Compromised credential use jumps 300% in cloud intrusions: IBM

Valid credentials are also a hot commodity in the cybercrime marketplace, accounting for the vast majority, almost 90%, of assets for sale on the dark web, IBM found.

By Matt Kapko • Sept. 13, 2023

MGM Resorts takes systems offline as it investigates cyberattack

The company restored full operations to dining, gaming and entertainment venues Monday night, following earlier reports payment systems, digital room keys and reservations systems were down at multiple properties. 

By David Jones • Updated Sept. 12, 2023

Explore the Trendline➔

Top 5 stories from Cybersecurity Dive

A wave of rules, regulations and federal action is putting pressure on businesses to shore up security amid a backdrop of emboldened threat actors has a nice ring to it.

By Cybersecurity Dive staff

Aviation sector organization hit by exploit of CVE duo

Cybersecurity authorities investigated the attack by multiple threat actors who exploited known CVEs in Zoho and Fortinet products.

By Matt Kapko • Sept. 8, 2023

Microsoft crash dump exposed key that led to US cabinet email hacks, investigation finds

A China-based threat group used the key to access a Microsoft engineer’s corporate account and, later, compromised more than two dozen customer email accounts.

By David Jones • Sept. 7, 2023

BEC phishing kit hits thousands of Microsoft 365 business accounts

Threat actors used the W3LL phishing kit to target more than 56,000 accounts, ultimately compromising 14% of them since last October, Group-IB found.

By Matt Kapko • Sept. 7, 2023

Okta customers’ IT staff duped by MFA reset swindle

IT workers at four organizations using Okta were successfully hit by a consistent pattern of social engineering attacks.

By Matt Kapko • Sept. 6, 2023

Barracuda patch bypassed by novel malware from China-linked threat group

Mandiant uncovered a months-long cyber espionage campaign targeting high value government entities and technology firms in the U.S. and abroad.

By David Jones • Sept. 1, 2023

US leads takedown of Qakbot malware, which automated initial infections

The botnet and malware had infected more than 700,000 computers worldwide and was linked to the abuse of OneNote files.

By David Jones • Aug. 30, 2023

MOVEit attack victim count surpasses 1,000 organizations

Months after the campaign was discovered, victims are still coming forward and, in most cases, breaches at third-party vendors are to blame.

By Matt Kapko • Aug. 28, 2023

Prospect Medical stolen data listed for sale by emerging ransomware group

Rhysida claims it stole more than 500,000 Social Security numbers, financial, legal and medical files. And it’s all for sale on the dark web.

By Matt Kapko • Aug. 25, 2023

Ransoming Linux and ESXi systems is getting easier

Threat actors are using memory-safe languages to release payloads for Windows, Linux and ESXi simultaneously, SentinelOne researchers warn.

By Matt Kapko • Aug. 24, 2023

Hackers target Pentagon contract site via compromised routers

Research from Black Lotus Labs says the new activity aligns with recent state-linked campaigns, including Volt Typhoon.

By David Jones • Aug. 23, 2023

Ransomware attack dwell times fall, pressuring companies to quickly respond

The median dwell time for ransomware attacks hit a new low of five days in the first half of the year, according to Sophos.

By Matt Kapko • Aug. 23, 2023

MOVEit attack spree makes Clop this summer’s most-prolific ransomware group

The financially-motivated threat actor was responsible for one-third of all ransomware attacks in July, according to NCC Group and Flashpoint.

By Matt Kapko • Aug. 22, 2023

Cuba ransomware group exploits Veeam to hit critical infrastructure

The threat actor also used malicious tools from previous campaigns, according to BlackBerry research.

By Matt Kapko • Aug. 21, 2023

Suncor CEO says company mostly recovered from June cyberattack

The incident was serious and not worth repeating, President and CEO Rich Kruger said. "I’d rather have a root canal than go through one of these attacks again.”

By David Jones • Aug. 17, 2023

AWS customers’ most common security mistake

All too often organizations are not doing least-privilege work with identity systems, AWS’ Mark Ryland told Cybersecurity Dive.

By Matt Kapko • Aug. 16, 2023

Dallas to pay vendors $8.6M for their ransomware recovery services

The city paid vendors for hardware, software, incident response, consulting and monitoring in the wake of the attack.

By Matt Kapko • Aug. 14, 2023

TIAA hit with class-action lawsuit over MOVEit data breach

The suit claims the teachers’ retirement fund did not properly handle sensitive information compromised in the far-reaching cyberattack.

By Anna Merod • Aug. 14, 2023

Lock your doors to Kerberos golden ticket attacks

Golden Ticket attacks hit the Key Distribution Service Account of the KDC, here's how to stop them.

Aug. 14, 2023

4 ways organizations can take back the advantage from attackers

By reorienting systems defense around resilience, “we become more like attackers, we become nimble, empirical, curious,” Kelly Shortridge said at Black Hat USA 2023. 

By Matt Kapko • Aug. 10, 2023

The MOVEit spree is as bad as — or worse than — you think it is

The mass exploit has compromised more than 600 organizations, but that only scratches the surface of the potential number of downstream victims. Security experts project years of fallout.

By Matt Kapko • Aug. 9, 2023

Threat actors abuse valid accounts using manual tactics, CrowdStrike says

The research underscores the outsized role and prevalence of legitimate credentials as an entry point for cyberattacks.

By Matt Kapko • Aug. 8, 2023

Ransomware attack on Prospect Medical Holdings impacts hospitals across 4 states

Multiple hospitals in the system are still experiencing complications or closures as of Monday.

By Matt Kapko • Aug. 7, 2023

White House rolls out millions in funding to combat K-12 cyberattacks

Federal officials are meeting with key administrators and technology providers to address a surge in ransomware and other malicious activity facing K-12 schools.

By David Jones • Aug. 7, 2023