Threats


  • A depiction of computer hardware.
    Image attribution tooltip
    solarseven via Getty Images

    Infostealer malware surges on dark web amid rise in MFA fatigue attacks

    Lapsus$, one of the most prolific ransomware actors of 2022, has utilized such tactics to breach a number of high-profile organizations.

    By Dec. 5, 2022
  • A man in a suit stands behind a chair while holding its back.
    Image attribution tooltip
    Chip Somodevilla via Getty Images

    Cyber Safety Review Board to probe Lapsus$ ransomware spree

    Following an inaugural review of Log4j, the board will investigate the threat actor’s prolific campaign of cyber extortion against major companies, including Uber, T-Mobile and Nvidia.

    By Dec. 2, 2022
  • A sign is posted in front of a Walmart store on November 16, 2021 in American Canyon, California.
    Image attribution tooltip
    Justin Sullivan via Getty Images

    Walmart security, operating at a vast scale, turns to automation

    Security operations centers, part of Walmart Global Tech, process 6 trillion data points each year, a feat unattainable through manual methods. 

    By Nov. 30, 2022
  • A man and young woman sit and look at a tablet next to a Christmas tree.
    Image attribution tooltip
    bernardbodo via Getty Images

    ‘Tis the season for shopping and scams, CISA warns

    Adversaries exploit individuals hunting for the best deals online during the holiday shopping season. If a deal looks too good to be true, trust your instincts — it's not.

    By Nov. 23, 2022
  • A row of blue lockers in an empty school hallway.
    Image attribution tooltip
    Stock Photo via Getty Images

    K-12 schools lack resources, funding to combat ransomware threat

    One-fifth of schools spend less than 1% of their IT budgets on security, a MS-ISAC report shows.

    By Nov. 14, 2022
  • Image depicts the implementation of cybersecurity with a lock displayed over a screen.
    Image attribution tooltip
    anyaberkut via Getty Images

    Citrix CVEs need urgent security updates, CISA says

    Though there's no active exploitation yet, Tenable researchers warn they expect threat actors to target the Citrix systems in the near term.

    By Nov. 10, 2022
  • cybersecurity stock photo
    Image attribution tooltip
    Yudram_TA via Getty Images

    Face it, password policies and managers are not protecting users

    Passwords haven’t worked as a solid security strategy in a long time. The policies are there, so why are passwords security’s weak spot?

    By Sue Poremba • Nov. 7, 2022
  • Funny glasses depicted against a gray wall
    Image attribution tooltip
    iStock / Getty Images via Getty Images

    No, your CEO is not texting you

    Everyone wants to stay on good terms with their employer. Threat actors know this too, and they exploit this weakness accordingly. Don’t fall for it.

    By Nov. 3, 2022
  • A depiction of computer hardware.
    Image attribution tooltip
    solarseven via Getty Images

    Industrial providers ramp up cyber risk posture as OT threats evolve

    The majority of industrial organizations have increased OT security budgets and conducted security audits but aging technology and staffing woes persist, a new report found. 

    By Oct. 31, 2022
  • A row of desks sit empty in a classroom with the desk in the forefront having a notebook and pencil sitting on top.
    Image attribution tooltip
    diane39 via Getty Images

    GAO to feds: More coordination needed to strengthen K-12 cybersecurity

    The government watchdog said the Ed Department and CISA have “little to no interaction” with other agencies and the K-12 community on cybersecurity.

    By Anna Merod • Oct. 25, 2022
  • Kevin Mandia, CEO, Mandiant, keynote during the Mandiant Cyber Defense Summit 2021
    Image attribution tooltip
    Samantha Schwartz/Cybersecurity Dive

    Mandiant CEO pledges to automate threat intel under Google

    Google’s chops in artificial intelligence, cloud computing and analytics play a central role in Mandiant’s emboldened vision.

    By Oct. 17, 2022
  • Rendered image depicting global networks.
    Image attribution tooltip
    DKosig via Getty Images

    Lloyd’s, after proactively taking systems offline, finds no evidence of compromise

    Lloyd’s plans to restore full service by Wednesday after an investigation with Mandiant, NTT and its internal team.

    By Oct. 10, 2022
  • A rendering of an empty hospital corridor with a reception desk.
    Image attribution tooltip
    Ninoon via Getty Images

    Details emerge on CommonSpirit’s ‘IT security incident’ as more regions report disruptions

    Some CommonSpirit hospitals across the country have been cut off from their electronic health records forcing them to revert to paper charts. 

