The Latest
-
gorodenkoff via Getty Images
With Sisense compromise, the race begins to understand the impact
CISA is working with private industry partners to investigate the attack on the data analytics platform with particular concern about the impact on critical infrastructure.
-
Lee Pellegrini, Boston College
FBI director echoes past warnings, as critical infrastructure hacking threat festers
Chris Wray says adversaries from China, Russia and Iran are ramping up cyber, espionage and other threat activity against key sectors, including water, energy and telecommunications.
-
gorodenkoff via Getty Images
Cybersecurity jobs pay well, but gender disparities persist
ISC2’s analysis found significant financial upside for professionals in U.S. cybersecurity jobs, but there are gaps across levels of seniority by gender.
-
Courtesy of NIST
What’s going on with the National Vulnerability Database?
CVE overload and a lengthy backlog has meant the federal government’s repository of vulnerability data can’t keep up with today’s threat landscape.
-
Stephen Brashear via Getty Images
Microsoft embraces common weakness enumeration standard for vulnerability disclosure
The policy change is part of the company's wider effort to improve security practices and become more transparent following years of scrutiny.
-
gorodenkoff via Getty Images
CISO role shows significant gains amid corporate recognition of cyber risk
A report from Moody’s Ratings shows CISOs and other senior-level cyber executives have become key decision makers within the C-suite.
-
Andrew Brookes
Mandiant spots advanced exploit activity in Ivanti devices
The incident response firm identified eight threat groups targeting the remote access VPNs and observed evolved post-exploitation activity.
-
Schweikert, John. (2022). [Photograph]. Retrieved from U.S. Courts.
Change Healthcare asks to consolidate dozens of cyberattack class-action lawsuits
Lawsuits against the UnitedHealth subsidiary are racking up following a cyberattack against the technology firm in late February.
-
onurdongel via Getty Images
Industry stakeholders seek 30-day delay for CIRCIA comments deadline
Industry officials are asking for additional time to comb through hundreds of pages of detailed rules about disclosure of covered cyber incidents and ransom payments.
-
Just_Super via Getty Images
D-Link tells customers to sunset actively exploited storage devices
The networking hardware vendor advised owners of the affected devices to retire and replace them. There is no patch available for the vulnerability.
-
Techa Tungateja via Getty Images
Omni Hotels & Resorts hit by cyberattack
The hotel chain has been responding to the attack since March 29, when it shut down some of its systems.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA assessing threat to federal agencies from Microsoft adversary Midnight Blizzard
Microsoft previously warned that the Russia-linked threat group was expanding malicious activity following the hack of senior company executives, which it disclosed in January.
-
adventtr via Getty Images
Cybersecurity venture funding remains weak, near three-year low
Quarterly funding levels hit $2.3 billion in Q1 2024, a far cry from the $8 billion high the market achieved in the final quarter of 2021, according to Pinpoint Search Group.
-
gorodenkoff via Getty Images
Ivanti pledges security overhaul after critical vulnerabilities targeted in lengthy exploit spree
CEO Jeff Abbott said significant changes are underway. The beleaguered company committed to improve product security, share learnings and be more responsive to customers.
-
Nikada / Getty Images via Getty Images
What CISA wants to see in CIRCIA reports
The most consequential federal critical infrastructure cyber incident regulation will be on the books in 18 months. Here are some of CIRCIA's main asks.
-
Jeenah Moon via Getty Images
Microsoft Exchange state-linked hack entirely preventable, cyber review board finds
The technology giant’s corporate culture fell short on security investments and risk management, and needs significant reforms, according to a damning report by the U.S. Cyber Safety Review Board.
-
Wirestock via Getty Images
Motivations behind XZ Utils backdoor may extend beyond rogue maintainer
Security researchers are raising questions about whether the actor behind an attempted supply chain attack was engaged in a random, solo endeavor.
-
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA asserts no data stolen during Ivanti-linked attack on the agency
Threat actors gained access to and potentially compromised two CISA systems weeks after the agency applied Ivanti’s initial mitigation measures.
-
Justin Sullivan / Staff via Getty Images
AT&T hit with class action suit over massive data breach
The breach was a “direct result” of AT&T’s failure to implement adequate cybersecurity procedures, the suit alleges.
-
Techa Tungateja via Getty Images
Red Hat warns of backoor in widely used Linux utility
With a CVSS of 10, CISA urged users and developers to downgrade to an uncompromised version, search for any malicious activity and report findings back to the agency.
-
Chip Somodevilla via Getty Images
Progress Software continues to cooperate with SEC probe into MOVEit exploitation
The company said it still cannot quantify the potential impact of multiple government agency inquiries.
-
Mshake via Getty Images
What’s missing for SMBs? A solid cybersecurity culture
Small businesses can be especially vulnerable to cyberattacks because of their limited resources, and few have employees on staff who truly understand the value of secure business operations.
-
AzmanL via Getty Images
Boards need to brush up on cybersecurity governance, survey finds
SEC cyber disclosure rules are calling attention to corporate boards’ need to enhance their approach to cybersecurity oversight and compliance.
-
Courtesy of Billington CyberSecurity Summit
Water woes: A federal push for cyber mitigation is highlighting the sector’s fault lines
The water utility industry says they recognize the heightened threat environment, but the current federal push fails to account for their resource constraints.
-
Alex Wong via Getty Images
How CISO salaries are faring as businesses ask more of security
As CISOs become more welcomed as full members of the C-suite, they are enjoying the compensation and perks that come with the status.
