Threats: Page 32
-
One-third of analysts ignore security alerts, survey finds
With an ever-increasing number of alerts, identifying what to ignore is an impossible mission without scalable technology.
By Samantha Schwartz • Feb. 16, 2021 -
Organizations running SolarWinds Orion online drops 25% since December: report
A report by RiskRecon shows only 8% of entities operating on the internet actually upgraded to later versions based on SolarWinds security recommendations.
By David Jones • Feb. 12, 2021 -
Explore the Trendline➔
Getty Images
TrendlineManaging identity sprawl
Cyber threat actors know the simplest way to hack into an enterprise and remain under the radar is with stolen, legitimate user credentials -- and cloud services and AI are making managing and securing digital identities more challenging than ever.
By Cybersecurity Dive staff -
Rangel, David. [photograph]. Retrieved from https://unsplash.com/photos/4m7gmLNr3M0.
Software supply chain hacks highlight an ugly truth: The build process is broken
Software makers are coming to terms with security gaps they knew existed as the fallout from the SolarWinds hack continues.
By Samantha Schwartz • Feb. 11, 2021 -
Open source blind trust the culprit in ethical breach of 35 companies
Microsoft, one of the breached companies, encourages organizations to use controlled scopes, namespaces or prefixes to protect package names.
By Samantha Schwartz • Feb. 10, 2021 -
Getty Images
Long-term SolarWinds consequencesSolarWinds fallout turns security eye to Microsoft Office 365
Office 365 has been linked to incidents ranging from points of compromise to the unauthorized email access of government officials.
By David Jones • Feb. 9, 2021 -
Half of phishing attacks cause ransomware infections: report
Not only did bad actors ask for additional ransoms but more companies are also paying them.
By Samantha Schwartz • Feb. 8, 2021 -
SolarWinds fallout could last for years, as power industry secures vulnerable equipment: Dragos CEO
The energy sector is experiencing a "digital transformation with a threat convergence," the CEO of security company Dragos told the U.S. Department of Energy.
By Robert Walton • Feb. 5, 2021 -
Mimecast to cut 4% of workforce in restructuring as breach probe continues
More than half of Mimecast's business stems from protecting Office 365, which has become a significant target for cyberattacks, Mimecast CEO Peter Bauer said.
By David Jones • Feb. 4, 2021 -
Rangel, David. [photograph]. Retrieved from https://unsplash.com/photos/4m7gmLNr3M0.
Cyberattacks cost financial firms $4.7M on average last year: report
Weak endpoints and a lack of policy enforcement are imposing extra costs on companies as home-based workers remain vulnerable.
By David Jones • Jan. 28, 2021 -
Actors behind Ryuk testing different operations, challenging attribution
Ransomware's most prominent threat groups are forcing companies to make the malware a permanent part of their threat models.
By Samantha Schwartz • Jan. 26, 2021 -
DESIGNECOLOGIST. [Photograph]. Retrieved from Unsplash.
Cyberthreat trends in the remote work landscape
With more workers logging in from home, companies face new cybersecurity challenges and opportunities.
By David Jones • Jan. 25, 2021 -
Cyber defense panel sees more private sector coordination following SolarWinds
Defense and intelligence experts say federal agencies need to strengthen private sector support, intelligence sharing to prevent the next big nation-state attack.
By David Jones • Jan. 20, 2021 -
Kendall Davis/Cybersecurity Dive
Malwarebytes attack linked to SolarWinds' nation-state actors, CEO says
Microsoft notified the cybersecurity firm of a compromise involving Office 365 and Azure consistent with prior nation-state attacks.
By David Jones • Jan. 20, 2021 -
Financial services companies embrace cloud as security concerns grow
Equifax CISO and a study from Nutanix address how investing in cloud security helps to protect sensitive financial data.
By David Jones • Jan. 15, 2021 -
Samoilov, Yuri, yuri.samoilov.online/. (2014). "System Lock" [Photograph]. Retrieved from Flickr.
Hackers accessed cloud services using phishing, 'pass-the-cookie' attacks, CISA says
In one case, the agency found threat actors accessed a user's account "with proper multi-factor authentication," circumventing the favored security method.
By Samantha Schwartz • Jan. 14, 2021 -
Mimecast attributes supply chain attack to SolarWinds' hackers
The global email security provider was hit by a malicious attack that compromised a certificate used to authenticate some Microsoft 365 products.
By David Jones • Updated Jan. 26, 2021 -
Attackers used password spraying, guessing in SolarWinds hack
As experts investigate the damage, the latest CISA update points to a constant in cybersecurity: weak passwords.
By Samantha Schwartz • Jan. 11, 2021 -
Brian Tucker/Cybersecurity Dive
With cyber bureau, State Department brings diplomacy to threat landscape
CISOs and security experts see the federal bureau as a potential bridge to help align the government and private sector as nation-states pose increased threats.
By David Jones • Updated Jan. 11, 2021 -
thanyakij, bongkarn. (2019). Retrieved from Pexels.
Poor software quality cost businesses $2 trillion last year and put security at risk
The COVID-19 pandemic played a role in the rise of operational software failure, said the Consortium for Information & Software Quality.
By Roberto Torres • Jan. 11, 2021 -
Fast-growing gaming industry faces rising threat of account compromise
A report from KELA shows one million compromised accounts and thousands of leaked employee credentials in underground markets.
By David Jones • Jan. 5, 2021 -
Getty Images
Defending the unknown: Companies may not be getting the full story on cyberthreats
Because of the way some data is presented, there is no way to know what vital information might be missing.
By Sue Poremba • Jan. 4, 2021 -
How one hospital is defending against ransomware
By the time the Ryuk ransomware alert was issued, Rush Memorial Hospital had at least two risk mitigation measures: improved backup as a service and a systems engineer with an evasion plan.
By Samantha Schwartz • Dec. 22, 2020 -
Tracking SolarWinds cyberattack fallout, play-by-play
As more companies are discovering impact from the SolarWinds hack, attention is turning toward far-reaching supply chain vulnerabilities.
By Samantha Schwartz , David Jones , Naomi Eide , Katie Malone • Updated Jan. 4, 2021 -
CISA warns of more backdoors beyond SolarWinds Orion
The extent of compromised data is not disclosed. What is clear? Threat actors relied on the supply chain for widespread access.
By Samantha Schwartz • Dec. 17, 2020 -
Kendall Davis/Cybersecurity Dive
Microsoft to begin blocking binaries linked to SolarWinds cyberattack
Microsoft Defender Antivirus will quarantine the trojan before it can begin processing, though the company said "it may not be simple to remove the product from service."
By Samantha Schwartz • Dec. 16, 2020
Previous