    By Samantha Liss • Oct. 5, 2022
  • Cloud icon in center with networks surrounding
    Image attribution tooltip
    Andy via Getty Images

    State-linked actor targets VMware hypervisors with novel malware

    The technique was discovered by Mandiant researchers looking into a campaign designed to avoid EDR detection.

    By Sept. 29, 2022
  • Cloud computing technology internet on binary code with abstract background. Cloud Service, Cloud Storage Concept. 3D render.
    Image attribution tooltip
    Peach_iStock via Getty Images

    Most organizations had a cloud-related security incident in the past year

    Security leaders consider the risk of cloud-based incidents higher than on-premises incidents, yet they expect to move more applications to the cloud. 

    By Sept. 28, 2022
  • A lit Microsoft log seen above a group of people in shadow.
    Image attribution tooltip
    Jeenah Moon via Getty Images

    Malicious OAuth applications used to control Exchange tenants in sweepstakes scam

    Microsoft researchers said a threat actor launched credential-stuffing attacks against high-risk accounts that failed to deploy multifactor authentication.

    By Sept. 23, 2022
  • Cyberattack and internet crime, hacking and malware concepts.
    Image attribution tooltip
    Techa Tungateja via Getty Images

    Stolen single sign-on credentials for major firms available for sale on dark web

    Stolen SSO credentials are available for half of the top 20 public companies, and 25% of the entire S&P 500, BitSight found.

    By Sept. 21, 2022
  • A stack of $20 U.S. bills lay on top of a scattering of more $20 bills.
    Image attribution tooltip
    Maksym Kapliuk via Getty Images

    State education leaders prioritize cybersecurity, but lack funding

    In a survey by the State Educational Technology Directors Association, 57% of respondents said their state provides a low amount of funding for cybersecurity.

    By Anna Merod • Sept. 15, 2022
  • Windmills behind a field of solar panels.
    Image attribution tooltip
    Kevork Djansezian via Getty Images

    Energy providers hit by North Korea-linked Lazarus exploiting Log4j VMware vulnerabilities

    Cisco Talos researchers observed the advanced persistent threat actor infiltrating networks during a six-month campaign.

    By Sept. 13, 2022
  • Statue of Alexander Hamilton.
    Image attribution tooltip
    Chip Somodevilla via Getty Images

    US Treasury sanctions Iran intelligence agency following Albanian government attack

    The Treasury Department said Iran has engaged in malicious cyber activity against government and private sector organizations, including critical infrastructure targets, since at least 2007.

    By Sept. 12, 2022
  • Cyberattack and internet crime, hacking and malware concepts.
    Image attribution tooltip
    Techa Tungateja via Getty Images

    Researchers warn older D-Link routers are under threat from Mirai malware variant

    Attackers are leveraging vulnerabilities in the devices to build botnets and launch DDoS attacks, according to Palo Alto Networks research.

    By Sept. 8, 2022
  • Lloyd's employee at company headquarters
    Image attribution tooltip
    Matt Cardy via Getty Images

    Changing cyber insurance guidance from Lloyd’s reflects a market in turmoil

    Rising ransomware attacks and higher payout demands have battered the insurance industry, leaving many organizations exposed and vulnerable. 

    By Aug. 29, 2022
  • Woman Walking On Staircase Of Building
    Image attribution tooltip
    Ceres Van Hal / EyeEm via Getty Images
    Sponsored by Delinea

    How does Privileged Access Management work?

    The model is a framework to help you set the right PAM foundation and get your organization on the PAM journey, now and in the future.

    Aug. 29, 2022
  • Blue padlock made to resemble a circuit board and placed on binary computer code.
    Image attribution tooltip
    matejmo via Getty Images

    Tips for how to safeguard against third-party attacks

    Organizations need to demand and ensure all vendors implement rigorous security measures. Sometimes the least likely tools pose the most risk. 

    By Aug. 25, 2022
  • Digital technology vector background depicting a cyberattack.
    Image attribution tooltip
    WhataWin via Getty Images

    Ransomware attack surges tied to crypto spikes

    Not every ransomware attempt leads to a successful attack. But with more attempts comes more potential damage.

    By Aug. 24, 2022