The Latest
-
CISA pins modest security gains to performance goals program
The federal agency said the number of critical infrastructure organizations enrolled in its vulnerability scanning program nearly doubled since 2022.
-
CISA adds second BeyondTrust CVE to known exploited vulnerabilities list
Federal authorities are still working with the company to investigate a hack of Treasury Department workstations, but have not yet explained the CVEs’ specific roles in the attacks.
-
Ivanti zero-day has researchers scrambling
Threat hunters are on high alert as 900 Ivanti Connect Secure instances remain unpatched and vulnerable to exploitation, according to Shadowserver.
-
Hack of Rhode Island social services platform impacted at least 709K, officials say
State officials received reports from Deloitte and a third-party forensic firm showing the threat to the database has been mitigated and restoration efforts are underway.
-
Consumers are becoming apathetic to cyber incidents, research finds
Despite an increase in cyber incidents, breaches had less impact on consumer trust in 2024, a Vercara survey found.
-
CISA director reiterates prior calls for C-suites, boards to take cyber risk ownership
Jen Easterly said companies need to consider cybersecurity threats as core risks that need to be fully incorporated into corporate business strategy.
-
PowerSchool data breach possibly exposed student, staff data
The cloud-based K-12 software provider confirmed a compromised credential was used to access its PowerSource customer support portal.
-
Cyberattacks, tech disruption rank as top threats to business growth
Two in five executives view data breaches and leaks as the most financially burdensome man-made threats, a Chubb study found.
-
Ivanti customers confront new zero-day with suspected nation-state nexus
The latest attacks come one year after a threat group exploited a pair of zero-days in the same Ivanti product.
-
4 cybersecurity trends to watch in 2025
Critical industries are up against never before seen challenges to remain secure and operational, while regulatory pressures have completely upended the role of the CISO in corporate America.
-
National cyber director calls for deterrence against China-affiliated cyber threats
Harry Coker Jr. said China and other adversaries cannot be allowed free reign to conduct malicious cyber activities.
-
White House program to certify the security of IoT devices goes live
The White House is also working on an executive order to limit federal purchasing of connected products that meet the minimum security standards under the program.
-
Investors narrow scope of cyber funding deals in 2024
Total funding was up 9% year over year to $9.5 billion. More than half of all dollars raised went to late-stage rounds, Pinpoint Search Group said.
-
CISA says hack targeting Treasury Department did not impact other federal agencies
BeyondTrust says an investigation of a December attack spree is nearing completion and SaaS instances are fully patched. Hackers used a stolen key to attack Treasury workstations.
-
AT&T, Verizon say they evicted Salt Typhoon from their networks
Two of the largest telecom providers in the U.S. said the China-government sponsored threat group is no longer embedded in their networks.
-
US Treasury office sanctions firm connected to state-sponsored Flax Typhoon threat group
A Beijing-based cybersecurity company, Integrity Technology Group Inc., is linked to years of exploitation activity targeting U.S. critical infrastructure.
-
What companies need to help secure AI
Experts say MLOps will bridge the gap between development and operations, creating room for the inclusion of security and privacy practices, too.
-
Censys researchers warn 8,600 BeyondTrust instances still exposed
As authorities investigate a December attack spree, the researchers added the caveat that not all instances are considered vulnerable.
-
SEC cybersecurity enforcement outlook uncertain as Trump 2.0 looms
With issues such as cryptocurrency and climate change facing the next SEC chair, it’s unclear whether rolling back cybersecurity rules will be high on the priority list.
-
Cyber leaders are bullish on generative AI despite risks: report
Executives say they would overhaul tooling in exchange for better generative AI capabilities, according to a CrowdStrike survey.
-
Hackers leaked data from Rhode Island ransomware attack, officials warn
A criminal threat group had previously threatened to leak sensitive data from a Deloitte-managed social services database.
-
Treasury Department says state-linked hacker gained access to unclassified data in major attack
The compromise of agency workstations is linked to a previously disclosed compromise of certain BeyondTrust customers.
-
White House says 9th telecom company hit in Salt Typhoon spree
A senior official blamed the intrusions on lax security and said in one case the compromise of a single administrator account led to access of over 100,000 routers.
-
BeyondTrust customers hit by wave of attacks linked to compromised API key
The cybersecurity vendor said an attacker compromised its access-management tool and reset customer passwords.
-
Researchers warn of active exploitation of critical Apache Struts 2 flaw
Exploitation activity was observed about a week after the CVE was disclosed.