Hackers target Pentagon contract site via compromised routers

Research from Black Lotus Labs says the new activity aligns with recent state-linked campaigns, including Volt Typhoon.

By David Jones • Aug. 23, 2023

Ransomware attack dwell times fall, pressuring companies to quickly respond

The median dwell time for ransomware attacks hit a new low of five days in the first half of the year, according to Sophos.

By Matt Kapko • Aug. 23, 2023

MOVEit attack spree makes Clop this summer’s most-prolific ransomware group

The financially-motivated threat actor was responsible for one-third of all ransomware attacks in July, according to NCC Group and Flashpoint.

By Matt Kapko • Aug. 22, 2023

Cuba ransomware group exploits Veeam to hit critical infrastructure

The threat actor also used malicious tools from previous campaigns, according to BlackBerry research.

By Matt Kapko • Aug. 21, 2023

Suncor CEO says company mostly recovered from June cyberattack

The incident was serious and not worth repeating, President and CEO Rich Kruger said. "I’d rather have a root canal than go through one of these attacks again.”

By David Jones • Aug. 17, 2023

AWS customers’ most common security mistake

All too often organizations are not doing least-privilege work with identity systems, AWS’ Mark Ryland told Cybersecurity Dive.

By Matt Kapko • Aug. 16, 2023

Dallas to pay vendors $8.6M for their ransomware recovery services

The city paid vendors for hardware, software, incident response, consulting and monitoring in the wake of the attack.

By Matt Kapko • Aug. 14, 2023

TIAA hit with class-action lawsuit over MOVEit data breach

The suit claims the teachers’ retirement fund did not properly handle sensitive information compromised in the far-reaching cyberattack.

By Anna Merod • Aug. 14, 2023

Lock your doors to Kerberos golden ticket attacks

Golden Ticket attacks hit the Key Distribution Service Account of the KDC, here's how to stop them.

Aug. 14, 2023

4 ways organizations can take back the advantage from attackers

By reorienting systems defense around resilience, “we become more like attackers, we become nimble, empirical, curious,” Kelly Shortridge said at Black Hat USA 2023. 

By Matt Kapko • Aug. 10, 2023

The MOVEit spree is as bad as — or worse than — you think it is

The mass exploit has compromised more than 600 organizations, but that only scratches the surface of the potential number of downstream victims. Security experts project years of fallout.

By Matt Kapko • Aug. 9, 2023

Threat actors abuse valid accounts using manual tactics, CrowdStrike says

The research underscores the outsized role and prevalence of legitimate credentials as an entry point for cyberattacks.

By Matt Kapko • Aug. 8, 2023

Ransomware attack on Prospect Medical Holdings impacts hospitals across 4 states

Multiple hospitals in the system are still experiencing complications or closures as of Monday.

By Matt Kapko • Aug. 7, 2023

White House rolls out millions in funding to combat K-12 cyberattacks

Federal officials are meeting with key administrators and technology providers to address a surge in ransomware and other malicious activity facing K-12 schools.

By David Jones • Aug. 7, 2023

Poor access management besets most cloud compromises, Google says

The prevalence of systems with weak access controls underscores a chronic security problem for organizations storing data in the cloud.

By Matt Kapko • Aug. 3, 2023

Hot Topic hit by automated credential stuffing attack spree

The U.S. retail chain doesn’t yet know what personal information was compromised or accessed by the threat actor.

By Matt Kapko • Aug. 2, 2023

Tempur Sealy responding to cyberattack that disrupted operations

The attack occurred almost two months after the company signed an agreement to acquire Mattress Firm, which will position it as one of the world's largest mattress manufacturers.

By Matt Kapko • Aug. 1, 2023

Reddit names seasoned IT security leader as new CISO

The hire of Fredrick “Flee” Lee comes about six months after hackers obtained company data and source code via a sophisticated phishing attack.

By David Jones • July 31, 2023

Valid account credentials are behind most cyber intrusions, CISA finds

The success rate of these techniques underscores the staying power of the most common methods threat actors use to gain initial access to targeted systems.

By Matt Kapko • July 28, 2023

Mandiant finds no evidence of data or cryptocurrency theft in JumpCloud attack

The incident response firm only has insights into one of a handful of downstream victims, but the research suggests the damage may be limited.

By Matt Kapko • July 26, 2023

Average cost of healthcare data breach reaches $11M, report finds

The sector continues to be the most expensive industry for data breaches, with costs increasing 53% since 2020.

By Emily Olsen • July 25, 2023

Investigations are causing data breach costs to skyrocket, IBM finds

Organizations are under mounting pressure to conduct more thorough investigations as the complexity of data breaches grow.

By Matt Kapko • July 24, 2023

Citrix zero day exposes critical infrastructure, one provider hit

Researchers warn thousands of the Citrix NetScaler devices remain vulnerable to attack.

By David Jones • July 24, 2023

Microsoft attackers may have data access beyond Outlook, researchers warn

Microsoft is pushing back on claims by Wiz that compromised private encryption keys may have exposed SharePoint, Teams and OneDrive data to an APT actor.

By David Jones • July 21, 2023

JumpCloud cyberattack hits up to 5 customers, 10 devices

Security researchers attributed the highly targeted attack to a cryptocurrency-seeking APT actor linked to the North Korean government.

By Matt Kapko • July 20, 2023