Azure flaw exposes enterprise databases, raising questions on cloud security

The flaw dates back to 2019, when Microsoft added a data-visualization feature called Jupyter Notebook to the Cosmos DB, Wiz researchers said.

By David Jones • Aug. 30, 2021

T-Mobile closes breach entry point, adds consultants to fix security holes

The hacker's goal was to gain customer data, and "they succeeded," CEO Mike Sievert said in a statement Friday.

By Samantha Schwartz • Aug. 27, 2021

Credential stuffing: the data availability problem

If data is the valuable asset locked away for safekeeping, credentials are key to opening the vault. For threat actors, the real value of credentials is that they offer access without trace.

By Sue Poremba • Aug. 23, 2021

T-Mobile: Understanding the latest in the carrier's string of data breaches

The breach, affecting more than 54 million individuals, is the company's fifth disclosed incident since 2018.

By Samantha Schwartz • Updated Aug. 24, 2021

Morgan Stanley falls prey to lingering effects of Accellion breach

Data from the investment firm was compromised through the vendor of a vendor, a hallmark of difficult-to-prevent — and increasingly frequent —  supply chain security incidents.

By Naomi Eide • July 9, 2021

Spoofing, spear phishing dominate BEC attacks: report

Threat actors are targeting the C-suite and corporate finance departments with the goal of stealing credentials or unleashing malicious payloads. 

By David Jones • June 29, 2021

Codecov to sunset Bash Uploader following April supply chain attack

The company seeks to boost security posture, however analysts are raising questions about whether the new uploader addresses underlying concerns.

By David Jones • June 14, 2021

Data breaches, poor cyber practices raise cost of borrowing: study

Research from the American Accounting Association shows banks have raised interest rates on companies where customer data has been hacked.

By David Jones • June 7, 2021

Why CISOs can't afford to have data breach fatigue

Security teams monitor thousands of alerts per day, which are hard to escape even in off hours, as news about data breaches becomes mainstream.

By Sue Poremba • June 1, 2021

Compromised cloud costs companies $6.2M annually, study finds

Attackers heavily target Microsoft 365 and Google Workspace accounts using brute force or phishing attacks, according to Ponemon Institute research.

By David Jones • May 27, 2021

As Colonial Pipeline returns to service, Congress looks to bolster utility-government security efforts

Several bills aim to boost public-private partnerships in securing the nations grid, which experts say are critical to keeping attackers at bay.

By Robert Walton • May 17, 2021

Password managers are a necessary — yet vulnerable — last line of defense

The Passwordstate breach is forcing CISOs and researchers to review vendors and reassess security practices.

By David Jones • May 4, 2021

First Horizon breach highlights rising threats against financial institutions

The attack shows the potential risk financial institutions face when trying to protect customer account data and financial assets.

By David Jones • April 29, 2021

Codecov hack — likened to SolarWinds — targets software supply chain

Third-party actors were able to linger inside the software-testing firm’s environment for months, exfiltrating customer data.

By David Jones • Updated April 30, 2021

Employees can't quit habit of writing down, sharing passwords

Amid heightened threats, workers are incorporating company names into passwords, writing them on sticky notes and sharing them via email.

By David Jones • April 6, 2021

Cybersecurity spending is up but so are breaches

Healthcare, media, entertainment and gaming experienced the greatest growth in breaches last year, coinciding with a "big shift" toward digital transformation, Canalys found.

By Samantha Schwartz • March 30, 2021

Security leaders: Expect more insider data leaks, threats in 2021

The rise stems from a lack of accurate insight from data loss prevention and cloud access security broker technologies.

By David Jones • March 29, 2021

Remote work gives rise to more executive credential theft

Threat actors are increasingly using social engineering to cultivate vulnerable end users and compromise networks, according to a CyberArk report.

By David Jones • March 25, 2021

55% of healthcare breaches feature ransomware: report

The healthcare industry is a favored target by cybercriminals: Hospitals cannot tolerate downtime or put off emergency patient care.

By Samantha Schwartz • March 10, 2021

Qualys confirms data breach related to Accellion after documents leak

The cloud security firm retained FireEye and insists the breach had no impact on production environments or its code base.

By David Jones • March 4, 2021

Companies overestimate ability to manage remote worker security

Employees working outside the office are granted excessive access privileges and are falling prey to phishing attacks, research from Tanium and PSB Insights found.

By David Jones • March 2, 2021

Senate SolarWinds hearing turns attention to breach notification laws, intel sharing

Amazon Web Services came under fire for declining to attend the hearing as top executives emphasized the need for faster disclosure and industrywide standards.

By David Jones • Feb. 24, 2021

Accellion breach victim lists grows as Kroger discloses compromise

None of the organizations impacted by the Accellion hack so far have attributed who was responsible for the compromise.

By Samantha Schwartz • Feb. 22, 2021

Ransomware, poor security drove spike in healthcare breaches in 2020

A rise in ransomware and phishing attacks led to a 55% increase in healthcare breaches last year, according to Bitglass.

By David Jones • Feb. 17, 2021

The next generation of email security

Now, with a single approval of an API, every line of cloud business communication can be secured.

Feb. 16, 2021