The Latest

• 

  Lawmakers seek insight into China-linked attacks on telecom networks

  Members of congress want to know when and how AT&T, Lumen and Verizon learned of the intrusions and what data the threat group accessed.

  Cyberattacks

• 

  Critical CVE in 4 Fortinet products actively exploited

  CISA added the format string vulnerability to its known exploited vulnerabilities catalog last week, months after it was first disclosed by the company.

  Vulnerability

• 

  Where organizations invest after a data breach

  Asking customers to foot the bill for data breach remediation will not prevent future data breaches or address the issues that cause costs to increase.

  Strategy

• 

  Clorox says 2023 cyberattack hurt progress on 2030 plastic, waste reduction goals

  The company is reassessing some sustainability goals, according to its latest annual report. Data shows the company stagnated on lowering virgin material and upping PCR in packaging.

  Cyberattacks

• 

  American Water Works reconnecting systems a week after cyberattack

  The water utility said there is no evidence of damage to its facilities, but law enforcement and forensic experts are still investigating. 

  Cyberattacks

• 

  FTC settles yearslong investigation into Marriott’s ‘security failures’

  The settlement caps a pattern of major data breaches at Marriott and its subsidiary Starwood Hotels and Resorts Worldwide over the last decade.

  Breaches

• 

  Cyber risk tops C-suite concerns heading into US election

  A report by PwC shows American business leaders will continue to focus on data regulation, AI and technology investments regardless of which party prevails in November.

  Strategy

• 

  Decrease in deals and large rounds cut cyber funding to $2.1B in Q3

  The decline in funding accentuates the inconsistent pace of venture capital investments in cyber startups.

  Strategy

• 

  Trio of Ivanti CSA zero-day vulnerabilities under exploit threat

  The latest round of exploitation follows more than three weeks of CVE disclosures involving various Ivanti products. 

  Cyberattacks

• 

  MoneyGram attack exposed a trove of sensitive customer data

  The attack led to a days-long outage in September. The money transfer firm hasn’t described the nature of the incident or said how many people are impacted.

  Cyberattacks

• 

  Deep Dive

  CIOs turn to NIST to tackle generative AI’s many risks

  Discover's CIO is one of many tech leaders working to limit generative AI missteps by turning to risk management frameworks to get deployment right from the outset.

  Strategy

• 

  ADT employee account data stolen in cyberattack

  The alarm system company said an attacker accessed its network with compromised credentials obtained from an unnamed third party.

  Cyberattacks

• 

  American Water Works investigates unauthorized cyber intrusion

  The New Jersey-based utility said none of its water or wastewater operations were impacted by the hack.

  Cyberattacks

• 

  Gender gap persists in cybersecurity field despite available opportunities

  About half of women surveyed said they don’t feel like they would fit in or be able to be themselves, a Deloitte report said.

  Leadership & Careers

• 

  Counter Ransomware Initiative summit emphasizes arduous effort

  An international collective of cyber officials continued discussions with the White House on how to counter ransomware attacks, reduce payments and increase response capabilities.

  Strategy

• 

  CISOs, C-suite remain at odds over corporate cyber resilience

  Security and IT executives, more than a year after a SEC vote on incident disclosure, still face an uphill battle to articulate risk strategy.

  Strategy

• 

  Economic uncertainty cools CISO hiring and compensation growth

  A report by IANS and Artico Search shows the pace of CISO hiring remained slow during the first half of 2024, but is beginning to ramp back up.

  Leadership & Careers

• 

  United Airlines leaned on real-time data to recover from the CrowdStrike outage

  The airline modernized its technology foundations with better customer experiences in mind. Then, a major software outage underscored the importance of live data.

  Strategy

• 

  CISA’s vulnerability management program spotted 250 critical CVEs in 2023

  The 51 federal civilian agencies involved in the program remediated 872 vulnerabilities last year, up 78% increase from 2022, according to CISA.

  Vulnerability

• 

  What’s next for CrowdStrike on the road to repair its reputation?

  The cybersecurity vendor finds itself operating from a vulnerable position. Efforts to earn back trust are complex and some require industrywide support.

  Strategy

• 

  Ivanti up against another attack spree as hackers target its endpoint manager

  Ivanti customers are facing a new series of exploitation attempts after the company pledged in April to launch a comprehensive overhaul of its internal security practices.

  Vulnerability

• 

  Phishing remains cloud intrusion tactic of choice for threat groups

  The long-lasting effectiveness and success of phishing campaigns underscores the most central challenge in cybersecurity — people are the weakest link.

  Cyberattacks

• 

  State CISOs up against a growing threat environment with minimal funding, report finds

  A report by Deloitte and NASCIO warns that states do not have the resources necessary to fight state-backed and criminal threat groups.

  Strategy

• 

  Two-thirds of healthcare organizations hit by ransomware in past year: survey

  Nearly 40% of healthcare organizations reported it took more than a month to recover after an attack, according to the survey by cybersecurity firm Sophos.

  Strategy

• 

  FCC reaches $31.5M settlement with T-Mobile over rash of data breaches

  The company agreed to a major change in board-level governance and will make a series of upgrades to boost its cyber resilience.

  Breaches

More stories