Threats


  • FTC sweep of dark patterns of SaaS companies
    Image attribution tooltip
    AntonioGuillem via Getty Images
    Image attribution tooltip

    76% of SaaS companies use ‘dark patterns,’ analysis finds

    With federal regulators and states clamping down on the practice, companies might take a hard look at how they’re presenting information on their websites and in their apps.

    By Robert Freedman • July 11, 2024
  • Young businessman working alone at his desk on desktop computer in an open space modern coworking office.
    Image attribution tooltip
    .shock via Getty Images
    Image attribution tooltip

    Risk escalates as communication channels proliferate

    The chance of losing data to a breach rises in tandem with the number of channels — like email and file sharing — that an organization uses.

    By Robert Freedman • July 10, 2024
  • A close up of a cursor arrow hovering over an X on a screen, pixelated with red, blue and green colors. Explore the Trendline
    Image attribution tooltip
    ar-chi via Getty Images
    Image attribution tooltip
    Trendline

    Risk Management

    Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

    By Cybersecurity Dive staff
  • Rendering of digital data code in safety security technology concept.
    Image attribution tooltip
    iStock/Getty Images Plus via Getty Images
    Image attribution tooltip

    Microsoft warns of elevated risk in Rockwell Automation PanelView Plus CVEs

    Microsoft researchers warn the vulnerabilities can be exploited, potentially resulting in remote code execution and denial of service.

    By July 3, 2024
  • A bicyclist rides by a sign that is posted in front of the Cisco Systems headquarters on August 10, 2011 in San Jose, California.
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Cisco Nexus devices zero day raises alarms despite CVSS score

    Though the NX-OS CVE only has a 6.0 score, a suspected espionage actor is deploying custom malware to exploit a command injection vulnerability in a range of switching devices.

    By July 2, 2024
  • Cars are parked in a multistory garage.
    Image attribution tooltip
    dies-irae via Getty Images
    Image attribution tooltip

    Cybersecurity is now a top concern for auto industry, report finds

    Automotive leaders fear exposure to threats will worsen as the sector invests more in technology to drive efficiencies, Rockwell Automation found.

    By Kalena Thomhave • July 2, 2024
  • Microsoft President and Vice Chair Brad Smith speaks April 12, 2023, at the Semafor World Economy Summit in Washington D.C.
    Image attribution tooltip
    Drew Angerer via Getty Images
    Image attribution tooltip

    Microsoft alerts additional customers of state-linked threat group attacks

    The company told customers the Midnight Blizzard attacks disclosed in January were more widespread than previously known.

    By June 28, 2024
  • Cybersecurity professionals walk into the RSA Conference at the Moscone Center in San Francisco on May 6, 2024.
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive/Cybersecurity Dive
    Image attribution tooltip

    Is the cybersecurity industry ready for AI?

    As cybersecurity teams focus on how to thwart threat actors, they are missing the risks around the data they are sharing willingly.

    By Sue Poremba • June 24, 2024
  • Silhouette of a hacker sitting in front of a monitor with yellow code in a dark room. Shallow depth of field.
    Image attribution tooltip
    HenrikNorway via Getty Images
    Image attribution tooltip

    IT pros worry over the data that fuels AI

    More than 2 in 5 technologists have already had a negative AI experience, according to a SolarWinds survey.

    By Matt Ashare • June 20, 2024
  • Man using facial recognition technology on city street
    Image attribution tooltip
    LeoPatrizi via Getty Images
    Image attribution tooltip

    MFA plays a rising role in major attacks, research finds

    Poor configurations and deliberate MFA bypasses were at the center of numerous attacks in recent months, Cisco Talos found.

    By June 18, 2024
  • Fingers hover over a computer keyboard with numbers on a screen, against a shadowy backdrop.
    Image attribution tooltip
    jariyawat thinsandee via Getty Images
    Image attribution tooltip

    Cyberattacks pose mounting risks to creditworthiness: Moody’s

    “As more data becomes available — thanks to recently adopted disclosure requirements — attacks continue to proliferate,” a Moody’s executive said.

    By Jim Tyson • June 6, 2024
  • The red lock and its structure explode in a digital computer setting.
    Image attribution tooltip
    TU IS via Getty Images
    Image attribution tooltip

    Cyber risk is rising for poorly configured OT devices

    Since late last year, researchers have identified more politically motivated groups targeting water and other key critical infrastructure systems.

    By June 3, 2024
  • Team of hackers dressed in black work on computers in dark room.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Check Point Software customers targeted by hackers using old, local VPN accounts

    The incidents mark the latest attempts to compromise organizations by exploiting vulnerable edge devices used for remote access.

