Okta says 2.5% of customers breached, as Lapsus$ sows disorder

Threat researchers say Lapsus$, active on social media, revels in the spotlight. Okta's CSO called the breach screenshots "embarrassing." 

By Naomi Eide • March 23, 2022

NYC transit worker alleges pay violations after Kronos ransomware disruption

The Metropolitan Transit Authority paid straight-time wages in a timely manner, the suit said, but it reportedly skipped overtime payments.

By Kate Tornone , Naomi Eide • Feb. 15, 2022

Explore the Trendline➔

Securing the cloud

A host of new technologies and a spate of incidents at top providers means businesses have even more cloud security conundrums to consider. 

By Cybersecurity Dive staff

Cybersecurity outlook for 2022

Nation-state cyberthreats and Log4j have the security community on high alert; organizations need to master response and remediation.  

By Naomi Eide • Feb. 14, 2022

In 2022, you can no longer afford to ignore credential security

Credentials are among the most sought-after targets by hackers due to the low risk and high rewards.

Jan. 31, 2022

NY attorney general probes widespread credential stuffing, 17 companies affected

The OAG worked with the impacted companies to uncover how threat actors bypassed security safeguards, which led almost all the companies to strengthen security controls.

By Samantha Schwartz • Jan. 6, 2022

Threat actor breaches HPE's Aruba Central via data repository access key

As more enterprise data moves to the cloud, security and data privacy remain paramount concerns. 

By David Jones • Nov. 16, 2021

SolarWinds threat actor targeted IT service providers in thousands of attacks, Microsoft says

The campaign from the Russian nation-state threat actor Nobelium was caught early, but there were at least 14 compromises involving password spraying and phishing to gain access.

By Samantha Schwartz • Oct. 25, 2021

Ripple effects from a cyber incident take a year to develop: report

Organizations are likely to both generate and suffer the downstream consequences of cyber incidents because of the technological reliance companies have on one another.

By Samantha Schwartz • Sept. 27, 2021

FTC warns app makers fall under breach notification rule

A breach must be reported regardless of whether it was the result of malicious action, the agency said. Any unauthorized access, including sharing information without consent, would trigger the rule.

By Shannon Muchmore • Sept. 17, 2021

Cybersecurity discussion growing in regulatory filings

A surge in ransomware combined with an increase in M&A activity is raising the profile of cybersecurity as a key discussion point in public filings and discussions with investors. 

By David Jones • Sept. 8, 2021

Are you ready for the second wave of digital transformation?

In the second wave of digital transformation, understanding Insider Risk is more important than ever.  

Sept. 7, 2021

Azure flaw exposes enterprise databases, raising questions on cloud security

The flaw dates back to 2019, when Microsoft added a data-visualization feature called Jupyter Notebook to the Cosmos DB, Wiz researchers said.

By David Jones • Aug. 30, 2021

T-Mobile closes breach entry point, adds consultants to fix security holes

The hacker's goal was to gain customer data, and "they succeeded," CEO Mike Sievert said in a statement Friday.

By Samantha Schwartz • Aug. 27, 2021

Credential stuffing: the data availability problem

If data is the valuable asset locked away for safekeeping, credentials are key to opening the vault. For threat actors, the real value of credentials is that they offer access without trace.

By Sue Poremba • Aug. 23, 2021

T-Mobile: Understanding the latest in the carrier's string of data breaches

The breach, affecting more than 54 million individuals, is the company's fifth disclosed incident since 2018.

By Samantha Schwartz • Updated Aug. 24, 2021

Morgan Stanley falls prey to lingering effects of Accellion breach

Data from the investment firm was compromised through the vendor of a vendor, a hallmark of difficult-to-prevent — and increasingly frequent —  supply chain security incidents.

By Naomi Eide • July 9, 2021

Spoofing, spear phishing dominate BEC attacks: report

Threat actors are targeting the C-suite and corporate finance departments with the goal of stealing credentials or unleashing malicious payloads. 

By David Jones • June 29, 2021

Codecov to sunset Bash Uploader following April supply chain attack

The company seeks to boost security posture, however analysts are raising questions about whether the new uploader addresses underlying concerns.

By David Jones • June 14, 2021

Data breaches, poor cyber practices raise cost of borrowing: study

Research from the American Accounting Association shows banks have raised interest rates on companies where customer data has been hacked.

By David Jones • June 7, 2021

Why CISOs can't afford to have data breach fatigue

Security teams monitor thousands of alerts per day, which are hard to escape even in off hours, as news about data breaches becomes mainstream.

By Sue Poremba • June 1, 2021

Compromised cloud costs companies $6.2M annually, study finds

Attackers heavily target Microsoft 365 and Google Workspace accounts using brute force or phishing attacks, according to Ponemon Institute research.

By David Jones • May 27, 2021

As Colonial Pipeline returns to service, Congress looks to bolster utility-government security efforts

Several bills aim to boost public-private partnerships in securing the nations grid, which experts say are critical to keeping attackers at bay.

By Robert Walton • May 17, 2021

Password managers are a necessary — yet vulnerable — last line of defense

The Passwordstate breach is forcing CISOs and researchers to review vendors and reassess security practices.

By David Jones • May 4, 2021

First Horizon breach highlights rising threats against financial institutions

The attack shows the potential risk financial institutions face when trying to protect customer account data and financial assets.

By David Jones • April 29, 2021

Codecov hack — likened to SolarWinds — targets software supply chain

Third-party actors were able to linger inside the software-testing firm’s environment for months, exfiltrating customer data.

By David Jones • Updated April 30, 2021