Threats
-
Water woes: A federal push for cyber mitigation is highlighting the sector’s fault lines
The water utility industry says they recognize the heightened threat environment, but the current federal push fails to account for their resource constraints.
By David Jones • March 28, 2024 -
Security concerns creep into generative AI adoption
As the AI ecosystem grows and more tools connect to internal data, threat actors have a wider field to introduce vulnerabilities.
By Lindsey Wilkinson • March 27, 2024 -
Trendline
Risk Management
Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues.
By Cybersecurity Dive staff -
Phishing remains top route to initial access
Tricking individuals to reveal sensitive information or grant access to systems doesn’t require technical expertise. These lures turn human behavior and trust into a weapon.
By Matt Kapko • March 26, 2024 -
Novel variant of wiper linked to Viasat attack during Ukraine war raises new fears
Researchers at SentinelLabs warn the new variant, called AcidPour, could place IoT, networking devices at risk.
By David Jones • March 22, 2024 -
Five Eyes implores critical infrastructure execs to take China-linked threats seriously
Officials are pushing tips to help potential victims detect and mitigate Volt Typhoon’s evasive techniques as the was warnings take on urgency.
By Matt Kapko • March 20, 2024 -
Threat actors are turning to novel malware as malicious attacks rise
BlackBerry identified 5,300 unique malware samples targeting its customers per day from September through December.
By David Jones • March 14, 2024 -
Ransomware festers as a top security challenge, US intel leaders say
U.S. intelligence leaders warn ransomware activity is growing, despite high profile efforts to seize threat actors’ infrastructure.
By Matt Kapko • March 12, 2024 -
Financial services sees sharp increase in DDoS attacks as geopolitical tensions rise
The industry became the most-targeted sector in 2023, driven by cyber hacktivist groups and more powerful botnets.
By David Jones • March 7, 2024 -
Yet another threat actor seen exploiting ConnectWise ScreenConnect
Kroll researchers identified a new malware variant threat actors are deploying against the rapidly exploited security vulnerabilities.
By David Jones • March 6, 2024 -
Utility regulators take steps to raise sector’s cybersecurity ‘baselines’
The voluntary cyber recommendations are intended to serve as a resource for state public utility commissions, utilities and distribution operators and aggregators.
By Robert Walton • Feb. 29, 2024 -
ConnectWise ScreenConnect critical CVE lures an array of threat actors
The company is urging all on-premises customers to upgrade to a secure version of the application as different threat groups ramp up exploits.
By David Jones • Feb. 29, 2024 -
Ivanti Connect Secure hackers hide in plain sight, evading protections
Mandiant researchers estimate thousands of devices have been exploited, and are urging users to check their systems with a newly updated tool.
By David Jones • Updated March 1, 2024 -
Cloud intrusions spiked 75% in 2023, CrowdStrike says
Threat actors are targeting organizations’ inconsistent cloud security systems to intrude networks and maintain persistence.
By Matt Kapko • Feb. 23, 2024 -
FBI-led operation disrupts botnet controlled by state-linked Forest Blizzard
Russia’s GRU-backed group exploited hundreds of vulnerable routers to conduct spear phishing and credential harvesting attacks against U.S. targets.
By David Jones • Feb. 16, 2024 -
OpenAI, Microsoft warn of state-linked actors’ AI use
Threat groups linked to Russia, China, North Korea and Iran were using AI in preparation for potential early stage hacking campaigns.
By David Jones • Feb. 15, 2024 -
National cyber director urges private sector collaboration to counter nation-state cyber threat
Harry Coker said the Biden administration is exploring plans to hold manufacturers accountable for poor security, while also working to harmonize regulations.
By David Jones • Feb. 9, 2024 -
CISA, FBI confirm critical infrastructure intrusions by China-linked hackers
Federal agencies urged critical infrastructure providers and tech manufacturers to take immediate action to protect against malicious threat activity from Volt Typhoon.
By David Jones • Feb. 7, 2024 -
Mortgage industry attack spree punctuates common errors
Attacks against Mr. Cooper Group, Fidelity National Financial, First American Financial and loanDepot impacted operations and put customers in a bind.
By Matt Kapko • Feb. 6, 2024 -
Schneider Electric restores sustainability operations after attack
The energy management company is still investigating the ransomware attack, which led to the theft of data.
By David Jones • Feb. 6, 2024 -
China-linked hackers primed to attack US critical infrastructure, FBI director says
Christopher Wray and other top cybersecurity officials warned state-linked hackers are prepositioning for catastrophic attacks to distract from a potential military action.
By David Jones • Feb. 1, 2024 -
What’s ahead for cybersecurity in 2024
A steady stream of threats and new regulations have executives tiptoeing around how to best detail security incidents.
By Naomi Eide • Jan. 31, 2024 -
In 2024, the cybersecurity industry awaits more regulation — and enforcement
Private sector companies and critical infrastructure providers will face unprecedented demands for product security, intelligence sharing and transparency on data security.
By David Jones • Jan. 31, 2024 -
AI-generated code leads to security issues for most businesses: report
More than three-quarters of developers bypass established protocols to use code completion tools despite potential risks, Snyk’s research found.
By Lindsey Wilkinson • Jan. 30, 2024 -
AI, fake CFOs drive soaring corporate payment-fraud attacks
Generative AI tools like ChatGPT are making it easier for scammers to create bogus texts and emails as well as deep-fake voices at scale.
By Alexei Alexis • Jan. 23, 2024 -
CISA’s 1,200 pre-ransomware alerts saved organizations millions in damages
The federal agency’s early warning system notified organizations across multiple critical infrastructure sectors of potential impending attacks.
By Matt Kapko • Jan. 19, 2024