Who is liable for flawed software? New guidance upends the security standard

Development practices and safe harbor provisions are the subject of major debate as work to implement the White Houses’ cyber strategy begins.

By David Jones • March 6, 2023

An ongoing SOC skills shortage could spell trouble for compliance

Without skilled analysts to monitor the SOC, the risk of a successful cyberattack breaking through a company’s defenses grows. 

By Sue Poremba • March 1, 2023

LastPass compromise grew worse after DevOps engineer targeted for encryption key

A threat actor used data from multiple breaches and a vulnerability on a high-level employee’s home computer to steal customer passwords.

By Matt Kapko • Feb. 28, 2023

Google backs federal push for tech to embrace ‘secure by design’

CISA has urged the technology industry to develop more resilient products before they reach customers.

By David Jones • Feb. 15, 2023

What’s known about the ESXiArgs ransomware hitting VMware servers

An initial strain affected thousands of devices before a new variant emerged. The latest burst of attacks hit Saturday.

By Matt Kapko • Feb. 15, 2023

VMware ransomware was on the rise leading up to ESXiArgs spree, research finds

Recorded Future analysis underscores a growing ransomware threat confronting organizations using VMware ESXi.

By Matt Kapko • Feb. 13, 2023

VMware ransomware evolves to evade data recovery, reinfects servers

The new ESXiArgs strain has reinfected more than 1,150 VMware servers and represents more than 4 in 5 live infections, according to open-source ransomware data.

By Matt Kapko • Feb. 10, 2023

Unsophisticated ransomware campaign targeting VMware ripe for copycats

Ransomware doesn’t typically hit thousands of potential victims at once. “All of it’s very strange,” one security researcher said.

By Matt Kapko • Feb. 8, 2023

Sports betting apps fumble open source, placing users at risk

On the cusp of Super Bowl 57, researchers from Synopsys warned popular mobile betting apps face a higher than average risk of being hacked.

By David Jones • Feb. 7, 2023

Ransomware attack spree hits thousands of VMware servers

Cyber authorities linked the attacks, dubbed ESXiArgs, to a two-year-old VMware vulnerability. At least 2,250 machines have been compromised.

By Matt Kapko • Feb. 6, 2023

CVEs expected to rise in 2023, as organizations still struggle to patch

Most CVEs are exploited within 30 days of public disclosure, a Coalition report found, spelling trouble for organizations trying to shore up their defenses.

By David Jones • Feb. 3, 2023

Industrial organizations may worry too much about ICS vulnerabilities

The pressure to constantly patch is more likely to damage industrial plants, Dragos CEO Robert M. Lee said.

By Matt Kapko • Jan. 27, 2023

Exchange Server under pressure as opportunistic actors step up attacks

Bitdefender Labs warns threat actors are using the ProxyNotShell/OWASSRF exploit chains to launch attacks.

By David Jones • Jan. 25, 2023

Almost half of critical manufacturing organizations face significant risk of data breach

A report presented at the World Economic Forum shows key sectors are under pressure from rising vulnerabilities and a slower rate of patching.

By David Jones • Jan. 23, 2023

Four Microsoft Azure services found vulnerable to server-side request forgery

Researchers from Orca Security said no authentication was required in two of the four instances.

By David Jones • Jan. 17, 2023

Citrix flaw exploited in ransomware attack against small US business

Threat actors linked to ransomware group Royal are actively exploiting a vulnerability in two Citrix products, researchers found.

By David Jones • Jan. 13, 2023

Open-source repository risk amplified on GitHub

Inconsistent or delayed code commits create risk as repositories age, Veracode research found.

By Matt Kapko • Jan. 12, 2023

CISA adds Exchange Server, Windows vulnerabilities to catalog of exploited CVEs

The Exchange Server vulnerability was linked to a December ransomware attack against Rackspace.

By David Jones • Jan. 11, 2023

Rackspace confirms ransomware attack hit a small percentage of its Hosted Exchange customers

The cloud services firm said an investigation found no evidence the attackers read, misused or disseminated customer data or emails.

By David Jones • Jan. 6, 2023

Rackspace identifies ransomware threat actor behind December attack via Exchange

CrowdStrike previously connected Play, the threat actor, to a new Outlook Web Access exploit method used in multiple attacks. 

By David Jones • Jan. 3, 2023

Cybersecurity trends in 2023 that will directly impact everyday life

The scale of cyberthreats are growing, spilling into the mainstream. In 2023, expect the spotlight to add pressure to businesses that have underinvested in security. 

By Sue Poremba • Jan. 3, 2023

New exploit for Microsoft’s ProxyNotShell mitigation side steps fix

CrowdStrike researchers discovered a new attack method by the Play ransomware actors that uses Outlook Web Access and leverages additional tools to maintain access. 

By David Jones • Dec. 22, 2022

MacOS vulnerability allows threat actors to bypass Apple Gatekeeper

Microsoft researchers found a flaw in macOS systems, which can even overcome security features designed to protect high-risk users in Lockdown Mode.

By David Jones • Dec. 20, 2022

Threat actor exploits critical Citrix vulnerability

CISA and the NSA quickly issued advisories on the vulnerability, underscoring evidence that a threat actor, active for at least 15 years, is exploiting the flaw.

By Matt Kapko • Dec. 13, 2022

Fortinet urges customers to upgrade systems amid critical vulnerability

A heap-based buffer overflow vulnerability has been exploited in the wild and could allow an attacker to gain control of a system.

By David Jones • Dec. 13, 2022