SolarWinds rethinks software builds, weeds out code disparities

An attacker would have to compromise two different environments to achieve the same attack on the same code if a company has reproducibility.

By Samantha Schwartz • March 17, 2021

Ransomware targeting Microsoft Exchange echoes WannaCry — with a human element

This isn't the first time nation-state exploit kits were released and other bad actors took advantage.

By Samantha Schwartz • March 16, 2021

Explore the Trendline➔

Top 5 stories from Cybersecurity Dive

tk

By Cybersecurity Dive staff

White House looks to tighten private sector coordination, gain infrastructure insight

Following the Microsoft Exchange and SolarWinds attacks, the Biden administration is taking steps to close visibility gaps and encourage rapid intelligence sharing by private sector companies. 

By David Jones • March 15, 2021

Post-SolarWinds, IT departments increase vendor scrutiny

It's still too soon to know the hack's full impact on IT, but so far, security experts report changing relationships with third-party vendors.

By Katie Malone • March 15, 2021

Microsoft deploys more updates to contain Exchange server fallout

The FBI and CISA are warning of additional threats from nation states and threat actors as patching and security updates leave many vulnerable companies exposed. 

By David Jones • March 12, 2021

DearCry ransomware latching onto Exchange hack, Microsoft says

Patching is the only answer — for now.

By Samantha Schwartz • March 12, 2021

Enterprises scramble to secure Microsoft Exchange as cybercriminals rush in

Researchers fear, more than two months after the threat was discovered, criminal hackers have had plenty of time to loot data or plant undetected seeds of compromise.

By David Jones • March 10, 2021

55% of healthcare breaches feature ransomware: report

The healthcare industry is a favored target by cybercriminals: Hospitals cannot tolerate downtime or put off emergency patient care.

By Samantha Schwartz • March 10, 2021

63% of security professionals, execs concerned with SolarWinds hack, survey finds

Before companies overhaul the typical process for building and securing software, SOCs have to figure out if they were a collateral victim of a supply chain hack.

By Samantha Schwartz • March 9, 2021

Microsoft Exchange server compromise escalates as mitigation efforts fall short

Officials warn that patching may not fix compromised systems, while tens of thousands of customers are potentially at risk.

By David Jones • March 8, 2021

3 new malware strains show persistence, sophistication of SolarWinds actor

The malware strains, identified by Microsoft, were used in targeted, late-stage attacks to compromise a select number of companies last year. 

By David Jones • March 5, 2021

Qualys confirms data breach related to Accellion after documents leak

The cloud security firm retained FireEye and insists the breach had no impact on production environments or its code base.

By David Jones • March 4, 2021

Malicious email campaigns target business platforms following remote work surge

Phishing attacks are more becoming targeted, less frequent and use PII to harvest credentials.

By David Jones • March 4, 2021

4 questions to ask after discovering a cyberattack

Identifying signs of an ongoing attack or backdoor deployment is nearly impossible for digital laggards.

By Samantha Schwartz • March 4, 2021

UHS estimates Ryuk ransomware damage cost at $67M

Coding and billing functions were delayed into December, impacting the operating cash flows in Q4, the healthcare organization said.

By Samantha Schwartz • March 2, 2021

Google Cloud enters cyber insurance collaboration with Allianz, Munich Re

The agreement comes amid increased financial pressure on the cyber insurance industry due to a rise in ransomware and the historic nation-state attack against SolarWinds.

By David Jones • March 2, 2021

SolarWinds missed early security warnings

Lawmakers scrutinized SolarWinds' security practices, including its use of "solarwinds123" as a password, a lapse blamed on a former intern. 

By David Jones • March 1, 2021

SolarWinds execs warn of short-term impacts from cyberattack, as renewal rates slow

The company will incur up to $25 million in security-related expenses and declined to provide a full-year earnings outlook.

By David Jones • Feb. 26, 2021

FireEye identifies 2 threat activity clusters behind Accellion hack

The security firm has labeled one activity cluster for exploiting the FTA vulnerabilities and the other for extortion.

By Samantha Schwartz • Feb. 23, 2021

Microsoft says it was not a SolarWinds attack vector, after completing internal probe

The company confirmed limited amounts of source code for Azure, Exchange and Intune were downloaded.

By David Jones • Feb. 19, 2021

Water system hack reveals thousands of organizations vulnerable to Window 7 exposure

Critical infrastructure providers and SMBs continue to operate the outdated Microsoft OS without security updates and patches.

By David Jones • Feb. 19, 2021

The next generation of email security

Now, with a single approval of an API, every line of cloud business communication can be secured.

Feb. 16, 2021

The downside of the remote work shift: 85% increase in Insider Risk

The Code42 2021 Data Exposure Report reveals a perfect storm for Insider Risk.

Feb. 16, 2021

Organizations running SolarWinds Orion online drops 25% since December: report

A report by RiskRecon shows only 8% of entities operating on the internet actually upgraded to later versions based on SolarWinds security recommendations.

By David Jones • Feb. 12, 2021

White House taps Neuberger to lead SolarWinds government response

The SolarWinds attack has opened a deeper conversation about the role of the federal government in coordinating cybersecurity policy and sharing intelligence with the private sector.

By David Jones • Feb. 11, 2021