US authorities take down a Mirai-variant botnet tied to DDoS threat

An FBI-led operation to disrupt a China-linked botnet comes months after a similar operation in January linked to Volt Typhoon.

By David Jones • Sept. 19, 2024

Suffolk County ransomware attack linked to lack of planning, ignored warnings

A special report blames county officials for ignoring FBI warnings during the 2022 attack and an overall failure of IT and security leadership.

By David Jones • Sept. 18, 2024

AT&T settles a 2023 data breach for $13M. Recent incidents are much worse.

Telecom cybersecurity remains a challenge with widespread impacts. AT&T is not alone in experiencing a pattern of extensive breaches exposing customer data.

By Matt Kapko • Sept. 18, 2024

Valid accounts remain top access point for critical infrastructure attacks, officials say

CISA attributed 2 in 5 successful intrusions to valid account abuse last year, but that is down from 2022.

By Matt Kapko • Sept. 17, 2024

Hackers exploit CVE in older versions of Ivanti Cloud Service Appliance

Version 4.6 has reached end of life and the company is urging customers to upgrade to version 5.0 to receive support.

By David Jones • Sept. 16, 2024

Port of Seattle officials pin attack, data theft to Rhysida ransomware group

The port restored most of the systems impacted by the ransomware attack as officials warn their refusal to pay extortion demand could result in data leaks.

By Matt Kapko • Sept. 16, 2024

Fortinet customer data stolen from third-party file-sharing service

The breach marks yet another attack originating in a file-sharing or -transfer service, a common and highly damaging attack vector for opportunistic cybercriminals.

By Matt Kapko • Sept. 13, 2024

SonicWall firewall CVE exploits linked to ransomware attacks

Active exploits aimed at firewalls mark yet another string of attacks targeting devices with high-value initial access, researchers said.

By Matt Kapko • Sept. 10, 2024

MOVEit victims are still coming forward. This time it’s Wisconsin Medicare.

The delayed notifications underscore the difficulty organizations confront in discovering breaches and attributing compromises to a root cause or source.

By Matt Kapko • Sept. 9, 2024

Feds warn of broad Russia-linked CVE exploits targeting critical infrastructure

Attackers operating under the direction of Russia’s military intelligence service are targeting governments, finance, transportation, energy and healthcare.

By Matt Kapko • Sept. 6, 2024

Microchip Technology says its data was stolen amid alleged leaks online

The chipmaker said an unidentified attacker stole employee contact information and some encrypted and hashed passwords.

By Matt Kapko • Sept. 5, 2024

Prolific RansomHub engaged in attack spree, feds warn

The group has been among the most active threat groups of 2024, and is linked to a tool that can neutralize endpoint security.

By David Jones • Sept. 4, 2024

Halliburton confirms data stolen in August cyberattack

The company continues to incur expenses related to the attack, but does not expect a material impact. 

By David Jones • Sept. 3, 2024

Schools, colleges faced record-breaking year of ransomware attacks in 2023

There were 121 incidents found last year alone, according to an analysis by Comparitech, but researchers noted their findings “only scratch the surface.”

By Anna Merod • Sept. 3, 2024

Seattle airport cyberattack outages persist heading into Labor Day travel rush

Airport staff began turning on and testing systems for international and low-volume carriers, which are the most heavily impacted by the outage.

By Matt Kapko • Aug. 30, 2024

McLaren Health Care restores network weeks after ransomware attack

Still, it may take several weeks to input patient information manually collected during the outage into its electronic health record, the Michigan-based health system said. McLaren was also hit by a ransomware attack last year.

By Emily Olsen • Aug. 29, 2024

Volt Typhoon exploiting zero-day in campaign targeting ISPs, MSPs

Researchers from Black Lotus Labs warn the state-linked adversary is exploiting a vulnerability in Versa Director using custom web shells against the telecom sector.

By David Jones • Aug. 28, 2024

Seattle airport confronts 4th day of cyberattack outages

Most flights are departing and arriving as scheduled, but the Port of Seattle’s websites, phone, email and Wi-Fi are down. Manual processes at check-in counters are causing delays.

By Matt Kapko • Aug. 27, 2024

Several Port of Seattle systems down following ‘possible cyberattack’

IT systems at the port and Seattle-Tacoma International Airport remain offline. The port first reported system outages Saturday morning.

By Matt Kapko • Aug. 26, 2024

Halliburton hit by cyberattack, certain systems impacted

Federal officials said energy services have not been affected, however the company is still working on remediation.

By David Jones • Updated Aug. 23, 2024

After a wave of attacks, Snowflake insists security burden rests with customers

The cloud-based data warehouse vendor remains “slightly muted” about the attacks on its customers because it wasn’t breached, CEO Sridhar Ramaswamy said.

By Matt Kapko • Aug. 22, 2024

Microchip Technology operations, order fulfillment disrupted by cyberattack

The Arizona-based chipmaker disclosed the intrusion in a regulatory filing. Manufacturing facilities and certain IT systems are impacted.

By Matt Kapko • Aug. 21, 2024

CISA warns of active exploits hitting popular CI/CD tool Jenkins

Researchers at CloudSEK and Juniper Networks said a ransomware group targeted Brontoo Technology Solutions by exploiting the critical CVE. The attack disrupted banks in India.

By Matt Kapko • Aug. 20, 2024

Manual techniques are fueling ransomware attacks, CrowdStrike says

2024 is on track to be the highest-grossing year for ransomware payments, Chainalysis found, and threat groups are going after the technology sector.

By Matt Kapko • Aug. 16, 2024

M&A activity can amplify ransomware insurance losses, research finds

The financial severity of claims related to ransomware attacks increased more than 400% from 2022 to 2023, the study found.

By Alexei Alexis • Aug. 14, 2024