FTC settles yearslong investigation into Marriott’s ‘security failures’

The settlement caps a pattern of major data breaches at Marriott and its subsidiary Starwood Hotels and Resorts Worldwide over the last decade.

By Matt Kapko • Oct. 10, 2024

CIOs turn to NIST to tackle generative AI’s many risks

Discover's CIO is one of many tech leaders working to limit generative AI missteps by turning to risk management frameworks to get deployment right from the outset.

By Lindsey Wilkinson • Oct. 9, 2024

Counter Ransomware Initiative summit emphasizes arduous effort

An international collective of cyber officials continued discussions with the White House on how to counter ransomware attacks, reduce payments and increase response capabilities.

By Matt Kapko • Oct. 7, 2024

State CISOs up against a growing threat environment with minimal funding, report finds

A report by Deloitte and NASCIO warns that states do not have the resources necessary to fight state-backed and criminal threat groups.

By David Jones • Oct. 2, 2024

Ransomware attacks surge despite international enforcement effort

Progress remains elusive as federal authorities point to ransomware payments inhibiting progress to reduce the volume and impact of attacks.

By Matt Kapko • Oct. 1, 2024

FCC reaches $31.5M settlement with T-Mobile over rash of data breaches

The company agreed to a major change in board-level governance and will make a series of upgrades to boost its cyber resilience.

By David Jones • Oct. 1, 2024

CISA again raises alarm on hacktivist threat to water utilities

The alert comes just days after an attack against a water treatment facility in Kansas.

By David Jones • Sept. 26, 2024

Cyber commission seeks detailed plan to secure high-risk infrastructure

A report said most recommendations from the Cyberspace Solarium Commission are near completion, but also called for greater private-sector collaboration and insurance reforms.

By David Jones • Sept. 25, 2024

CrowdStrike’s mea culpa: 5 takeaways from the Capitol Hill testimony

CrowdStrike was quick to apologize after a faulty content update triggered a global IT network outage. An executive detailed internal changes designed to prevent it from happening again.

By Matt Kapko • Sept. 25, 2024

CISA catalog falls short on CVEs targeted by Flax Typhoon

A report by VulnCheck highlights the ongoing backlog in identifying active exploitation of CVEs.

By David Jones • Sept. 24, 2024

Why it’s key to foster GenAI buy-in for SecOps

Generative AI  is now one of the most effective ways to strengthen SecOps. Explore its potential.

Sept. 23, 2024

US authorities take down a Mirai-variant botnet tied to DDoS threat

An FBI-led operation to disrupt a China-linked botnet comes months after a similar operation in January linked to Volt Typhoon.

By David Jones • Sept. 19, 2024

Suffolk County ransomware attack linked to lack of planning, ignored warnings

A special report blames county officials for ignoring FBI warnings during the 2022 attack and an overall failure of IT and security leadership.

By David Jones • Sept. 18, 2024

Key cyber insurance stakeholders urge government to help close $900B in uncovered risk

Marsh McLennan and Zurich Insurance Group issued a white paper urging a public-private partnership to help tackle a growing coverage gap. The White House is working on a plan. 

By David Jones • Sept. 6, 2024

White House launches cybersecurity hiring sprint to help fill 500,000 job openings

National Cyber Director Harry Coker Jr. unveiled the program as part of an effort to fill a continued gap in cyber, technology and AI positions.

By David Jones • Sept. 5, 2024

Prolific RansomHub engaged in attack spree, feds warn

The group has been among the most active threat groups of 2024, and is linked to a tool that can neutralize endpoint security.

By David Jones • Sept. 4, 2024

CISA launches cyber incident reporting portal to streamline breach disclosure

The secure portal is designed to encourage faster and more robust information sharing about malicious attacks and critical vulnerabilities.

By David Jones • Aug. 30, 2024

Automakers meet growing data privacy challenges, experts say

A Federal Trade Commission crackdown and lawsuit against GM show automakers are navigating legal risks.

By Michael Brady • Aug. 28, 2024

CISA officials credit Microsoft security log expansion for improved threat visibility

CISA officials say they plan to hold Microsoft accountable to ensure the company lives up to its commitments.

By David Jones • Aug. 27, 2024

SEC settles cyber case with Equiniti Trust as oversight questions linger

The firm, formerly known as American Stock Transfer, will pay $850,000 to settle civil fraud charges involving the theft of $6.6 million in client funds.

By David Jones • Aug. 26, 2024

CISA’s $524M headquarters slated for DHS campus in 2027

Construction for the agency’s centralized facility is expected to break ground in the fall. CISA staffers are currently spread out across five office rentals.

By Matt Kapko • Aug. 23, 2024

US, Australian authorities lead international push to adopt event logging

State-linked and criminal threat groups are using living-off-the-land techniques to hide their hacking activities behind regular security tools.

By David Jones • Aug. 22, 2024

White House details $11M plan to help secure open source

National Cyber Director Harry Coker Jr., speaking at Def Con in Las Vegas, says federal assistance must be bolstered by more ownership among the community.

By David Jones • Aug. 14, 2024

CISA director: Cybersecurity is ‘not an impossible problem’

In Jen Easterly's view, the solution to the industry's pains lies in secure by design. “We got ourselves into this, we have to get ourselves out,” she said during a media briefing at Black Hat.

By Matt Kapko • Aug. 13, 2024

Delta expects $380M revenue hit due to CrowdStrike outage

The company said it canceled 7,000 flights in five days due to the IT outage, according to a Thursday filing with the Securities and Exchange Commission.

By Roberto Torres • Aug. 9, 2024