Threats


  • Digital technology vector background depicting a cyberattack.
    Image attribution tooltip
    WhataWin via Getty Images
    Image attribution tooltip

    Ivanti Connect Secure hackers hide in plain sight, evading protections

    Mandiant researchers estimate thousands of organizations have been exploited, and are urging users to check their systems with a newly updated tool.

    By Feb. 27, 2024
  • CrowdStrike booth at RSA Conference in San Francisco.
    Image attribution tooltip
    Matt Kapko/Cybersecurity Dive
    Image attribution tooltip

    Cloud intrusions spiked 75% in 2023, CrowdStrike says

    Threat actors are targeting organizations’ inconsistent cloud security systems to intrude networks and maintain persistence.

    By Feb. 23, 2024
  • A wall of binary code is partly unzippered, revealing the face of Ben Franklin as seen on the $100 bill. Explore the Trendline
    Image attribution tooltip
    imagedepotpro via Getty Images
    Image attribution tooltip
    Trendline

    Top 5 stories from Cybersecurity Dive

    A wave of rules, regulations and federal action is putting pressure on businesses to shore up security amid a backdrop of emboldened threat actors has a nice ring to it.

    By Cybersecurity Dive staff
  • Grunge flags illustration of three countries with conflict and political problems (cracked concrete background) | USA, China and Russia
    Image attribution tooltip
    Barks_japan via Getty Images
    Image attribution tooltip

    FBI-led operation disrupts botnet controlled by state-linked Forest Blizzard

    Russia’s GRU-backed group exploited hundreds of vulnerable routers to conduct spear phishing and credential harvesting attacks against U.S. targets.

    By Feb. 16, 2024
  • Microsoft CEO Satya Nadella speaks as OpenAI CEO Sam Altman looks on during the OpenAI DevDay event on November 06, 2023 in San Francisco, California.
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    OpenAI, Microsoft warn of state-linked actors’ AI use

    Threat groups linked to Russia, China, North Korea and Iran were using AI in preparation for potential early stage hacking campaigns.

    By Feb. 15, 2024
  • National Cyber Director Harry Coker speaks in Washington.
    Image attribution tooltip
    Permission granted by Information Technology Industry Council
    Image attribution tooltip

    National cyber director urges private sector collaboration to counter nation-state cyber threat

    Harry Coker said the Biden administration is exploring plans to hold manufacturers accountable for poor security, while also working to harmonize regulations.

    By Feb. 9, 2024
  • FBI Director Chris Wray speaks at a House Select Committee hearing on Volt Typhoon. CISA Director Jen Easterly and NSA Director Gen. Paul Nakasone look on.
    Image attribution tooltip
    Kevin Dietsch via Getty Images
    Image attribution tooltip

    CISA, FBI confirm critical infrastructure intrusions by China-linked hackers

    Federal agencies urged critical infrastructure providers and tech manufacturers to take immediate action to protect against malicious threat activity from Volt Typhoon.

    By Feb. 7, 2024
  • Coin stack on international banknotes with house model on table.
    Image attribution tooltip
    Zephyr18 via Getty Images
    Image attribution tooltip

    Mortgage industry attack spree punctuates common errors

    Attacks against Mr. Cooper Group, Fidelity National Financial, First American Financial and loanDepot impacted operations and put customers in a bind.

    By Feb. 6, 2024
  • Schneider Electric restores sustainability operations after attack

    The energy management company is still investigating the ransomware attack, which led to the theft of data.

    By Feb. 6, 2024
  • Oil Or Gas Transportation With Blue Gas Or Pipe Line Valves On Soil And Sunrise Background
    Image attribution tooltip
    onurdongel via Getty Images
    Image attribution tooltip

    China-linked hackers primed to attack US critical infrastructure, FBI director says

    Christopher Wray and other top cybersecurity officials warned state-linked hackers are prepositioning for catastrophic attacks to distract from a potential military action. 

    By Feb. 1, 2024
  • The U.S. Capitol Building at night with lightning in the background.
    Image attribution tooltip
    Naomi Eide/Cybersecurity Dive
    Image attribution tooltip

    What’s ahead for cybersecurity in 2024

    A steady stream of threats and new regulations have executives tiptoeing around how to best detail security incidents.

    By Jan. 31, 2024
  • Gary Gensler speaks with his hand outstretched, seated before a microphone.
    Image attribution tooltip
    Win McNamee via Getty Images
    Image attribution tooltip

    In 2024, the cybersecurity industry awaits more regulation — and enforcement

    Private sector companies and critical infrastructure providers will face unprecedented demands for product security, intelligence sharing and transparency on data security.

    By Jan. 31, 2024
  • IT workers code in office
    Image attribution tooltip
    AnnaStills via Getty Images
    Image attribution tooltip

    AI-generated code leads to security issues for most businesses: report

    More than three-quarters of developers bypass established protocols to use code completion tools despite potential risks, Snyk’s research found. 

