Iran-linked attackers hit critical infrastructure with brute force

CISA and the FBI warn healthcare, government, IT and other sectors of password spraying and multifactor authentication push bombing.

By Matt Kapko • Oct. 17, 2024

State CISOs up against a growing threat environment with minimal funding, report finds

A report by Deloitte and NASCIO warns that states do not have the resources necessary to fight state-backed and criminal threat groups.

By David Jones • Oct. 2, 2024

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

Phishing remains cloud intrusion tactic of choice for threat groups

The long-lasting effectiveness and success of phishing campaigns underscores the most central challenge in cybersecurity — people are the weakest link.

By Matt Kapko • Oct. 2, 2024

CISA again raises alarm on hacktivist threat to water utilities

The alert comes just days after an attack against a water treatment facility in Kansas.

By David Jones • Sept. 26, 2024

Data privacy concerns swirl around generative AI adoption

IT and business professionals fear the technology's adoption can lead to data leakage, according to a Deloitte report.

By Roberto Torres • Sept. 25, 2024

Dark web exposure is ‘highly correlated’ with cyberattack risk

Organizations that are mentioned in dark web market listings are more than twice as likely to experience an attack, Marsh McLennan found.

By Alexei Alexis • Sept. 24, 2024

Cybersecurity firm flags attack on construction accounting system

Users of Foundation Software, which serves 43,000 construction pros, may be at risk of intrusion if they still use default credentials, according to cybersecurity firm Huntress.

By Matthew Thibault • Sept. 20, 2024

Port of Seattle official flags a cyber dilemma, ‘one-way street’ with federal agencies

A ransomware atttack disrupted the Seattle-Tacoma International Airport for weeks. Part of the problem, one official said, is that federal cyber recommendations are not timely.

By Matt Kapko • Sept. 19, 2024

Open source maintainers, under security pressure, remain largely unpaid after XZ Utils

A report by Tidelift shows an equity gap remains between open source developers and well-resourced software users who are pushing for higher security standards.

By David Jones • Sept. 17, 2024

Valid accounts remain top access point for critical infrastructure attacks, officials say

CISA attributed 2 in 5 successful intrusions to valid account abuse last year, but that is down from 2022.

By Matt Kapko • Sept. 17, 2024

Keeping data secure in the age of generative AI

Generative AI is reshaping industries, but with innovation comes new data security challenges. Are your cybersecurity practices keeping up?

By Rob Juncker, CTO of Code42, now part of Mimecast • Sept. 16, 2024

Mastercard’s $2.65B Recorded Future acquisition to buttress its security business

While Mastercard has cybersecurity oversight needs for its cards and payments businesses, it also sells security services to other companies, including banks and fintechs. 

By Lynne Marek • Sept. 13, 2024

Cyber insurance keeps growing, as threats spur competition

Concerns remain about aggregation risk as highlighted by the July outage of Microsoft Windows devices, according to a report from Moody’s Ratings.

By David Jones • Sept. 9, 2024

Deepfake scams escalate, hitting more than half of businesses

The vast majority of corporate finance professionals, 85%, now view such scams as an “existential” threat, a Medius study found.

By Alexei Alexis • Sept. 4, 2024

Prolific RansomHub engaged in attack spree, feds warn

The group has been among the most active threat groups of 2024, and is linked to a tool that can neutralize endpoint security.

By David Jones • Sept. 4, 2024

Microsoft is training developers on the intricacies of threat intelligence

Cybercrime wonk Sherrod DeGrippo is taking Microsoft’s software developers and engineers on a journey into her world, the depths of threat intelligence.

By Matt Kapko • Sept. 4, 2024

Halliburton confirms data stolen in August cyberattack

The company continues to incur expenses related to the attack, but does not expect a material impact. 

By David Jones • Sept. 3, 2024

Iran-linked actors ramping up cyberattacks on US critical infrastructure

Nation-state attacker are exploiting vulnerabilities in products from Check Point Software, Palo Alto Networks and others to attack multiple industries.

By David Jones • Sept. 3, 2024

Volt Typhoon exploiting zero-day in campaign targeting ISPs, MSPs

Researchers from Black Lotus Labs warn the state-linked adversary is exploiting a vulnerability in Versa Director using custom web shells against the telecom sector.

By David Jones • Aug. 28, 2024

Marketing data security threats are rising: Where CMOs see gaps

While marketers prioritize working with data security teams, effective communication remains a struggle, according to research from the CMO Council and KPMG. 

By Peter Adams • Aug. 23, 2024

DDoS attacks surge since late 2023, telecom still in hot seat

The report comes just weeks after a DDoS attack disrupted Microsoft Azure for about eight hours.

By David Jones • Aug. 15, 2024

M&A activity can amplify ransomware insurance losses, research finds

The financial severity of claims related to ransomware attacks increased more than 400% from 2022 to 2023, the study found.

By Alexei Alexis • Aug. 14, 2024

CrowdStrike snafu was a ‘dress rehearsal’ for critical infrastructure disruptions, CISA director says

Despite the disruption, Jen Easterly said the outage was a "useful exercise" to determine the resiliency of critical infrastructure organizations.

By Matt Kapko • Aug. 8, 2024

Federal watchdog urges EPA to develop comprehensive cyber strategy to protect water systems

The report comes amid a rise in malicious cyberthreats from state-linked and criminal hackers targeting U.S. drinking water and water treatment facilities.

By David Jones • Aug. 6, 2024

Water systems under siege: How CISOs can protect critical infrastructure from cyberthreats

As regulatory oversight evolves, most CISOs are focused on modernizing and improving OT cybersecurity.

July 29, 2024