Threats
-
State CISOs up against a growing threat environment with minimal funding, report finds
A report by Deloitte and NASCIO warns that states do not have the resources necessary to fight state-backed and criminal threat groups.
By David Jones • Oct. 2, 2024 -
Phishing remains cloud intrusion tactic of choice for threat groups
The long-lasting effectiveness and success of phishing campaigns underscores the most central challenge in cybersecurity — people are the weakest link.
By Matt Kapko • Oct. 2, 2024 -
Trendline
Risk Management
Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues.
By Cybersecurity Dive staff -
CISA again raises alarm on hacktivist threat to water utilities
The alert comes just days after an attack against a water treatment facility in Kansas.
By David Jones • Sept. 26, 2024 -
Data privacy concerns swirl around generative AI adoption
IT and business professionals fear the technology's adoption can lead to data leakage, according to a Deloitte report.
By Roberto Torres • Sept. 25, 2024 -
Dark web exposure is āhighly correlatedā with cyberattack risk
Organizations that are mentioned in dark web market listings are more than twice as likely to experience an attack, Marsh McLennan found.
By Alexei Alexis • Sept. 24, 2024 -
Cybersecurity firm flags attack on construction accounting system
Users of Foundation Software, which serves 43,000 construction pros, may be at risk of intrusion if they still use default credentials, according to cybersecurity firm Huntress.
By Matthew Thibault • Sept. 20, 2024 -
Port of Seattle official flags a cyber dilemma, āone-way streetā with federal agencies
A ransomware atttack disrupted the Seattle-Tacoma International Airport for weeks. Part of the problem, one official said, is that federal cyber recommendations are not timely.
By Matt Kapko • Sept. 19, 2024 -
Open source maintainers, under security pressure, remain largely unpaid after XZ Utils
A report by Tidelift shows an equity gap remains between open source developers and well-resourced software users who are pushing for higher security standards.
By David Jones • Sept. 17, 2024 -
Valid accounts remain top access point for critical infrastructure attacks, officials say
CISA attributed 2 in 5 successful intrusions to valid account abuse last year, but that is down from 2022.
By Matt Kapko • Sept. 17, 2024 -
Sponsored by Code42, now a part of Mimecast
Keeping data secure in the age of generative AI
Generative AI is reshaping industries, but with innovation comes new data security challenges. Are your cybersecurity practices keeping up?
By Rob Juncker, CTO of Code42, now part of Mimecast • Sept. 16, 2024 -
Mastercardās $2.65B Recorded Future acquisition to buttress its security business
While Mastercard has cybersecurity oversight needs for its cards and payments businesses, it also sells security services to other companies, including banks and fintechs.
By Lynne Marek • Sept. 13, 2024 -
Cyber insurance keeps growing, as threats spur competition
Concerns remain about aggregation risk as highlighted by the July outage of Microsoft Windows devices, according to a report from Moody’s Ratings.
By David Jones • Sept. 9, 2024 -
Deepfake scams escalate, hitting more than half of businesses
The vast majority of corporate finance professionals, 85%, now view such scams as an “existential” threat, a Medius study found.
By Alexei Alexis • Sept. 4, 2024 -
Prolific RansomHub engaged in attack spree, feds warn
The group has been among the most active threat groups of 2024, and is linked to a tool that can neutralize endpoint security.
By David Jones • Sept. 4, 2024 -
Microsoft is training developers on the intricacies of threat intelligence
Cybercrime wonk Sherrod DeGrippo is taking Microsoft’s software developers and engineers on a journey into her world, the depths of threat intelligence.
By Matt Kapko • Sept. 4, 2024 -
Halliburton confirms data stolen in August cyberattack
The company continues to incur expenses related to the attack, but does not expect a material impact.
By David Jones • Sept. 3, 2024 -
Iran-linked actors ramping up cyberattacks on US critical infrastructure
Nation-state attacker are exploiting vulnerabilities in products from Check Point Software, Palo Alto Networks and others to attack multiple industries.
By David Jones • Sept. 3, 2024 -
Volt Typhoon exploiting zero-day in campaign targeting ISPs, MSPs
Researchers from Black Lotus Labs warn the state-linked adversary is exploiting a vulnerability in Versa Director using custom web shells against the telecom sector.
By David Jones • Aug. 28, 2024 -
Marketing data security threats are rising: Where CMOs see gaps
While marketers prioritize working with data security teams, effective communication remains a struggle, according to research from the CMO Council and KPMG.
By Peter Adams • Aug. 23, 2024 -
DDoS attacks surge since late 2023, telecom still in hot seat
The report comes just weeks after a DDoS attack disrupted Microsoft Azure for about eight hours.
By David Jones • Aug. 15, 2024 -
M&A activity can amplify ransomware insurance losses, research finds
The financial severity of claims related to ransomware attacks increased more than 400% from 2022 to 2023, the study found.
By Alexei Alexis • Aug. 14, 2024 -
CrowdStrike snafu was a ādress rehearsalā for critical infrastructure disruptions, CISA director says
Despite the disruption, Jen Easterly said the outage was a "useful exercise" to determine the resiliency of critical infrastructure organizations.
By Matt Kapko • Aug. 8, 2024 -
Federal watchdog urges EPA to develop comprehensive cyber strategy to protect water systems
The report comes amid a rise in malicious cyberthreats from state-linked and criminal hackers targeting U.S. drinking water and water treatment facilities.
By David Jones • Aug. 6, 2024 -
Sponsored by Rockwell Automation
Water systems under siege: How CISOs can protect critical infrastructure from cyberthreats
As regulatory oversight evolves, most CISOs are focused on modernizing and improving OT cybersecurity.
July 29, 2024 -
Dragos warns of novel malware targeting industrial control systems
FrostyGoop, the ninth ICS-specific malware observed by Dragos, was linked to a January attack on an energy provider in Ukraine.
By David Jones • July 23, 2024