Enterprise security leaders fear rising AI use among threat actors: report

Some experts are urging companies to incorporate AI into their cyber defense strategies, while others view the threat of AI as overhyped marketing.

By David Jones • April 9, 2021

Companies missing security in rushed cloud adoptions

While misconfigurations are likely unknown today, they have the potential to become critical vulnerabilities.

By Samantha Schwartz • April 6, 2021

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

2020 was a record year for K-12 cybersecurity incidents

U.S. schools faced 408 publicized incidents — an 18% increase over 2019, according to the K-12 Cybersecurity Resource Center. 

By Roger Riddell • April 1, 2021

Shift online exposed and expanded college cybersecurity vulnerabilities

Ransomware attacks doubled from 2019 to 2020, according to one report, and experts say the increased use of virtual tools opened up new threats.

By Sue Poremba • March 31, 2021

To combat open source insecurity, companies need tech and leadership

With software dependencies commonplace, it's up to industry to clear a path to greater supply chain security in software.

By Samantha Schwartz • March 26, 2021

Babuk ransomware group emerges with new claims against US companies

The threat actor emerges amid heightened ransomware concerns following the Microsoft Exchange server attacks.

By David Jones • March 26, 2021

Operational threat intelligence leans on facts, less anecdotal evidence

Digesting threat intelligence looks different in IT environments than OT.

By Samantha Schwartz • March 25, 2021

Threat data sharing considered critical to defense amid rise in sophisticated attacks: report

A Ponemon Institute study shows the value of actionable data as lawmakers and the Biden administration work to encourage intelligence sharing. 

By David Jones • March 24, 2021

As cyber insurers quantify risk, security spending provides little info

Quantifying risk appetite, an assessment insurance premiums are based on, is an imperfect science for providers and customers.

By Samantha Schwartz • March 24, 2021

70% of malicious DNS traffic in tech is cryptomining, phishing: Cisco

Researchers suggested tech employees were unfamiliar with company policies, triggering cryptomining blocks in Cisco Umbrella. 

By Samantha Schwartz • March 23, 2021

SolarWinds threat actors accessing Microsoft 365 by altering permissions

Mandiant observed a threat actor linked to the SolarWinds campaign using a stealthy approach to read email in targeted mailboxes.

By David Jones • March 22, 2021

Microsoft deploys more updates to contain Exchange server fallout

The FBI and CISA are warning of additional threats from nation states and threat actors as patching and security updates leave many vulnerable companies exposed. 

By David Jones • March 12, 2021

DearCry ransomware latching onto Exchange hack, Microsoft says

Patching is the only answer — for now.

By Samantha Schwartz • March 12, 2021

What's in your software? Federal initiative targets frequently overlooked electric utility vulnerabilities

Software supply chain issues are the subject of a new collaboration between the electric power sector and federal government.

By Robert Walton • March 11, 2021

Enterprises scramble to secure Microsoft Exchange as cybercriminals rush in

Researchers fear, more than two months after the threat was discovered, criminal hackers have had plenty of time to loot data or plant undetected seeds of compromise.

By David Jones • March 10, 2021

55% of healthcare breaches feature ransomware: report

The healthcare industry is a favored target by cybercriminals: Hospitals cannot tolerate downtime or put off emergency patient care.

By Samantha Schwartz • March 10, 2021

How do companies assess risk? It's a system-by-system question

Every piece of technology is vulnerable to threat actors, but each organization and cybersecurity team decides which software and technology adds risk to its business operations.

By Sue Poremba • March 9, 2021

Microsoft Exchange server compromise escalates as mitigation efforts fall short

Officials warn that patching may not fix compromised systems, while tens of thousands of customers are potentially at risk.

By David Jones • March 8, 2021

3 new malware strains show persistence, sophistication of SolarWinds actor

The malware strains, identified by Microsoft, were used in targeted, late-stage attacks to compromise a select number of companies last year. 

By David Jones • March 5, 2021

Malicious email campaigns target business platforms following remote work surge

Phishing attacks are more becoming targeted, less frequent and use PII to harvest credentials.

By David Jones • March 4, 2021

What makes ransomware a constant enterprise pain point

Threat groups mimic and manipulate the tactics, techniques and procedures of other groups, making ransomware attacks more difficult to prevent. 

By Samantha Schwartz • March 3, 2021

Exploited Microsoft Exchange campaign hits hundreds of organizations, researchers find

The nation-state campaign, which Microsoft has linked to China, have targeted on-premises Exchange server vulnerabilities to steal U.S. enterprise data. 

By David Jones • March 3, 2021

SolarWinds missed early security warnings

Lawmakers scrutinized SolarWinds' security practices, including its use of "solarwinds123" as a password, a lapse blamed on a former intern. 

By David Jones • March 1, 2021

How Target bridges communication gaps between threat intel analysis, detection teams

The WAVE matrix, a tool the retailer built in-house, is transferable to smaller teams with employees covering multiple security domains.

By Samantha Schwartz • Feb. 25, 2021

Cloud is a haven for malware, Netskope finds

Phishing and malware pushed companies to focus on protecting endpoints and assessing cloud storage security, especially in a remote work environment.

By Samantha Schwartz • Feb. 24, 2021