Threats

SolarWinds missed early security warnings

Lawmakers scrutinized SolarWinds' security practices, including its use of "solarwinds123" as a password, a lapse blamed on a former intern. 

By David Jones • March 01, 2021

How Target bridges communication gaps between threat intel analysis, detection teams

The WAVE matrix, a tool the retailer built in-house, is transferable to smaller teams with employees covering multiple security domains.

By Samantha Schwartz • Feb. 25, 2021

Cloud is a haven for malware, Netskope finds

Phishing and malware pushed companies to focus on protecting endpoints and assessing cloud storage security, especially in a remote work environment.

By Samantha Schwartz • Feb. 24, 2021

Apple faces new malware threats as company makes enterprise push

Apple made recent inroads with corporate customers and is detailing extensive security upgrades as a way of attracting enterprise customers. Through it all, new techniques test the company's defenses.

By David Jones • Feb. 23, 2021

Universities, companies battle the same cyberthreats, toppled by sophisticated actors

BlueVoyant research shows top U.S. schools have major weaknesses defending against the most common threats: ransomware and data breaches.

By Samantha Schwartz • Feb. 23, 2021

Microsoft says it was not a SolarWinds attack vector, after completing internal probe

The company confirmed limited amounts of source code for Azure, Exchange and Intune were downloaded.

By David Jones • Feb. 19, 2021

How can data manipulation impact the bottom line?

Factoring disinformation into a threat model can allow a company to combat lies and protect its reputation.

By Samantha Schwartz • Feb. 17, 2021

Ransomware, poor security drove spike in healthcare breaches in 2020

A rise in ransomware and phishing attacks led to a 55% increase in healthcare breaches last year, according to Bitglass.

By David Jones • Feb. 17, 2021

One-third of analysts ignore security alerts, survey finds

With an ever-increasing number of alerts, identifying what to ignore is an impossible mission without scalable technology.

By Samantha Schwartz • Feb. 16, 2021

Organizations running SolarWinds Orion online drops 25% since December: report

A report by RiskRecon shows only 8% of entities operating on the internet actually upgraded to later versions based on SolarWinds security recommendations.

By David Jones • Feb. 12, 2021

Software supply chain hacks highlight an ugly truth: The build process is broken

Software makers are coming to terms with security gaps they knew existed as the fallout from the SolarWinds hack continues.

By Samantha Schwartz • Feb. 11, 2021

Open source blind trust the culprit in ethical breach of 35 companies

Microsoft, one of the breached companies, encourages organizations to use controlled scopes, namespaces or prefixes to protect package names.

By Samantha Schwartz • Feb. 10, 2021

SolarWinds fallout turns security eye to Microsoft Office 365

Office 365 has been linked to incidents ranging from points of compromise to the unauthorized email access of government officials.

By David Jones • Feb. 09, 2021

Half of phishing attacks cause ransomware infections: report

Not only did bad actors ask for additional ransoms but more companies are also paying them. 

By Samantha Schwartz • Feb. 08, 2021

SolarWinds fallout could last for years, as power industry secures vulnerable equipment: Dragos CEO

The energy sector is experiencing a "digital transformation with a threat convergence," the CEO of security company Dragos told the U.S. Department of Energy.

By Robert Walton • Feb. 05, 2021

Mimecast to cut 4% of workforce in restructuring as breach probe continues

More than half of Mimecast's business stems from protecting Office 365, which has become a significant target for cyberattacks, Mimecast CEO Peter Bauer said.

By David Jones • Feb. 04, 2021

Cyberattacks cost financial firms $4.7M on average last year: report

Weak endpoints and a lack of policy enforcement are imposing extra costs on companies as home-based workers remain vulnerable.

By David Jones • Jan. 28, 2021

Actors behind Ryuk testing different operations, challenging attribution

Ransomware's most prominent threat groups are forcing companies to make the malware a permanent part of their threat models. 

By Samantha Schwartz • Jan. 26, 2021

Cyberthreat trends in the remote work landscape

With more workers logging in from home, companies face new cybersecurity challenges and opportunities.

By David Jones • Jan. 25, 2021

Cyber defense panel sees more private sector coordination following SolarWinds

Defense and intelligence experts say federal agencies need to strengthen private sector support, intelligence sharing to prevent the next big nation-state attack. 

By David Jones • Jan. 20, 2021

Malwarebytes attack linked to SolarWinds' nation-state actors, CEO says

Microsoft notified the cybersecurity firm of a compromise involving Office 365 and Azure consistent with prior nation-state attacks.

By David Jones • Jan. 20, 2021

Financial services companies embrace cloud as security concerns grow

Equifax CISO and a study from Nutanix address how investing in cloud security helps to protect sensitive financial data.

By David Jones • Jan. 15, 2021

Mimecast attributes supply chain attack to SolarWinds' hackers

The global email security provider was hit by a malicious attack that compromised a certificate used to authenticate some Microsoft 365 products. 

By David Jones • UPDATED: Jan. 26, 2021 at 11:31 a.m.

Hackers accessed cloud services using phishing, 'pass-the-cookie' attacks, CISA says

In one case, the agency found threat actors accessed a user's account "with proper multi-factor authentication," circumventing the favored security method. 

By Samantha Schwartz • Jan. 14, 2021

Attackers used password spraying, guessing in SolarWinds hack

As experts investigate the damage, the latest CISA update points to a constant in cybersecurity: weak passwords.

By Samantha Schwartz • Jan. 11, 2021