The Latest

• 

  Enterprise executives cite AI-assisted attacks as top emerging risk, Gartner finds

  The analyst firm’s survey underscores growing concern about potential, yet unrealized, scenarios involving AI’s potential role in attacks.

  Strategy

• 

  SEC cyber rules could survive regardless of election outcome, experts say

  As the U.S. presidential election looms, cybersecurity remains a bipartisan focus, experts said during a joint CFO Dive and CIO Dive live event.

  Policy & Regulation

• 

  Executives worry over aging IT systems

  Despite ongoing modernization efforts, tech debt is still hindering mission-critical infrastructure, according to Kyndryl.

  Strategy

• 

  CISA warns of foreign threat group launching spearphishing campaign using malicious RDP files

  Midnight Blizzard has targeted more than 100 organizations across government, IT and academia, in some cases impersonating Microsoft employees.

  Cyberattacks

• 

  As presidential election looms, disparate approaches to cyber policy come into focus

  Government officials and security leaders are hoping the nation’s need for cyber resilience will stand on bipartisan cooperation and transcend partisan politics regardless of the election results. 

  Strategy

• 

  Fortinet finds more malicious IPs linked to widely exploited zero-day

  The cybersecurity vendor said the additional indicators of compromise don’t reflect any major changes. Researchers warn thousands of devices remain exposed.

  Vulnerability

• 

  MoneyGram replaces CEO, naming former Walmart executive to the role

  The money transfer company named the new CEO just weeks after a cyberattack led to a systemwide shutdown of its services for several days.

  Cyberattacks

• 

  UnitedHealth Group names new CISO 8 months after massive ransomware attack

  Longtime security leader Tim McKnight joins the beleaguered healthcare giant, succeeding Steven Martin, who was appointed chief restoration officer.

  Leadership & Careers

• 

  CISA rolls out international strategic plan to bolster cyber cooperation

  The agency is looking to strengthen intel sharing with key cyber partners, raise security standards and ensure a more resilient global supply chain. 

  Strategy

• 

  Cyber task force has a long to-do list for next president

  The change in leadership presents an opportunity to assess what’s working, where adjustments could be made and areas that are in most need of prioritization, the McCrary Institute said.

  Policy & Regulation

• 

  Poor vulnerability management could indicate larger cyber governance issues, S&P says

  Companies that fail to properly mitigate security vulnerabilities are leaving themselves open to malicious activity, the research firm said.

  Vulnerability

• 

  Delta, CrowdStrike file dueling lawsuits as squabble continues

  The airline seeks to recover damages of more than $500 million in the aftermath of a disruptive IT outage in July. The software provider is looking to hold its liability to the terms of its service agreement.

  Strategy

• 

  Feds probe China-linked attacks on US telecom networks

  The government’s public acknowledgment of the China-linked attacks follows a series of warnings about a broad and successful campaign to hack U.S. critical infrastructure.

  Cyberattacks

• 

  Cisco warns actively exploited CVE can lead to DoS attacks against VPN services

  The company warned the threat activity is linked to previously disclosed brute-force attacks beginning in March.

  Vulnerability

• 

  SonicWall firewalls the common access point in spreading ransomware campaign

  Arctic Wolf Labs researchers said SonicWall firewalls were the initial access point for at least 30 ransomware attacks since August.

  Cyberattacks

• 

  Microsoft CEO asked board to cut pay in connection with security overhaul

  Yet, Satya Nadella's fiscal 2024 compensation far exceeded 2023 thanks to Microsoft's strong market performance. 

  Strategy

• 

  Change Healthcare data breach officially affects 100M people

  The breach is the largest ever reported to a portal managed by federal regulators.

  Breaches

• 

  Fortinet zero-day attack spree hits at least 50 customers

  Active exploits of a critical vulnerability in FortiManager began in late June, Mandiant said. Firewall credentials and configuration data have been stolen.

  Cyberattacks

• 

  Despite improved workplace culture, tech workers still eye the door

  Many tech professionals plan to quit in the next year despite being the most likely group to recommend their employers, according to EY.

  Leadership & Careers

• 

  SEC settles charges with 4 firms it says downplayed SolarWinds hack exposure

  The agency alleged Unisys, Avaya, Check Point Software and Mimecast misled investors about the extent of their respective cyber risks.

  Cyberattacks

• 

  4 ways AI could impact employees, workflows: Gartner

  Technology leaders can expect AI to continue to raise questions around workforce shifts, privacy procedures and security techniques.

  Strategy

• 

  Opinion

  How to implement attack surface management

  ASM is a core component of exposure management that organizations can leverage to enhance vulnerability management. 

  Strategy

• 

  FCC expands cooperation with states on data security, privacy enforcement

  More states are working with the agency to investigate possible violations of consumer privacy and data security laws.

  Strategy

• 

  Critical Veeam CVE actively exploited in ransomware attacks

  Multiple ransomware groups targeted the vulnerability, which has a CVSS score of 9.8, more than a month after it was disclosed and patched by the data backup and recovery vendor.

  Vulnerability

• 

  New legislation aims to tame ‘Wild West’ in healthcare cybersecurity

  The proposed bill, introduced last month by Sens. Ron Wyden and Mark Warner, is a good step forward, but hospitals may need more funds to boost their cybersecurity practices, experts say.

  Policy & Regulation

More stories