LastPass says it contained August breach, leaving customer data and vaults secure

After investigating alongside Mandiant, the widely used password manager has enhanced a number of security protocols in response to the four-day incident.  

By David Jones • Sept. 16, 2022

Cloud security pros expect elevated risk for serious data breaches

Just one out of five cybersecurity and engineering professionals escaped the previous year without incident.

By Matt Kapko • Sept. 14, 2022

Explore the Trendline➔

Securing the cloud

A host of new technologies and a spate of incidents at top providers means businesses have even more cloud security conundrums to consider. 

By Cybersecurity Dive staff

PyPI contributors targeted by JuiceLedger in latest attack against open source

The supply chain attack represents a potential risk to organizations using open source, researchers from SentinelOne and Checkmarx say.

By David Jones • Sept. 6, 2022

Cyberattacks pivot from large health systems to smaller hospitals, specialty clinics

The trend of attacks focusing on a systemic technology used across most providers is one that Critical Insights expects to continue this year. 

By Rebecca Pifer • Aug. 29, 2022

Twilio discloses more victims as phishing attack effects cascade

The communications and identity authentication provider said it has discovered 163 victims thus far.

By Matt Kapko • Aug. 29, 2022

Almost 10K credentials compromised in phishing spree that ensnared Twilio, Mailchimp

Attackers targeted Okta identity credentials and two-factor authentication in the campaign dubbed Oktapus.

By Naomi Eide • Aug. 26, 2022

LastPass breached, portions of source code stolen, CEO says

The unauthorized actor did not access data or encrypted vaults from its more than 33 million registered users, however the company deployed containment and mitigation measures. 

By David Jones • Aug. 26, 2022

Third-party attacks spike as attackers target software connections

Every third-party tool and partnership is a potential path for attack and an opportunity to exploit human behavior. The risks spread far and wide.

By Matt Kapko • Aug. 22, 2022

Mailchimp breach shines new light on digital identity, supply chain risk

Sophisticated threat actors are targeting weak links in the email marketing space to go after vulnerable financial targets.

By David Jones • Aug. 18, 2022

DigitalOcean, caught in Mailchimp security incident, drops email vendor

An attack on the email marketing firm raises questions about the continued risk of a supply chain compromise. 

By David Jones • Aug. 17, 2022

Twilio phishing attack fallout spreads to Signal

The vendor’s widely used two-factor authentication service became a point of potential compromise for 1,900 Signal users. One user suffered a direct hit.

By Matt Kapko • Aug. 15, 2022

How attackers are breaking into organizations

Threat actors lean heavily on phishing attacks, vulnerabilities in software and containers, and stolen credentials, according to top cyber vendor research.

By Matt Kapko • Aug. 15, 2022

Cloudflare thwarts ‘sophisticated’ phishing attack strategy that bruised Twilio

Dissimilar responses from Cloudflare and Twilio bear important lessons in transparency, resiliency and access.

By Matt Kapko • Aug. 9, 2022

Hospitals have low level of accountability for connected device breaches

Only an average of 3.4% of hospitals’ IT budgets are being spent on device security, a recent survey shows.

By Rebecca Pifer • Aug. 5, 2022

Data breach costs spread downstream, IBM says

Nearly half of all organizations studied by IBM have minimal or no cloud security practices in place.

By Matt Kapko • July 29, 2022

Entrust acknowledges June cyberattack, remains tight-lipped on the details

The cybersecurity vendor has yet to disclose how the incident occurred, the type of data stolen and if ransomware was involved.

By Matt Kapko • July 28, 2022

Uber reaches non-prosecution deal with feds after concealing data breach

The ride-sharing firm had been under investigation by the Federal Trade Commission, when the 2016 data breach occurred, an event undisclosed until new management entered the picture. 

By David Jones • July 26, 2022

Data breach at debt collector affects almost 2M healthcare patients

It’s the second-largest health data breach this year after the Shields Health Care Group cyberattack in March, the Department of Health and Human Services breach reporting portal shows.

By Rebecca Pifer • July 19, 2022

Hospital ransomware concerns rise after payment vendor breach, North Korea threats

A recently disclosed ransomware attack could have exposed patient data from more than 650 healthcare providers.

By Rebecca Pifer • July 11, 2022

Latest Marriott breach shows a human error pattern

The latest incident at Marriott is relatively minor compared to major breaches in late 2018 and early 2020, but it signals a pattern of neglect.

By Matt Kapko • July 7, 2022

Carnival to pay $5M for cyber violations to NY financial regulator

The cruise line failed to implement multifactor authentication and took 10 months to report the first of four data incidents.

By David Jones • June 27, 2022

Attackers keep targeting VMware Horizon, exploiting unpatched Log4Shell

In one case, CISA found multiple threat actors compromising an organization using Log4Shell, which leveraged access to gain remote command and control.

By Naomi Eide • June 24, 2022

Breach at Flagstar Bank impacts more than 1.5M customers

The breach, which occurred between Dec. 3 and Dec. 4, is the second to impact the bank in less than two years.

By Anna Hrushka • June 22, 2022

Employees cause more cyber breaches in healthcare than other industries: report

Basic web application attacks, miscellaneous errors and system intrusions are at the root of the bulk of healthcare breaches, Verizon research shows.

By Rebecca Pifer • May 24, 2022

Tenet says 'cybersecurity incident' disrupted hospital operations

The for-profit health system has restored most critical functions, while affected facilities are starting to resume normal operations.

By Rebecca Pifer • April 27, 2022