Decade-old router flaw allows cross-network access, Tenable finds

Threat actors are actively exploiting the vulnerability, which impacts millions of devices across 11 countries and raises questions about the extent of undiscovered supply chain weaknesses.

By David Jones • Updated Aug. 10, 2021

A security expert's guide to the top-exploited vulnerabilities

The biggest and baddest ransomware groups love an easy vulnerability.

By Samantha Schwartz • Aug. 4, 2021

Security leaders don't control budgets, even with mounting threats

The majority of security leaders say their budget is insufficient to invest in the right technologies, research from LogRhythm and Ponemon Institute shows.

By Jen A. Miller • July 29, 2021

How 3 critical infrastructure security executives manage vulnerabilities

Assessment of risk and strategy depends on the technologies or services companies use for vulnerability alerts, according to executives during a Dragos webcast.

By Samantha Schwartz • July 26, 2021

Lack of visibility leaves critical infrastructure vulnerable to ransomware

Corporate executives approve massive payouts to attackers because they see few options to quickly restore business operations, according to security experts.

By David Jones • July 22, 2021

WFH shift tests resilience of financial services amid surge in phishing, ransomware

The Financial Stability Board warned the sector must remain vigilant amid new cyber risks and dependence on third-party technologies.

By David Jones • July 16, 2021

Failure to patch could unleash a real (print)nightmare

If the vulnerability remains unpatched, it's a ripe target for malicious actors to escalate privileges and the perfect ingredient for an exploit kit.

By Naomi Eide • Updated Aug. 11, 2021

Kaseya postpones service restoration, apologizes for attack

Outside engineers warned that Kaseya needs additional layers of protection as pre-existing vulnerabilities are revealed.

By David Jones • July 8, 2021

34% of health organizations hit by ransomware last year, report finds

Of those attacked, 65% said the cybercriminals were successful in encrypting their data, according to the report from cybersecurity company Sophos.

By Rebecca Pifer • June 30, 2021

Gaps in DOD supply chain leave Pentagon vulnerable: report

SMBs in the defense industry remain vulnerable to persistent threats, and research shows a large percentage are missing the security basics, including data storage security.

By David Jones • June 24, 2021

Legacy medical devices, growing hacker threats create perfect storm of cybersecurity risks

Hospitals are using more connected devices, many of which were not built with cybersecurity in mind, leaving healthcare organizations highly vulnerable to attacks.

By Greg Slabodkin • June 23, 2021

Attacks against container supply chains grow more sophisticated

Bad actors are finding novel methods of attacking cloud-native environments, raising new security challenges for developers. 

By David Jones • June 21, 2021

VPN exploitation rose in 2020, organizations slow to patch critical flaws

RDP and VPNs will remain a prime target for cybercriminals as remote and hybrid work continue, Trustwave said.

By Samantha Schwartz • June 18, 2021

Critical infrastructure sites face greater cyberthreat amid remote connectivity

Moody's warns oil, electric and other critical infrastructure providers are increasingly attractive targets for ransomware.

By David Jones • June 18, 2021

CISOs, CIOs see heightened mobile security threat amid shift to hybrid

Mobile devices are difficult to secure because of a combination of untrusted personal apps and data stored on the same device, one security expert said.

By David Jones • June 16, 2021

Patched Microsoft Teams vulnerability shows the delicacy of messaging platforms

A researcher said the patched vulnerability could have granted access to files in OneDrive and the ability to execute business email compromise.

By David Jones • June 15, 2021

APT actors ramp up cyber campaign targeting Pulse Secure VPNs

Mandiant researchers have identified four new malware families in an ongoing campaign targeting several key sectors, including the U.S. defense industry.

By David Jones • May 28, 2021

Compromised cloud costs companies $6.2M annually, study finds

Attackers heavily target Microsoft 365 and Google Workspace accounts using brute force or phishing attacks, according to Ponemon Institute research.

By David Jones • May 27, 2021

Threat actors scan for vulnerabilities faster than enterprises can respond: Palo Alto

Within five minutes of Microsoft's March disclosure of Exchange zero days, cyber adversaries began scanning networks for the flaw, research found. 

By David Jones • May 26, 2021

Off-the-shelf tools, unsophisticated techniques threaten industrial systems

Attacks have targeted internet-exposed OT providers that range from water control systems to solar energy panels, Mandiant research found.

By David Jones • May 25, 2021

AI will change scale and scope of hacking, security expert says

Artificial intelligence could push the boundaries of hacking in ways that increase risk, according to security thought leader Bruce Schneier. But, AI could also boost defenses. 

By David Jones • May 18, 2021

Colonial Pipeline disconnects OT systems to silo ransomware IT threat

Anxiety is rising among corporate security officials concerned about the impact of ransomware among critical infrastructure providers.

By David Jones • May 12, 2021

Critical infrastructure flaws surface after years of underinvestment, inaction

Providers — particularly in the energy sector — knew the warning signs but were slow to respond.

By David Jones • May 11, 2021

Demand for software transparency grows in more vulnerable supply chains

Catching vulnerabilities before the code is packaged into proprietary solutions has industry at a standstill.

By Samantha Schwartz • May 11, 2021

VPN vulnerabilities haunt defense industry as threat actors find new openings

APT actors have exploited longstanding vulnerabilities in Pulse Secure and other devices to gain access to government agencies and the private sector. 

By David Jones • May 10, 2021