Vulnerability: Page 29


  • A man looks at lines of code depicted on a computer screen
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    25% of utilities exposed to SolarWinds hack amid growing ICS vulnerabilities, analysts say

    Security experts warn it may be too soon to tell whether follow-on activity has occurred.

    By Robert Walton • April 16, 2021
  • Image attribution tooltip
    Sean Gallup via Getty Images
    Image attribution tooltip

    Poor management of privileged accounts leaves organizations open to attack

    Access gaps open the door for malicious threat actors to hide inside the corporate systems using trusted identities to exfiltrate data. 

    By April 15, 2021
  • Feds launch coordinated effort to mitigate remaining Microsoft Exchange flaws

    A court-approved operation to remove web shells coincided with a push to get government and private sector systems patched with critical security updates.

    By April 14, 2021
  • Image attribution tooltip
    Getty Images
    Image attribution tooltip

    100M devices susceptible to NAME:WRECK DNS vulnerabilities, researchers say

    Each vulnerability could lead to a denial of service attack, or an attacker could take control of a susceptible device through remote code execution.

    By Samantha Schwartz • April 14, 2021
  • A Black man working on a laptop
    Image attribution tooltip
    Ono Kosuki. Retrieved from Pexels.
    Image attribution tooltip

    Half of business continuity changes hurt cybersecurity, study shows

    Companies take a second look at security practices after business pressures put mobile security at risk, a Verizon report shows.

    By April 12, 2021
  • Image attribution tooltip
    Getty
    Image attribution tooltip

    Enterprise security leaders fear rising AI use among threat actors: report

    Some experts are urging companies to incorporate AI into their cyber defense strategies, while others view the threat of AI as overhyped marketing.

    By April 9, 2021
  • woman uses a computer while sitting on a couch
    Image attribution tooltip
    Wormwood, Matilda. Retrieved from Pexels.
    Image attribution tooltip

    VPN security falls short as demand increases for remote workforce at scale

    Despite repeated warnings, enterprise customers have fallen behind on patching and upgrades as internal productivity needs take priority. 

    By April 7, 2021
  • Close up of a person typing on a laptop
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Employees can't quit habit of writing down, sharing passwords

    Amid heightened threats, workers are incorporating company names into passwords, writing them on sticky notes and sharing them via email.

    By April 6, 2021
  • Illustration of locks layered above circuity.
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Half of companies lack security to support cloud-based IAM: report

    Almost all (98%) of IT executives report challenges with IAM sourced from the cloud, including lack of visibility and increased complexity.

    By April 1, 2021
  • Enterprises lag on firmware security spending in face of rising threat

    IT security officials are often more worried about the difficulty of detecting malware threats, in part because firmware attacks are hard to catch, a Microsoft-commissioned report found. 

    By April 1, 2021
  • Molson Coors incident shines a light on industrial cyberattack vulnerabilities

    The international brewery continues to face delays and financial impacts amid a wave of attacks against manufacturing.

    By March 30, 2021
  • Security leaders: Expect more insider data leaks, threats in 2021

    The rise stems from a lack of accurate insight from data loss prevention and cloud access security broker technologies.

    By March 29, 2021
  • To combat open source insecurity, companies need tech and leadership

    With software dependencies commonplace, it's up to industry to clear a path to greater supply chain security in software.

    By Samantha Schwartz • March 26, 2021
  • Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Spending on IAM, zero trust to rise as companies extend remote work

    The shift to remote work placed more pressure on IT and security departments to secure corporate data without interrupting productivity.

    By March 23, 2021
  • SolarWinds threat actors accessing Microsoft 365 by altering permissions

    Mandiant observed a threat actor linked to the SolarWinds campaign using a stealthy approach to read email in targeted mailboxes.

    By March 22, 2021
  • Opinion

    Prioritizing risk in M&A due diligence in the COVID-19 era, and beyond

    Imagine acquiring a company with an infected network, and then connecting your company to that flawed network. That can introduce serious issues into a previously protected company. 

    By Ray Rothrock • March 22, 2021
  • A man looks at lines of code depicted on a computer screen
    Image attribution tooltip
    Getty Images
    Image attribution tooltip

    Microsoft Exchange fixes arrive, but some companies lack IT resources to repair

    Security specialists and managed-service providers are filling the void at thousands of small firms that operate with limited IT and cybersecurity staffing. 

    By March 19, 2021
  • Image attribution tooltip
    Getty
    Image attribution tooltip

    Federal watchdog warns of cybersecurity risks to employee retirement plans

    Fiduciaries might not realize they could be liable for losses they were obligated to prevent, the Government Accountability Office says. 

    By Jim Tyson • March 18, 2021
  • Mimecast migrates to Cisco following supply chain attack

    A forensic investigation with FireEye's Mandiant unit confirmed the SolarWinds threat actor did not modify Mimecast's source code.

    By March 17, 2021
  • Ransomware targeting Microsoft Exchange echoes WannaCry — with a human element

    This isn't the first time nation-state exploit kits were released and other bad actors took advantage.

    By Samantha Schwartz • March 16, 2021
  • Image attribution tooltip
    Getty Images
    Image attribution tooltip

    White House looks to tighten private sector coordination, gain infrastructure insight

    Following the Microsoft Exchange and SolarWinds attacks, the Biden administration is taking steps to close visibility gaps and encourage rapid intelligence sharing by private sector companies. 

    By March 15, 2021
  • Microsoft deploys more updates to contain Exchange server fallout

    The FBI and CISA are warning of additional threats from nation states and threat actors as patching and security updates leave many vulnerable companies exposed. 

    By March 12, 2021
  • Image attribution tooltip
    Kendall Davis/Cybersecurity Dive
    Image attribution tooltip

    Enterprises scramble to secure Microsoft Exchange as cybercriminals rush in

    Researchers fear, more than two months after the threat was discovered, criminal hackers have had plenty of time to loot data or plant undetected seeds of compromise.

    By March 10, 2021
  • Image attribution tooltip
    Getty Images
    Image attribution tooltip

    How do companies assess risk? It's a system-by-system question

    Every piece of technology is vulnerable to threat actors, but each organization and cybersecurity team decides which software and technology adds risk to its business operations.

    By Sue Poremba • March 9, 2021
  • Microsoft Exchange server compromise escalates as mitigation efforts fall short

    Officials warn that patching may not fix compromised systems, while tens of thousands of customers are potentially at risk.

    By March 8, 2021