Cyberattacks pose mounting risks to creditworthiness: Moody’s

“As more data becomes available — thanks to recently adopted disclosure requirements — attacks continue to proliferate,” a Moody’s executive said.

By Jim Tyson • June 6, 2024

Cyber risk is rising for poorly configured OT devices

Since late last year, researchers have identified more politically motivated groups targeting water and other key critical infrastructure systems.

By David Jones • June 3, 2024

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

Check Point Software customers targeted by hackers using old, local VPN accounts

The incidents mark the latest attempts to compromise organizations by exploiting vulnerable edge devices used for remote access.

By David Jones • May 28, 2024

Cyber officials, incident response teams brace for Memorial Day weekend

The holiday weekend has emerged as a prime opportunity for ransomware attacks as security operations teams scale down for the summer. 

By David Jones • May 24, 2024

Popular LLMs are insecure, UK AI Safety Institute warns

AI models released by “major labs” are highly vulnerable to even basic attempts to circumvent safeguards, the researchers found.

By Lindsey Wilkinson • May 23, 2024

EPA to ramp up enforcement as most water utilities lack cyber safeguards

The agency may consider taking civil and criminal penalties against utilities following months of attacks against drinking and wastewater treatment facilities.

By David Jones • May 21, 2024

Open source threat intel platform launched weeks after malicious backdoor targeted XZ Utils

OSSF developed warning system to protect open source maintainers, developers from social engineering, active exploits.

By David Jones • May 20, 2024

Microsoft warns of hacker misusing Quick Assist in Black Basta ransomware attacks

Threat researchers say a financially-motivated attacker has deployed the tool in social-engineering attacks since April.

By David Jones • May 17, 2024

AI raises CIO cyber anxieties

Using third-party generative AI products without the proper controls exposes existing security gaps, McKinsey and Co. Partner Jan Shelly Brown said Tuesday at the MIT Sloan CIO Symposium.

By Matt Ashare • May 17, 2024

National Cyber Director echoes past warnings: Nation-state cyber threats are mounting

State-linked actors with ties to China and Russia are growing more sophisticated in their efforts to disrupt critical infrastructure, Harry Coker Jr. said during a CyberUK conference keynote.

By David Jones • May 15, 2024

Only one-third of firms deploy safeguards against generative AI threats, report finds

Generative AI gives attackers an edge over cyber defenders, according to a Splunk survey of security experts.

By Jim Tyson • May 13, 2024

Generative AI is a looming cybersecurity threat

Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention. 

By Jen A. Miller , Naomi Eide • May 8, 2024

The US really wants to improve critical infrastructure cyber resilience

A report from the Office of the National Cyber Director highlights persistent threats targeting healthcare and water, echoing warnings from cyber officials earlier this year. 

By David Jones • May 8, 2024

Hacktivists exploiting poor cyber hygiene at critical infrastructure providers

CISA, the FBI and international partner agencies want water, energy, agriculture and other sectors to immediately reset passwords and apply multifactor authentication.

By David Jones • May 1, 2024

Cactus ransomware targets a handful of Qlik Sense CVEs

Security researchers warn the threat group is ramping up exploitation of previously disclosed flaws in the cloud platform.

By David Jones • April 29, 2024

The top 3 ways AI power supports a dynamic business

It’s time to welcome a new era of dynamic digital defense. Artificial intelligence (AI) is revolutionizing network security with autonomous learning, holistic collaboration and rapid response capabilities.

April 29, 2024

Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg

State-linked actors are using a custom tool for post exploitation activity of a vulnerability in Windows Print Spooler, which could result in credential theft and backdoor installs.

By David Jones • April 24, 2024

Enterprises are getting better at detecting security incidents

Google Cloud’s Mandiant saw significant improvements in how organizations track down threats, yet hackers are still abusing common threat vectors.

By David Jones • April 23, 2024

NSA sounds alarm on AI’s cybersecurity risks

Attack vectors unique to AI may attract malicious actors on the hunt for sensitive data or intellectual property, the NSA warned.

By Alexei Alexis • April 19, 2024

Fears rise of social engineering campaign as open source community spots another threat

Federal officials are said to be investigating potential links between the recent XZ Utils campaign and new threat activity against JavaScript project maintainers.

By David Jones • April 16, 2024

CISA to big tech: After XZ Utils, open source needs your support

The attempted malicious backdoor may have been part of a wider campaign using social engineering techniques, the open source community warned.

By David Jones • April 15, 2024

Federal agencies caught sharing credentials with Microsoft over email

U.S. government agencies are in jeopardy of Russia-linked cyberattacks, and although CISA isn’t aware of any compromised environments, officials warn the risk is exigent.

By Matt Kapko • April 12, 2024

FBI director echoes past warnings, as critical infrastructure hacking threat festers

Chris Wray says adversaries from China, Russia and Iran are ramping up cyber, espionage and other threat activity against key sectors, including water, energy and telecommunications.

By David Jones • April 11, 2024

CISA assessing threat to federal agencies from Microsoft adversary Midnight Blizzard

Microsoft previously warned that the Russia-linked threat group was expanding malicious activity following the hack of senior company executives, which it disclosed in January.

By David Jones • April 5, 2024

Motivations behind XZ Utils backdoor may extend beyond rogue maintainer

Security researchers are raising questions about whether the actor behind an attempted supply chain attack was engaged in a random, solo endeavor.

By David Jones • April 2, 2024