    By Lindsey Wilkinson • Jan. 30, 2024
  • Computer hacker stealing data from a laptop.
    Image attribution tooltip
    BrianAJackson via Getty Images
    Image attribution tooltip

    AI, fake CFOs drive soaring corporate payment-fraud attacks

    Generative AI tools like ChatGPT are making it easier for scammers to create bogus texts and emails as well as deep-fake voices at scale.

    By Alexei Alexis • Jan. 23, 2024
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA’s 1,200 pre-ransomware alerts saved organizations millions in damages

    The federal agency’s early warning system notified organizations across multiple critical infrastructure sectors of potential impending attacks.

    By Jan. 19, 2024
  • cybersecurity, talent shortage, retention, leadership
    Image attribution tooltip
    Getty Images via Getty Images
    Image attribution tooltip

    Ivanti Connect Secure devices face active exploitation, patch schedule staggered

    Unauthenticated attackers can take control of systems by exploiting the zero days, which a suspected state-linked threat actor is chaining together. 

    By Jan. 11, 2024
  • Rendering of digital data code in safety security technology concept.
    Image attribution tooltip
    iStock/Getty Images Plus via Getty Images
    Image attribution tooltip

    5 cybersecurity trends to watch in 2024

    Preventative measures remain woefully unmet, the scourge of ransomware is as bad as its ever been, and a wave of new incident reporting and compliance regulations are taking hold. Buckle up, 2024 is here.

    By , Jan. 10, 2024
  • The welcome screen for the OpenAI ChatGPT app is displayed on a laptop screen.
    Image attribution tooltip
    Leon Neal via Getty Images
    Image attribution tooltip

    How to ensure data privacy in a ChatGPT world

    CISOs and CIOs have to balance the need to restrict sensitive data from generative AI tools with the need for businesses to use these tools to improve processes and increase productivity. 

    By Sue Poremba • Jan. 9, 2024
  • Exclamation mark depicted over code.
    Image attribution tooltip
    WhataWin/Getty Images via Getty Images
    Image attribution tooltip

    DDoS attack traffic surged in 2023, Cloudflare finds

    Elevated malicious DDoS activity coincided with mass exploits of the novel zero-day vulnerability HTTP/2 Rapid Reset, which threat actors used to launch DDoS attacks last year.

    By Jan. 9, 2024
  • Santa Claus
    Image attribution tooltip
    iStock / Getty Images Plus via Getty Images
    Image attribution tooltip

    Fleeting fake delivery phishing campaign targets last-minute shoppers

    Text messages disguised as urgent or failed delivery notifications can create tension between impersonated delivery service companies and legitimate customers.

    By Dec. 22, 2023
  • A round industrial building behind a pool of water with a walkway over top
    Image attribution tooltip
    (2008). Retrieved from Environmental Protection Agency.
    Image attribution tooltip

    Water utility cyberattacks underscore ongoing threat to OT

    U.S. officials urged water utilities and industrial sites to employ basic configuration safeguards like securing internet-facing devices and changing default passwords following a series of attacks.

    By Dec. 5, 2023
  • A wastewater treatment plant powered by wind turbines and solar panels near Atlantic City in New Jersey, USA. Aerial elevated view at the sunset.
    Image attribution tooltip
    Alex Potemkin via Getty Images
    Image attribution tooltip

    Authorities raise alarm on threats against water, other critical sectors

    An ongoing cyber campaign against Unitronics PLC devices has impacted multiple U.S. water facilities, but authorities are also monitoring energy, healthcare, and food and beverage manufacturing.

    By Dec. 4, 2023
  • A close up of the Department of Treasury seal on the front of the headquarters with "the Department of Treasury" and "1789" on an outer circle and a shield with the scales of justice up top and a key.
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    For financial services firms, a pattern of malicious cyber activity is emerging

    The suspected ransomware attack against Fidelity National Financial marks the latest in a series of incidents, leading regulators to take additional enforcement actions.

    By Nov. 29, 2023
  • Exterior of Citrix office complex.
    Image attribution tooltip
    Justin Sullivan/Getty Images via Getty Images
    Image attribution tooltip

    CitrixBleed worries mount as nation state, criminal groups launch exploits

    LockBit 3.0 affiliates targeted a unit of Boeing and federal authorities have alerted almost 300 organizations they are vulnerable to attack.

    By Nov. 22, 2023
  • Black Friday weekend 25% off discount banner in a boutique.
    Image attribution tooltip
    Shaun Taylor via Getty Images
    Image attribution tooltip

    Retailers brace for cyberthreat feast ahead of Thanksgiving shopping weekend

    A rise in social engineering and generative AI pose increased risks as phishing attacks and ransomware gain speed and grow more sophisticated.

    By Nov. 21, 2023
  • Programming scripts on laptop monitor, unauthorized remote hacking of server
    Image attribution tooltip
    Motortion via Getty Images
    Image attribution tooltip

    SMBs hit by rise in legitimate tool-based attacks

    Attackers are moving away from malware and evading detection by abusing remote monitoring and management software, according to Huntress research.

    By Nov. 21, 2023