    By May 28, 2024
  • A long curved desk with banks of computer monitors mounted on the wall.
    Image attribution tooltip
    tonymelony via Getty Images
    Image attribution tooltip

    Cyber officials, incident response teams brace for Memorial Day weekend

    The holiday weekend has emerged as a prime opportunity for ransomware attacks as security operations teams scale down for the summer. 

    By May 24, 2024
  • In an aerial view, cars drive by the San Francisco skyline as they cross the San Francisco-Oakland Bay Bridge on October 27, 2022 in San Francisco, California.
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Popular LLMs are insecure, UK AI Safety Institute warns

    AI models released by “major labs” are highly vulnerable to even basic attempts to circumvent safeguards, the researchers found.

    By Lindsey Wilkinson • May 23, 2024
  • Water rushing out of a pipeline and onto a wheat field.
    Image attribution tooltip
    lnzyx for iStock via Getty Images
    Image attribution tooltip

    EPA to ramp up enforcement as most water utilities lack cyber safeguards

    The agency may consider taking civil and criminal penalties against utilities following months of attacks against drinking and wastewater treatment facilities.

    By May 21, 2024
  • Close-up Focus on Person's Hands Typing on the Desktop Computer Keyboard
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Open source threat intel platform launched weeks after malicious backdoor targeted XZ Utils

    OSSF developed warning system to protect open source maintainers, developers from social engineering, active exploits.

    By May 20, 2024
  • Team of hackers dressed in black work on computers in dark room.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Microsoft warns of hacker misusing Quick Assist in Black Basta ransomware attacks

    Threat researchers say a financially-motivated attacker has deployed the tool in social-engineering attacks since April.

    By May 17, 2024
  • For technologists speak at a panel on stage
    Image attribution tooltip
    Matt Ashare/Cybersecurity Dive
    Image attribution tooltip

    AI raises CIO cyber anxieties

    Using third-party generative AI products without the proper controls exposes existing security gaps, McKinsey and Co. Partner Jan Shelly Brown said Tuesday at the MIT Sloan CIO Symposium.

    By Matt Ashare • May 17, 2024
  • U.S. National Cyber Director Harry Coker Jr. speaks during keynote at CyberUK 2024.
    Image attribution tooltip
    Permission granted by Matthew Horwood
    Image attribution tooltip

    National Cyber Director echoes past warnings: Nation-state cyber threats are mounting

    State-linked actors with ties to China and Russia are growing more sophisticated in their efforts to disrupt critical infrastructure, Harry Coker Jr. said during a CyberUK conference keynote.

    By May 15, 2024
  • Fingers hover over a computer keyboard with numbers on a screen, against a shadowy backdrop.
    Image attribution tooltip
    jariyawat thinsandee via Getty Images
    Image attribution tooltip

    Only one-third of firms deploy safeguards against generative AI threats, report finds

    Generative AI gives attackers an edge over cyber defenders, according to a Splunk survey of security experts.

    By Jim Tyson • May 13, 2024
  • A digital outline of a brain with lights emerging from the stem, creating a half circle that looks like the globe.
    Image attribution tooltip
    dem10 via Getty Images
    Image attribution tooltip

    Generative AI is a looming cybersecurity threat

    Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention. 

    By Jen A. Miller , May 8, 2024
  • National Cyber Director Harry Coker speaks in Washington.
    Image attribution tooltip
    Permission granted by Information Technology Industry Council
    Image attribution tooltip

    The US really wants to improve critical infrastructure cyber resilience

    A report from the Office of the National Cyber Director highlights persistent threats targeting healthcare and water, echoing warnings from cyber officials earlier this year. 

    By May 8, 2024
  • Sewage water flowing into river body and polluting the water and environment.
    Image attribution tooltip
    Cinefootage Visuals via Getty Images
    Image attribution tooltip

    Hacktivists exploiting poor cyber hygiene at critical infrastructure providers

    CISA, the FBI and international partner agencies want water, energy, agriculture and other sectors to immediately reset passwords and apply multifactor authentication.

    By May 1, 2024
  • Rendered image depicting global networks.
    Image attribution tooltip
    DKosig via Getty Images
    Image attribution tooltip

    Cactus ransomware targets a handful of Qlik Sense CVEs

    Security researchers warn the threat group is ramping up exploitation of previously disclosed flaws in the cloud platform.

    By April 29, 2024
  • Robot and human hands close to each other.
    Image attribution tooltip
    Permission granted by Fortinet
    Image attribution tooltip
    Sponsored by Fortinet

    The top 3 ways AI power supports a dynamic business

    It’s time to welcome a new era of dynamic digital defense. Artificial intelligence (AI) is revolutionizing network security with autonomous learning, holistic collaboration and rapid response capabilities.

    April 29, 2024