Threats: Page 3
-
National Cyber Director echoes past warnings: Nation-state cyber threats are mounting
State-linked actors with ties to China and Russia are growing more sophisticated in their efforts to disrupt critical infrastructure, Harry Coker Jr. said during a CyberUK conference keynote.
By David Jones • May 15, 2024 -
Only one-third of firms deploy safeguards against generative AI threats, report finds
Generative AI gives attackers an edge over cyber defenders, according to a Splunk survey of security experts.
By Jim Tyson • May 13, 2024 -
Trendline
Risk Management
Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues.
By Cybersecurity Dive staff -
Generative AI is a looming cybersecurity threat
Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention.
By Jen A. Miller , Naomi Eide • May 8, 2024 -
The US really wants to improve critical infrastructure cyber resilience
A report from the Office of the National Cyber Director highlights persistent threats targeting healthcare and water, echoing warnings from cyber officials earlier this year.
By David Jones • May 8, 2024 -
Hacktivists exploiting poor cyber hygiene at critical infrastructure providers
CISA, the FBI and international partner agencies want water, energy, agriculture and other sectors to immediately reset passwords and apply multifactor authentication.
By David Jones • May 1, 2024 -
Cactus ransomware targets a handful of Qlik Sense CVEs
Security researchers warn the threat group is ramping up exploitation of previously disclosed flaws in the cloud platform.
By David Jones • April 29, 2024 -
Sponsored by Fortinet
The top 3 ways AI power supports a dynamic business
It’s time to welcome a new era of dynamic digital defense. Artificial intelligence (AI) is revolutionizing network security with autonomous learning, holistic collaboration and rapid response capabilities.
April 29, 2024 -
Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg
State-linked actors are using a custom tool for post exploitation activity of a vulnerability in Windows Print Spooler, which could result in credential theft and backdoor installs.
By David Jones • April 24, 2024 -
Enterprises are getting better at detecting security incidents
Google Cloud’s Mandiant saw significant improvements in how organizations track down threats, yet hackers are still abusing common threat vectors.
By David Jones • April 23, 2024 -
NSA sounds alarm on AI’s cybersecurity risks
Attack vectors unique to AI may attract malicious actors on the hunt for sensitive data or intellectual property, the NSA warned.
By Alexei Alexis • April 19, 2024 -
Fears rise of social engineering campaign as open source community spots another threat
Federal officials are said to be investigating potential links between the recent XZ Utils campaign and new threat activity against JavaScript project maintainers.
By David Jones • April 16, 2024 -
CISA to big tech: After XZ Utils, open source needs your support
The attempted malicious backdoor may have been part of a wider campaign using social engineering techniques, the open source community warned.
By David Jones • April 15, 2024 -
Federal agencies caught sharing credentials with Microsoft over email
U.S. government agencies are in jeopardy of Russia-linked cyberattacks, and although CISA isn’t aware of any compromised environments, officials warn the risk is exigent.
By Matt Kapko • April 12, 2024 -
FBI director echoes past warnings, as critical infrastructure hacking threat festers
Chris Wray says adversaries from China, Russia and Iran are ramping up cyber, espionage and other threat activity against key sectors, including water, energy and telecommunications.
By David Jones • April 11, 2024 -
CISA assessing threat to federal agencies from Microsoft adversary Midnight Blizzard
Microsoft previously warned that the Russia-linked threat group was expanding malicious activity following the hack of senior company executives, which it disclosed in January.
By David Jones • April 5, 2024 -
Motivations behind XZ Utils backdoor may extend beyond rogue maintainer
Security researchers are raising questions about whether the actor behind an attempted supply chain attack was engaged in a random, solo endeavor.
By David Jones • April 2, 2024 -
Water woes: A federal push for cyber mitigation is highlighting the sector’s fault lines
The water utility industry says they recognize the heightened threat environment, but the current federal push fails to account for their resource constraints.
By David Jones • March 28, 2024 -
Security concerns creep into generative AI adoption
As the AI ecosystem grows and more tools connect to internal data, threat actors have a wider field to introduce vulnerabilities.
By Lindsey Wilkinson • March 27, 2024 -
Phishing remains top route to initial access
Tricking individuals to reveal sensitive information turns human behavior and trust into a weapon.
By Matt Kapko • March 26, 2024 -
Novel variant of wiper linked to Viasat attack during Ukraine war raises new fears
Researchers at SentinelLabs warn the new variant, called AcidPour, could place IoT, networking devices at risk.
By David Jones • March 22, 2024 -
Five Eyes implores critical infrastructure execs to take China-linked threats seriously
Officials are pushing tips to help potential victims detect and mitigate Volt Typhoon’s evasive techniques as the was warnings take on urgency.
By Matt Kapko • March 20, 2024 -
Threat actors are turning to novel malware as malicious attacks rise
BlackBerry identified 5,300 unique malware samples targeting its customers per day from September through December.
By David Jones • March 14, 2024 -
Ransomware festers as a top security challenge, US intel leaders say
U.S. intelligence leaders warn ransomware activity is growing, despite high profile efforts to seize threat actors’ infrastructure.
By Matt Kapko • March 12, 2024 -
Financial services sees sharp increase in DDoS attacks as geopolitical tensions rise
The industry became the most-targeted sector in 2023, driven by cyber hacktivist groups and more powerful botnets.
By David Jones • March 7, 2024 -
Yet another threat actor seen exploiting ConnectWise ScreenConnect
Kroll researchers identified a new malware variant threat actors are deploying against the rapidly exploited security vulnerabilities.
By David Jones • March 6, 2024