack to SolarWinds' hackers

The global email security provider was hit by a malicious attack that compromised a certificate used to authenticate some Microsoft 365 products. 

By David Jones • Updated Jan. 26, 2021

Hackers accessed cloud services using phishing, 'pass-the-cookie' attacks, CISA says

In one case, the agency found threat actors accessed a user's account "with proper multi-factor authentication," circumventing the favored security method. 

By Samantha Schwartz • Jan. 14, 2021

SolarWinds initially hacked in September 2019, 3rd malware found

In a new timeline, SolarWinds said hackers likely began testing the malicious code months before the backdoor was deployed.

By Samantha Schwartz • Jan. 12, 2021

Attackers used password spraying, guessing in SolarWinds hack

As experts investigate the damage, the latest CISA update points to a constant in cybersecurity: weak passwords.

By Samantha Schwartz • Jan. 11, 2021

Chris Krebs, Alex Stamos join SolarWinds for hack cleanup

SolarWinds has tapped two high-profile and outspoken security experts to guide its efforts to evolve into a more secure software development company.

By Samantha Schwartz • Jan. 8, 2021

Report: Officials investigating possible role of SolarWinds' vendor in compromise

The investigation is centered around whether JetBrains' software development tools are a conduit for compromise. The company has said it is unaware of the investigation. 

By Samantha Schwartz • Jan. 7, 2021

SolarWinds attack leads to renewed focus on IT relationships with corporate boards

Corporate governance and cybersecurity experts say IT officials need to clearly and regularly communicate potential risks and liabilities ahead of the next crisis. 

By David Jones • Jan. 7, 2021

Federal task force says Russia likely actor behind SolarWinds attack

As investigations continue, agencies are working to preserve private-sector trust.

By David Jones , Samantha Schwartz • Jan. 5, 2021

Healthcare cyberattacks spiked 45% since November, report finds

While most ransomware has a broad sector target, Check Point found Ryuk is tailored toward targets in the healthcare industry.

By Samantha Schwartz • Jan. 5, 2021

Fast-growing gaming industry faces rising threat of account compromise

A report from KELA shows one million compromised accounts and thousands of leaked employee credentials in underground markets. 

By David Jones • Jan. 5, 2021

Full impact of SolarWinds attack begins to emerge across tech sector, federal agencies

Several leading technology companies and other organizations are evaluating the impact of the SolarWinds breach and other recent nation-state attacks. 

By David Jones • Dec. 23, 2020

Biden says US must treat cyberattacks with same 'seriousness of purpose' as weapons

As the president-elect prepares to take office in January, his administration faces one of the largest hacks on federal agencies. 

By Samantha Schwartz • Dec. 23, 2020

SolarWinds breach reminds companies to be proactive in managing trust, disclosure

Legal and forensics experts warn CISOs about supply chain monitoring and transparency amid fallout from historic attack. 

By David Jones • Dec. 22, 2020

New Orleans leaders share lessons from 2019 cyberattack

CIO Kimberly LaGrue said early preparations were key to preventing disaster and recovering without paying a ransom to the hackers.

By Chris Teale • Dec. 21, 2020

Tracking SolarWinds cyberattack fallout, play-by-play

As more companies are discovering impact from the SolarWinds hack, attention is turning toward far-reaching supply chain vulnerabilities. 

By Samantha Schwartz , David Jones , Naomi Eide , Katie Malone • Updated Jan. 4, 2021

CISA warns of more backdoors beyond SolarWinds Orion

The extent of compromised data is not disclosed. What is clear? Threat actors relied on the supply chain for widespread access.

By Samantha Schwartz • Dec. 17, 2020

Federal agencies fall short on cybersecurity, undermining standards

The SolarWinds hack could change how industry coordinates response to future cyberattacks.

By Samantha Schwartz • Dec. 17, 2020

Feds require banks to report cyberattacks within 36 hours

The rule, taking effect May 1, requires bank technology vendors to immediately notify customers if an incident disrupted services four hours or more.

By Dan Ennis • Updated Nov. 19, 2021

FireEye killswitch stops SolarWinds hack

After identifying the supply chain attack against SolarWinds, the security firm partnered with Microsoft and GoDaddy to block malware from further operation.

By David Jones • Dec. 16, 2020