The Latest

• 

  CISA pins modest security gains to performance goals program

  The federal agency said the number of critical infrastructure organizations enrolled in its vulnerability scanning program nearly doubled since 2022.

  Strategy

• 

  CISA adds second BeyondTrust CVE to known exploited vulnerabilities list

  Federal authorities are still working with the company to investigate a hack of Treasury Department workstations, but have not yet explained the CVEs’ specific roles in the attacks.

  Breaches

• 

  Ivanti zero-day has researchers scrambling

  Threat hunters are on high alert as 900 Ivanti Connect Secure instances remain unpatched and vulnerable to exploitation, according to Shadowserver.

  Vulnerability

• 

  Hack of Rhode Island social services platform impacted at least 709K, officials say

  State officials received reports from Deloitte and a third-party forensic firm showing the threat to the database has been mitigated and restoration efforts are underway.

  Breaches

• 

  Consumers are becoming apathetic to cyber incidents, research finds

  Despite an increase in cyber incidents, breaches had less impact on consumer trust in 2024, a Vercara survey found.

  Breaches

• 

  CISA director reiterates prior calls for C-suites, boards to take cyber risk ownership

  Jen Easterly said companies need to consider cybersecurity threats as core risks that need to be fully incorporated into corporate business strategy.

  Strategy

• 

  PowerSchool data breach possibly exposed student, staff data

  The cloud-based K-12 software provider confirmed a compromised credential was used to access its PowerSource customer support portal.

  Breaches

• 

  Cyberattacks, tech disruption rank as top threats to business growth

  Two in five executives view data breaches and leaks as the most financially burdensome man-made threats, a Chubb study found.

  Breaches

• 

  Ivanti customers confront new zero-day with suspected nation-state nexus

  The latest attacks come one year after a threat group exploited a pair of zero-days in the same Ivanti product.

  Vulnerability

• 

  4 cybersecurity trends to watch in 2025

  Critical industries are up against never before seen challenges to remain secure and operational, while regulatory pressures have completely upended the role of the CISO in corporate America.

  Strategy

• 

  National cyber director calls for deterrence against China-affiliated cyber threats

  Harry Coker Jr. said China and other adversaries cannot be allowed free reign to conduct malicious cyber activities.   

  Strategy

• 

  White House program to certify the security of IoT devices goes live

  The White House is also working on an executive order to limit federal purchasing of connected products that meet the minimum security standards under the program.

  Strategy

• 

  Investors narrow scope of cyber funding deals in 2024

  Total funding was up 9% year over year to $9.5 billion. More than half of all dollars raised went to late-stage rounds, Pinpoint Search Group said.

  Strategy

• 

  CISA says hack targeting Treasury Department did not impact other federal agencies

  BeyondTrust says an investigation of a December attack spree is nearing completion and SaaS instances are fully patched. Hackers used a stolen key to attack Treasury workstations.

  Vulnerability

• 

  AT&T, Verizon say they evicted Salt Typhoon from their networks

  Two of the largest telecom providers in the U.S. said the China-government sponsored threat group is no longer embedded in their networks.

  Cyberattacks

• 

  US Treasury office sanctions firm connected to state-sponsored Flax Typhoon threat group

  A Beijing-based cybersecurity company, Integrity Technology Group Inc., is linked to years of exploitation activity targeting U.S. critical infrastructure.

  Threats

• 

  What companies need to help secure AI

  Experts say MLOps will bridge the gap between development and operations, creating room for the inclusion of security and privacy practices, too.

  Strategy

• 

  Censys researchers warn 8,600 BeyondTrust instances still exposed

  As authorities investigate a December attack spree, the researchers added the caveat that not all instances are considered vulnerable.

  Breaches

• 

  SEC cybersecurity enforcement outlook uncertain as Trump 2.0 looms

  With issues such as cryptocurrency and climate change facing the next SEC chair, it’s unclear whether rolling back cybersecurity rules will be high on the priority list.

  Policy & Regulation

• 

  Cyber leaders are bullish on generative AI despite risks: report

  Executives say they would overhaul tooling in exchange for better generative AI capabilities, according to a CrowdStrike survey.

  Strategy

• 

  Hackers leaked data from Rhode Island ransomware attack, officials warn

  A criminal threat group had previously threatened to leak sensitive data from a Deloitte-managed social services database.

  Breaches

• 

  Treasury Department says state-linked hacker gained access to unclassified data in major attack

  The compromise of agency workstations is linked to a previously disclosed compromise of certain BeyondTrust customers.

  Breaches

• 

  White House says 9th telecom company hit in Salt Typhoon spree

  A senior official blamed the intrusions on lax security and said in one case the compromise of a single administrator account led to access of over 100,000 routers.

  Strategy

• 

  BeyondTrust customers hit by wave of attacks linked to compromised API key

  The cybersecurity vendor said an attacker compromised its access-management tool and reset customer passwords.

  Vulnerability

• 

  Researchers warn of active exploitation of critical Apache Struts 2 flaw

  Exploitation activity was observed about a week after the CVE was disclosed. 

  Vulnerability

More stories