The Latest
-
Fortinet zero-day attack spree hits at least 50 customers
Active exploits of a critical vulnerability in FortiManager began in late June, Mandiant said. Firewall credentials and configuration data have been stolen.
-
Despite improved workplace culture, tech workers still eye the door
Many tech professionals plan to quit in the next year despite being the most likely group to recommend their employers, according to EY.
-
SEC settles charges with 4 firms it says downplayed SolarWinds hack exposure
The agency alleged Unisys, Avaya, Check Point Software and Mimecast misled investors about the extent of their respective cyber risks.
-
4 ways AI could impact employees, workflows: Gartner
Technology leaders can expect AI to continue to raise questions around workforce shifts, privacy procedures and security techniques.
-
Opinion
How to implement attack surface management
ASM is a core component of exposure management that organizations can leverage to enhance vulnerability management.
-
FCC expands cooperation with states on data security, privacy enforcement
More states are working with the agency to investigate possible violations of consumer privacy and data security laws.
-
Critical Veeam CVE actively exploited in ransomware attacks
Multiple ransomware groups targeted the vulnerability, which has a CVSS score of 9.8, more than a month after it was disclosed and patched by the data backup and recovery vendor.
-
New legislation aims to tame ‘Wild West’ in healthcare cybersecurity
The proposed bill, introduced last month by Sens. Ron Wyden and Mark Warner, is a good step forward, but hospitals may need more funds to boost their cybersecurity practices, experts say.
-
CISOs are gaining influence among corporate leadership
A Deloitte Global report shows CISOs are involved in a growing set of strategic decisions about digital transformation, cloud and other technology issues.
-
Sophos to buy Secureworks in $859M push into XDR
The deal follows a marketwide push for vendor consolidation and a growing interest in more end-to-end offerings from a single provider.
-
Microsoft confirms partial loss of security log data on multiple platforms
The company previously expanded free access to security logs on several platforms, including Purview, following the 2023 state-linked hack of Exchange Online.
-
Zero-day exploits swelled in 2023: Mandiant
Of the 138 actively exploited vulnerabilities disclosed in 2023 and later analyzed by the threat intelligence firm, 97 were exploited as zero-days.
-
US disables Anonymous Sudan infrastructure linked to DDoS attack spree
Authorities unsealed charges alleging two Sudanese nationals ran the hacktivist group, linked to major attacks against Microsoft and others.
-
Iran-linked attackers hit critical infrastructure with brute force
CISA and the FBI warn healthcare, government, IT and other sectors of password spraying and multifactor authentication push bombing.
-
FBI, CISA seek input on software security, configuration changes
Authorities are seeking public comment on steps the software industry can take to make their products more resistant to malicious threat activity.
-
Microsoft reveals ransomware attacks against its customers nearly tripled last year
Despite the increase, the percentage of cyberattacks reaching the encryption stage continued to decline, according to a Microsoft study.
-
CISA adds SolarWinds flaw to exploited vulnerabilities catalog
A hardcoded credentials vulnerability in SolarWinds Web Help Desk lets attackers read and modify sensitive help desk ticket information.
-
Majority of global CISOs want to split roles as regulatory burdens grow
Trellix research shows rising cybersecurity demands from the SEC and other government bodies are pushing CISOs even closer to the edge.
-
Lawmakers seek insight into China-linked attacks on telecom networks
Members of congress want to know when and how AT&T, Lumen and Verizon learned of the intrusions and what data the threat group accessed.
-
Critical CVE in 4 Fortinet products actively exploited
CISA added the format string vulnerability to its known exploited vulnerabilities catalog last week, months after it was first disclosed by the company.
-
Where organizations invest after a data breach
Asking customers to foot the bill for data breach remediation will not prevent future data breaches or address the issues that cause costs to increase.
-
Clorox says 2023 cyberattack hurt progress on 2030 plastic, waste reduction goals
The company is reassessing some sustainability goals, according to its latest annual report. Data shows the company stagnated on lowering virgin material and upping PCR in packaging.
-
American Water Works reconnecting systems a week after cyberattack
The water utility said there is no evidence of damage to its facilities, but law enforcement and forensic experts are still investigating.
-
FTC settles yearslong investigation into Marriott’s ‘security failures’
The settlement caps a pattern of major data breaches at Marriott and its subsidiary Starwood Hotels and Resorts Worldwide over the last decade.
-
Cyber risk tops C-suite concerns heading into US election
A report by PwC shows American business leaders will continue to focus on data regulation, AI and technology investments regardless of which party prevails in November.