• A group of co-workers surround a computer screen
    Image attribution tooltip
    Yuri Arcurs via Getty Images

    DigitalOcean, caught in Mailchimp security incident, drops email vendor

    An attack on the email marketing firm raises questions about the continued risk of a supply chain compromise. 

    By Aug. 17, 2022
  • Illustration of locks layered above circuity.
    Image attribution tooltip
    Traitov/iStock/Getty via Getty Images

    The same old problems nag cybersecurity professionals

    Technical complexities abound as the perceived level of risk rises in an unrelenting fashion.

    By Aug. 17, 2022
  • Cyberattack and internet crime, hacking and malware concepts.
    Image attribution tooltip
    Techa Tungateja via Getty Images

    How attackers are breaking into organizations

    Threat actors lean heavily on phishing attacks, vulnerabilities in software and containers, and stolen credentials, according to top cyber vendor research.

    By Aug. 15, 2022
  • close up programmer man hand typing on keyboard laptop for register data system or access password at dark operation room , cyber security concept - stock photo
    Image attribution tooltip
    Chainarong Prasertthai via Getty Images

    Log4j was the right incident for inaugural review, safety board says

    The Cyber Safety Review Board worked with 80 different global stakeholders to better understand the Log4j incident — and its downstream potential. 

    By Aug. 11, 2022
  • cybersecurity stock photo
    Image attribution tooltip
    Yudram_TA via Getty Images

    Businesses boost software supply chain security, but strategies remain fragmented

    A study by the Enterprise Strategy Group shows more than one-third of organizations have been exploited by a known open source vulnerability.

    By Aug. 9, 2022
  • Image attribution tooltip
    Justin Sullivan via Getty Images

    Twitter vulnerability risk resurfaces, testing the security of pseudonymous users

    A threat actor learned of the vulnerability, which allowed an account identity to be exposed by entering a simple email or phone number.

    By Aug. 8, 2022
  • A password field reflected on a eye.
    Image attribution tooltip
    Leon Neal via Getty Images

    Slack resets passwords en masse after invite link vulnerability

    The bug, which went undetected for five years, impacts at least 60,000 users but likely more.

    By Aug. 5, 2022
  • Blue padlock made to resemble a circuit board and placed on binary computer code.
    Image attribution tooltip
    matejmo via Getty Images

    VMware discloses new authentication bypass vulnerability

    The virtualization giant advised customers to immediately deploy patches and said it’s not aware of any exploitation in the wild.

    By Aug. 2, 2022
  • Ransomware virus has encrypted data. Attacker is offering key to unlock encrypted data for money.
    Image attribution tooltip
    vchal via Getty Images

    Most cyberattacks come from ransomware, email compromise

    Attackers are scanning for vulnerabilities in unpatched systems within 15 minutes, stressing the pace and scale of the threat.

    By Aug. 1, 2022
  • Programming scripts on laptop monitor, unauthorized remote hacking of server
    Image attribution tooltip
    Motortion via Getty Images

    Threat actors shifting tactics as Microsoft blocks, unblocks and reblocks macros

    Proofpoint researchers say criminal hackers are turning to container files and Windows shortcuts to distribute malware.

    By July 29, 2022
  • Shot of a young businesswoman looking stressed while using a laptop during a late night at work.
    Image attribution tooltip
    Layla Bird via Getty Images

    Relentless vulnerabilities and patches induce cybersecurity burnout

    Cybersecurity professionals are confronting a chronic vulnerability-patch cycle and the situation is getting worse.

    By July 26, 2022
  • Image attribution tooltip
    Justin Sullivan via Getty Images

    Google backs federal review board's Log4j, open source security push

    The technology firm said it will continue investments and engage in more secure software practices to help prevent a future crisis similar to Log4j.

    By July 25, 2022
  • A password field reflected on a eye.
    Image attribution tooltip
    Leon Neal via Getty Images

    Atlassian urges rapid response after Confluence hardcoded password leaked

    The company's customers are confronting the second critical vulnerability on Confluence in as many months.

