Companies need a wakeup call to fix chronic security shortcomings, cyber experts say

One researcher wonders if the industry needs another Snowden-like moment to spring organizations into action.

By Matt Kapko • May 3, 2023

Merck cyber coverage upheld in NotPetya decision, seen as victory for policyholders

A court victory in the closely watched insurance case is expected to stabilize a turbulent market and provide some assurance for organizations amid a rise in nation-state activity.

By David Jones • May 3, 2023

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

3 areas of generative AI the NSA is watching in cybersecurity

Generative AI is a “technological explosion,” NSA Cybersecurity Director Rob Joyce said. While it is game changing, it hasn’t yet delivered. 

By Matt Kapko • May 1, 2023

Organizations are boosting resilience, getting faster at incident response

While the number of data security incidents remained level between 2021 and 2022, companies improved recovery thanks to stronger security measures, BakerHostetler found.

By David Jones • May 1, 2023

Teenagers, young adults pose prevalent cyberthreat to US, Mandiant says

The brains behind high-profile attacks last year, teenagers and young adults use sophisticated social engineering techniques for intrusions.

By Matt Kapko • April 25, 2023

Early warning threat information platform launched for OT

The platform will provide a vendor-agnostic option for sharing early threat information and intelligence across industries, the group said Monday. 

By David Jones • April 24, 2023

Threat actors can use ChatGPT to sharpen cyberthreats, but no need to panic yet

Startling dangers, such as autonomous attack mechanisms and sophisticated malware coding, have yet to materialize. For now, the threat is more specific.

By Matt Kapko • April 21, 2023

3CX attack caused by another supply chain attack, Mandiant says

Mandiant Consulting CTO Charles Carmakal called the incident very novel and quite scary after the firm traced the attack to a previous compromise in financial trading software from Trading Technologies.

By Matt Kapko • April 20, 2023

Microsoft summons weather events to name threat actors

Under the new taxonomy, a blizzard or typhoon designation represents a nation-state actor and financially motivated threat actors fall under the family name tempest.

By Matt Kapko • April 19, 2023

ChatGPT at work: What’s the cyber risk for employers?

The use of ChatGPT could run afoul of company policy, copyright concerns, customer confidentiality or even international privacy laws, BlackBerry’s CISO writes. Here’s what businesses should consider.  

By Arvind Raman • April 11, 2023

Leftover data lurks across the enterprise, creating a business risk

When an organization has little visibility into the data in its possession, it becomes even more vulnerable to data leaks, breaches, and both insider and external threats. 

By Sue Poremba • April 7, 2023

Palo Alto security software stung by ransomware strain

Check Point researchers say the “Rorschach” ransomware – found during an attack on a U.S. company – may be the fastest ever seen.

By David Jones • April 4, 2023

Threat intelligence isn’t for everyone, Google says

Most security professionals don’t have the time to read a 10-page threat intelligence report, let alone put those insights into action.

By Matt Kapko • March 23, 2023

Google Cloud joins FS-ISAC’s critical providers program to share threat intel

The move is part of a wider industry effort to enhance supply chain security in the financial services sector.

By David Jones • March 17, 2023

Bank failure panic fuels moment of opportunity for threat actors

As regulators step in to operate Silicon Valley Bank, threat hunters and security executives warned organizations to look out for malicious activity.

By Matt Kapko • March 14, 2023

CISA launches ransomware warning pilot for critical infrastructure providers

The agency already warned dozens of organizations about ProxyNotShell.

By David Jones • March 14, 2023

Threat actors can use ChatGPT, too. Here’s what businesses should watch

While IT departments seek enterprise applications, cyber teams must be on the lookout for attacks using the generative AI technology.

By Lindsey Wilkinson • Feb. 22, 2023

Economic volatility to exacerbate cyber risk in 2023

A potential recession could lead to delayed innovation and inadequate budgets for long-term investments, the Bipartisan Policy Center said in a report.

By Matt Kapko • Feb. 14, 2023

Companies often operate in dark with little applied threat intelligence

A report by Google Cloud’s Mandiant shows companies are making cybersecurity decisions without a full understanding of what they’re up against.

By David Jones • Feb. 13, 2023

Half of executives expect an increase in cyber incidents targeting financial data: report

A poll by Deloitte shows organizations are not well prepared to handle a rise in attacks targeting sensitive accounting and financial information.

By David Jones • Feb. 8, 2023

Sports betting apps fumble open source, placing users at risk

On the cusp of Super Bowl 57, researchers from Synopsys warned popular mobile betting apps face a higher than average risk of being hacked.

By David Jones • Feb. 7, 2023

Hive takedown puts ‘small dent’ in ransomware problem

Successful law enforcement actions against ransomware can only do so much. The threat is omnipresent, lucrative and largely in the shadows.

By Matt Kapko • Feb. 6, 2023

Threat actors are using remote monitoring software to launch phishing attacks

A joint warning from CISA, the NSA and MS-ISAC warns APT actors could leverage legitimate tools using help-desk themed lures to gain persistence. 

By David Jones • Jan. 26, 2023

World Economic Forum officials warn global instability could lead to catastrophic cyber event

A report released at the WEF said top business leaders and security experts fear heightened geopolitical tensions could result in a major attack in the next two years.

By David Jones • Jan. 19, 2023

Threat actors lure phishing victims with phony salary bumps, bonuses

Multiple campaigns underscore threat actors’ ability to shift tactics and target employees by exploiting current events and themes.

By Matt Kapko • Jan. 19, 2023