Open source blind trust the culprit in ethical breach of 35 companies

Microsoft, one of the breached companies, encourages organizations to use controlled scopes, namespaces or prefixes to protect package names.

By Samantha Schwartz • Feb. 10, 2021

SolarWinds fallout turns security eye to Microsoft Office 365

Office 365 has been linked to incidents ranging from points of compromise to the unauthorized email access of government officials.

By David Jones • Feb. 9, 2021

SolarWinds security to-do list post hack

One of the first changes security teams need to make is in how they consider adversaries' capabilities: Always assume the perimeter has been breached.

By Samantha Schwartz • Feb. 5, 2021

3 severe SolarWinds bugs found, patches available

There is currently no evidence to suggest the vulnerabilities were exploited; they are unrelated to the recent hack, Trustwave found.

By Samantha Schwartz • Updated Feb. 4, 2021

Cyberattacks cost financial firms $4.7M on average last year: report

Weak endpoints and a lack of policy enforcement are imposing extra costs on companies as home-based workers remain vulnerable.

By David Jones • Jan. 28, 2021

Malwarebytes attack linked to SolarWinds' nation-state actors, CEO says

Microsoft notified the cybersecurity firm of a compromise involving Office 365 and Azure consistent with prior nation-state attacks.

By David Jones • Jan. 20, 2021

Financial services companies embrace cloud as security concerns grow

Equifax CISO and a study from Nutanix address how investing in cloud security helps to protect sensitive financial data.

By David Jones • Jan. 15, 2021

Use enterprise-grade tools for encrypted DNS, the NSA warns

Unless only an enterprise tool is used, businesses will lose some of the control governing DNS usage on their networks. 

By Naomi Eide • Jan. 15, 2021

Legacy, nameless vulnerabilities are slipping by companies unpatched

Making the distinction between severe and low-priority vulnerabilities is becoming more challenging.

By Samantha Schwartz • Jan. 14, 2021

Healthcare industry sitting on ticking time bomb of web application attacks

Healthcare organizations were hit by an average of nearly 500 web application attacks each every month in 2020, according to an Imperva report.

By Samantha Schwartz • Jan. 12, 2021

Report: Officials investigating possible role of SolarWinds' vendor in compromise

The investigation is centered around whether JetBrains' software development tools are a conduit for compromise. The company has said it is unaware of the investigation. 

By Samantha Schwartz • Jan. 7, 2021

SolarWinds attack leads to renewed focus on IT relationships with corporate boards

Corporate governance and cybersecurity experts say IT officials need to clearly and regularly communicate potential risks and liabilities ahead of the next crisis. 

By David Jones • Jan. 7, 2021

Federal task force says Russia likely actor behind SolarWinds attack

As investigations continue, agencies are working to preserve private-sector trust.

By David Jones , Samantha Schwartz • Jan. 5, 2021

Fast-growing gaming industry faces rising threat of account compromise

A report from KELA shows one million compromised accounts and thousands of leaked employee credentials in underground markets. 

By David Jones • Jan. 5, 2021

Microsoft's latest SolarWinds discovery highlights systemic supply chain weaknesses

Organizations are rushing to mitigate the full extent of the damage from compromise discovered three weeks ago. 

By Naomi Eide • Jan. 4, 2021

Known vulnerabilities for 2020 already surpassed 2019's total

IT teams are often responsible for deploying the patches security teams deem most critical. When patches are missed, it could render even unassuming DOC or RTF files dangerous.

By Samantha Schwartz • Dec. 18, 2020

After years in the lab, IBM ready to take homomorphic encryption into the mainstream

Increased use of hybrid cloud and a successful pilot program help build the case for processing highly-encrypted data in transit.

By David Jones • Dec. 18, 2020

FireEye killswitch stops SolarWinds hack

After identifying the supply chain attack against SolarWinds, the security firm partnered with Microsoft and GoDaddy to block malware from further operation.

By David Jones • Dec. 16, 2020

COVID-19 vaccine supply chain has cyberthreats hidden in plain sight

Outdated systems throughout vaccine distribution logistics carry unprecedented cyberthreats. 

By Samantha Schwartz • Dec. 16, 2020

SolarWinds Orion vulnerability: What security teams need to know

As SolarWinds and investigators seek answers on the extent of the Orion vulnerability's impact, experts say the attack raises broader questions about readiness.

By David Jones • Dec. 15, 2020

Former Goldman Sachs exec joins Google Cloud as CISO

In his role, Phil Venables will oversee risk within the Google Cloud business and secure customer migrations. 

By Samantha Schwartz • Dec. 15, 2020

IT execs face growing pressure to balance security with productivity

Companies are caught between competing interests as remote workers offset digital security needs with work-life balance.

By David Jones • Dec. 14, 2020

NSA calls out Russia-backed exploit of VMware virtual workspace platform

Network administrators in defense and national security were warned to patch systems where bad actors can gain access to data.

By David Jones • Dec. 8, 2020

GE medical imaging devices impacted by critical cyber vulnerability

Dozens of products including CT scanners and MRI machines are susceptible to hackers gaining access to sensitive health data and disrupting operations, according to CyberMDX. GE says there is no risk to patient safety.

By Greg Slabodkin • Dec. 8, 2020

IoT cyber bill clears Congress — what's next for industry players?

Long-awaited legislation is seen as a springboard to widespread adoption of standards across the booming connected-devices industry.

By David Jones • Dec. 3, 2020