Federal watchdog warns of cybersecurity risks to employee retirement plans

Fiduciaries might not realize they could be liable for losses they were obligated to prevent, the Government Accountability Office says. 

By Jim Tyson • March 18, 2021

Mimecast migrates to Cisco following supply chain attack

A forensic investigation with FireEye's Mandiant unit confirmed the SolarWinds threat actor did not modify Mimecast's source code.

By David Jones • March 17, 2021

Ransomware targeting Microsoft Exchange echoes WannaCry — with a human element

This isn't the first time nation-state exploit kits were released and other bad actors took advantage.

By Samantha Schwartz • March 16, 2021

White House looks to tighten private sector coordination, gain infrastructure insight

Following the Microsoft Exchange and SolarWinds attacks, the Biden administration is taking steps to close visibility gaps and encourage rapid intelligence sharing by private sector companies. 

By David Jones • March 15, 2021

Microsoft deploys more updates to contain Exchange server fallout

The FBI and CISA are warning of additional threats from nation states and threat actors as patching and security updates leave many vulnerable companies exposed. 

By David Jones • March 12, 2021

Enterprises scramble to secure Microsoft Exchange as cybercriminals rush in

Researchers fear, more than two months after the threat was discovered, criminal hackers have had plenty of time to loot data or plant undetected seeds of compromise.

By David Jones • March 10, 2021

How do companies assess risk? It's a system-by-system question

Every piece of technology is vulnerable to threat actors, but each organization and cybersecurity team decides which software and technology adds risk to its business operations.

By Sue Poremba • March 9, 2021

Microsoft Exchange server compromise escalates as mitigation efforts fall short

Officials warn that patching may not fix compromised systems, while tens of thousands of customers are potentially at risk.

By David Jones • March 8, 2021

Exploited Microsoft Exchange campaign hits hundreds of organizations, researchers find

The nation-state campaign, which Microsoft has linked to China, have targeted on-premises Exchange server vulnerabilities to steal U.S. enterprise data. 

By David Jones • March 3, 2021

Companies overestimate ability to manage remote worker security

Employees working outside the office are granted excessive access privileges and are falling prey to phishing attacks, research from Tanium and PSB Insights found.

By David Jones • March 2, 2021

Google Cloud enters cyber insurance collaboration with Allianz, Munich Re

The agreement comes amid increased financial pressure on the cyber insurance industry due to a rise in ransomware and the historic nation-state attack against SolarWinds.

By David Jones • March 2, 2021

Legacy tech, privacy and security issues bog down healthcare innovation

The pandemic drove hospitals and healthcare facilities to further rely on connected devices, increasing the potential for vulnerabilities in the process.

By Roberto Torres • Feb. 26, 2021

Researchers find vulnerabilities inside multiple virtual event, business platforms

Two of the top five virtual event sites leaked personal information or exposed databases to potential remote code execution.

By David Jones • Feb. 25, 2021

FireEye identifies 2 threat activity clusters behind Accellion hack

The security firm has labeled one activity cluster for exploiting the FTA vulnerabilities and the other for extortion.

By Samantha Schwartz • Feb. 23, 2021

Water system hack reveals thousands of organizations vulnerable to Window 7 exposure

Critical infrastructure providers and SMBs continue to operate the outdated Microsoft OS without security updates and patches.

By David Jones • Feb. 19, 2021

Organizations running SolarWinds Orion online drops 25% since December: report

A report by RiskRecon shows only 8% of entities operating on the internet actually upgraded to later versions based on SolarWinds security recommendations.

By David Jones • Feb. 12, 2021

Open source blind trust the culprit in ethical breach of 35 companies

Microsoft, one of the breached companies, encourages organizations to use controlled scopes, namespaces or prefixes to protect package names.

By Samantha Schwartz • Feb. 10, 2021

SolarWinds fallout turns security eye to Microsoft Office 365

Office 365 has been linked to incidents ranging from points of compromise to the unauthorized email access of government officials.

By David Jones • Feb. 9, 2021

SolarWinds security to-do list post hack

One of the first changes security teams need to make is in how they consider adversaries' capabilities: Always assume the perimeter has been breached.

By Samantha Schwartz • Feb. 5, 2021

3 severe SolarWinds bugs found, patches available

There is currently no evidence to suggest the vulnerabilities were exploited; they are unrelated to the recent hack, Trustwave found.

By Samantha Schwartz • Updated Feb. 4, 2021

Cyberattacks cost financial firms $4.7M on average last year: report

Weak endpoints and a lack of policy enforcement are imposing extra costs on companies as home-based workers remain vulnerable.

By David Jones • Jan. 28, 2021

Malwarebytes attack linked to SolarWinds' nation-state actors, CEO says

Microsoft notified the cybersecurity firm of a compromise involving Office 365 and Azure consistent with prior nation-state attacks.

By David Jones • Jan. 20, 2021

Financial services companies embrace cloud as security concerns grow

Equifax CISO and a study from Nutanix address how investing in cloud security helps to protect sensitive financial data.

By David Jones • Jan. 15, 2021

Use enterprise-grade tools for encrypted DNS, the NSA warns

Unless only an enterprise tool is used, businesses will lose some of the control governing DNS usage on their networks. 

By Naomi Eide • Jan. 15, 2021

Legacy, nameless vulnerabilities are slipping by companies unpatched

Making the distinction between severe and low-priority vulnerabilities is becoming more challenging.

By Samantha Schwartz • Jan. 14, 2021