    By July 22, 2022
  • Server row light up with blue lights
    Image attribution tooltip
    Morris MacMatzen via Getty Images

    Network vulnerabilities declined in 2021, but attacks hit all-time high

    Five of the 10 most-exploited vulnerabilities last year were identified before 2020, and No. 3 dates back to 2017.

    By July 22, 2022
  • Server room (Sefa Ozel/Getty)
    Image attribution tooltip
    Sefa Ozel/Getty via Getty Images

    CISA releases indicators of compromise for hard-hit VMware Horizon

    Federal authorities warn a more complex form of malware is providing advanced persistent threat actors with vast command and control capabilities.

    By July 18, 2022
  • Computer language script and coding on screen.
    Image attribution tooltip
    themotioncloud via Getty Images

    Fake GitHub commits can trick developers into using malicious code

    Threat actors can easily alter the identity and timestamp associated with software updates, putting developers at serious risk, Checkmarx research shows.

    By July 18, 2022
  • The U.S. Capitol Building at night with lightning in the background.
    Image attribution tooltip
    Naomi Eide/Cybersecurity Dive

    Log4j is far from over, cyber review board says

    Exploitation of Log4j occurred at lower levels than experts predicted, yet it remains an "endemic vulnerability," the Cyber Safety Review Board said.

    By July 14, 2022
  • A large hallway with supercomputers inside a server room data center.
    Image attribution tooltip
    luza studios via Getty Images

    Threat actors favor brute force attacks to hit cloud services

    Google Cloud warned that organizations face their greatest threat due to weak passwords and vulnerable software.

    By July 12, 2022
  • A picture of the Microsoft campus in Redmond, Washington.
    Image attribution tooltip
    Stephen Brashear/Stringer via Getty Images

    Microsoft rollback on macro blocking in Office sows confusion

    The company said it remains "fully committed" to disabling macros by default, and the temporary measure will make the product more user friendly.

    By July 11, 2022
  • A person works next to a 5G logo.
    Image attribution tooltip
    David Ramos/Getty Images via Getty Images

    What to watch with 5G network security

    For wireless network carriers, 5G is a model of what’s next. But it also introduces features and services that dramatically expand the threat surface.

    By July 8, 2022
  • A man in shadow looks at his mobile device near a lit up Apple logo.
    Image attribution tooltip
    Drew Angerer/Getty via Getty Images

    Apple's coming security features an answer to government-backed spyware

    While some mobile security experts hail Lockdown Mode as a breakthrough, others warn the features will not extend to third-party apps.

    By July 7, 2022
  • A bronze depiction of ancient god Medusa with snakes in her hair on a teal background.
    Image attribution tooltip
    Paul Campbell via Getty Images

    Federal authorities warn MedusaLocker ransomware targeting remote desktop vulnerabilities

    The ransomware as a service group began targeting healthcare and other industries in 2019. In recent months, activity has surged once again.

    By July 1, 2022
  • Communication network concept. GUI (Graphical User Interface).
    Image attribution tooltip
    metamorworks via Getty Images

    Organizations lag on confidence and policies to manage open source security

    It's taking longer for companies to find open source vulnerabilities, and shaky policies mean only the most critical vulnerabilities are attended to. 

    By June 24, 2022
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

    Attackers keep targeting VMware Horizon, exploiting unpatched Log4Shell

    In one case, CISA found multiple threat actors compromising an organization using Log4Shell, which leveraged access to gain remote command and control.

    By June 24, 2022
  • Programming scripts on laptop monitor, unauthorized remote hacking of server
    Image attribution tooltip
    Motortion via Getty Images

    Dozens of vulnerabilities threaten major OT device makers

    Researchers from Forescout’s Vedere Labs found 56 vulnerabilities across big names like Honeywell and Motorola raising design-level security concerns.

    By June 21, 2022