The Latest

• 

  Cyber insurance gaps stick firms with millions in uncovered losses

  A CYE analysis of 101 breaches across various sectors revealed insurance gaps resulting in an average of $27.3 million in uncovered losses per incident.

  Strategy

• 

  NSA sounds alarm on AI’s cybersecurity risks

  Attack vectors unique to AI may attract malicious actors on the hunt for sensitive data or intellectual property, the NSA warned.

  Threats

• 

  Palo Alto Networks warns firewall exploits are spreading

  Attempted exploits and attacks linked to the zero-day vulnerability, which has a CVSS of 10, grew after proof of concepts were released.

  Vulnerability

• 

  Opinion

  The art of threat modeling: 3 frameworks to know

  Organizations should use the frameworks in a manual or automated way to better understand the security threats they’re up against, Gartner’s William Dupre writes. 

  Strategy

• 

  Cisco Duo MFA codes exposed in third-party breach

  About 1% of the MFA and single sign-on provider’s business customers are impacted. An attacker intruded the third-party vendor’s systems via phishing.

  Breaches

• 

  UnitedHealth expects up to $1.6B hit from Change cyberattack this year

  Investors on Tuesday got a clearer picture of the cyberattack's financial fallout on the healthcare juggernaut. Some said it wasn't as bad as they'd feared.

  Cyberattacks

• 

  Fears rise of social engineering campaign as open source community spots another threat

  Federal officials are said to be investigating potential links between the recent XZ Utils campaign and new threat activity against JavaScript project maintainers.

  Threats

• 

  Palo Alto Networks fixes maximum severity, exploited CVE in firewalls

  The security vendor said a “limited number of attacks” were linked to the exploited vulnerability. Volexity observed exploits dating back to March 26.

  Breaches

• 

  Top officials again push back on ransom payment ban

  In lieu of a ban, the Institute for Security and Technology advises governments to achieve 16 milestones, most of which are already in place or in the works.

  Strategy

• 

  ChatGPT grabs the shadow IT crown: report

  Generative AI tools emerged as the latest villain in the enterprise battle to curb SaaS bloat and rationalize software portfolios, Productiv analysis found.

  Strategy

• 

  CISA to big tech: After XZ Utils, open source needs your support

  The attempted malicious backdoor may have been part of a wider campaign using social engineering techniques, the open source community warned.

  Strategy

• 

  Federal agencies caught sharing credentials with Microsoft over email

  U.S. government agencies are in jeopardy of Russia-linked cyberattacks, and although CISA isn’t aware of any compromised environments, officials warn the risk is exigent.

  Cyberattacks

• 

  With Sisense compromise, the race begins to understand the impact

  CISA is working with private industry partners to investigate the attack on the data analytics platform with particular concern about the impact on critical infrastructure. 

  Breaches

• 

  FBI director echoes past warnings, as critical infrastructure hacking threat festers

  Chris Wray says adversaries from China, Russia and Iran are ramping up cyber, espionage and other threat activity against key sectors, including water, energy and telecommunications.

  Threats

• 

  Cybersecurity jobs pay well, but gender disparities persist

  ISC2’s analysis found significant financial upside for professionals in U.S. cybersecurity jobs, but there are gaps across levels of seniority by gender.

  Leadership & Careers

• 

  What’s going on with the National Vulnerability Database?

  CVE overload and a lengthy backlog has meant the federal government’s repository of vulnerability data can’t keep up with today’s threat landscape.

  Vulnerability

• 

  Microsoft embraces common weakness enumeration standard for vulnerability disclosure

  The policy change is part of the company's wider effort to improve security practices and become more transparent following years of scrutiny. 

  Vulnerability

• 

  CISO role shows significant gains amid corporate recognition of cyber risk

  A report from Moody’s Ratings shows CISOs and other senior-level cyber executives have become key decision makers within the C-suite. 

  Strategy

• 

  Mandiant spots advanced exploit activity in Ivanti devices

  The incident response firm identified eight threat groups targeting the remote access VPNs and observed evolved post-exploitation activity.

  Vulnerability

• 

  Change Healthcare asks to consolidate dozens of cyberattack class-action lawsuits

  Lawsuits against the UnitedHealth subsidiary are racking up following a cyberattack against the technology firm in late February.

  Cyberattacks

• 

  Industry stakeholders seek 30-day delay for CIRCIA comments deadline

  Industry officials are asking for additional time to comb through hundreds of pages of detailed rules about disclosure of covered cyber incidents and ransom payments.

  Strategy

• 

  D-Link tells customers to sunset actively exploited storage devices

  The networking hardware vendor advised owners of the affected devices to retire and replace them. There is no patch available for the vulnerability.

  Vulnerability

• 

  Omni Hotels & Resorts hit by cyberattack

  The hotel chain has been responding to the attack since March 29, when it shut down some of its systems.

  Cyberattacks

• 

  CISA assessing threat to federal agencies from Microsoft adversary Midnight Blizzard

  Microsoft previously warned that the Russia-linked threat group was expanding malicious activity following the hack of senior company executives, which it disclosed in January.

  Breaches

• 

  Cybersecurity venture funding remains weak, near three-year low

  Quarterly funding levels hit $2.3 billion in Q1 2024, a far cry from the $8 billion high the market achieved in the final quarter of 2021, according to Pinpoint Search Group.

  Strategy

More stories