CrowdStrike CEO says 97% of Windows sensors restored in IT outage recovery effort

Coinciding with George Kurtz's update, Microsoft outlined its efforts to enhance resiliency just months after launching a massive security overhaul.

By David Jones • July 26, 2024

How cyber insurance coverage is evolving

Cyber insurance coverage can help raise security baselines across businesses, but organizations that have standalone policies are the exception to the rule. 

By Sue Poremba • July 25, 2024

Explore the Trendline➔

Passwords and authentication

Access controls — passwords, credentials and multifactor authentication, or the lack thereof — are the most common weak points across enterprise defense.

By Cybersecurity Dive staff

CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds

A report from Parametrix estimates cyber insurance will cover only about 10% to 20% of losses.

By David Jones • July 25, 2024

CrowdStrike software crash linked to undetected error in content update for Windows users

The company plans to add additional testing and employ canary delivery methods to safeguard customers from future disruptions.

By David Jones • July 24, 2024

CrowdStrike CEO’s quick apology stands out in an industry rife with deflection

The cybersecurity vendor’s swift and contrite response helped the company convey confidence and control over the mess it created, experts say.

By Matt Kapko • July 23, 2024

CrowdStrike says flawed update was live for 78 minutes

Though CrowdStrike pulled the update, companies across sectors were already dealing with the cascading consequences that required manual remediations.

By Matt Kapko • July 23, 2024

CrowdStrike, Microsoft scramble to contain fallout from global IT outage

Cybersecurity and IT experts said users are having major difficulties in recovery efforts, despite workarounds and guidance the vendors released.

By David Jones • July 22, 2024

CrowdStrike’s unforced error puts its reputation on the line

The widespread release of defective code suggests CrowdStrike didn’t properly test its update before it was released or that process failed to catch the mistake, experts said.

By Matt Kapko • July 22, 2024

CrowdStrike software update at the root of a massive global IT outage

A defective software update led to major disruptions in aviation, banking and other industries as Microsoft 365 services were impacted worldwide.

By David Jones • Updated July 19, 2024

Healthcare is an ‘easy victim’ for ransomware attacks. How hospitals can mitigate the damage.

Limited resources in a highly connected ecosystem can make hospitals vulnerable, but planning ahead and implementing key protections could help thwart attacks.

By Emily Olsen • July 19, 2024

Majority of SEC civil fraud case against SolarWinds dismissed, but core remains

The court ruling related to claims leading up to and immediately following the 2020 Sunburst supply chain hack.

By David Jones • Updated July 18, 2024

Larger deals propel cybersecurity funding to 2-year high in Q2

Bigger rounds for more mature startups fueled a sustained period of funding growth for the sector, according to Crunchbase.

By Matt Kapko • July 18, 2024

Nearly 1 in 3 software development professionals unaware of secure practices

The knowledge gap, identified in a Linux Foundation report, comes as malicious hackers increasingly target critical vulnerabilities.

By David Jones • July 16, 2024

Risk escalates as communication channels proliferate

The chance of losing data to a breach rises in tandem with the number of channels — like email and file sharing — that an organization uses.

By Robert Freedman • July 10, 2024

Snowflake allows admins to enforce MFA as breach investigations conclude

Three months after an attacker targeted more than 100 customer environments, Snowflake is making it easier for existing customers to enforce MFA, but it isn’t requiring it.

By Matt Kapko • July 9, 2024

3 key lessons for CISOs from recent medical cyber quakes

Medical-grade breaches result in casualties all around. So, what can be done to push back?

July 8, 2024

Supreme Court ruling on Chevron doctrine may upend future cybersecurity regulation

Experts expect new legal challenges against numerous agency cybersecurity requirements, including incident reporting mandates and rules governing critical infrastructure sectors.

By David Jones • Updated July 8, 2024

Microsoft alerts additional customers of state-linked threat group attacks

The company told customers the Midnight Blizzard attacks disclosed in January were more widespread than previously known.

By David Jones • June 28, 2024

Industrial cyberattacks fuel surge in OT cybersecurity spending

Operators in mining, oil and gas, utilities and manufacturing are among the top spenders, according to ABI Research.

By Matt Kapko • June 28, 2024

Cyber insurance terms drive companies to invest more in security, report finds

Though recovery costs continue to outpace coverage, companies are investing in network security to lower premiums and yield better policy terms.

By David Jones • June 26, 2024

Cloud security becoming top priority for companies worldwide

Application sprawl and the sensitive nature of the data organizations place in the cloud is complicating security, Thales found.

By David Jones • June 25, 2024

Ransomware victims are becoming less likely to pay up

Despite a jump in ransom demands last year, companies are plotting better defenses against attacks that can incur deep business interruption costs, Marsh said.

By Justin Bachman • June 21, 2024

MFA plays a rising role in major attacks, research finds

Poor configurations and deliberate MFA bypasses were at the center of numerous attacks in recent months, Cisco Talos found.

By David Jones • June 18, 2024

Microsoft president promises significant culture changes geared towards security

Brad Smith detailed plans to tie compensation to security, as lawmakers raised new questions about the company’s commitment to transparency.

By David Jones • June 14, 2024

Microsoft will take full ownership for security failures in House testimony

Brad Smith, the company’s vice chair and president, will acknowledge extensive security lapses while outlining steps the company, industry and nation need to move forward.

By David Jones • June 13, 2024