SEC settles charges with 4 firms it says downplayed SolarWinds hack exposure

The agency alleged Unisys, Avaya, Check Point Software and Mimecast misled investors about the extent of their respective cyber risks.

By David Jones • Oct. 22, 2024

Critical Veeam CVE actively exploited in ransomware attacks

Multiple ransomware groups targeted the vulnerability, which has a CVSS score of 9.8, more than a month after it was disclosed and patched by the data backup and recovery vendor.

By Matt Kapko • Oct. 22, 2024

Explore the Trendline➔

Top 5 stories from Cybersecurity Dive

A wave of rules, regulations and federal action is putting pressure on businesses to shore up security amid a backdrop of emboldened threat actors has a nice ring to it.

By Cybersecurity Dive staff

Zero-day exploits swelled in 2023: Mandiant

Of the 138 actively exploited vulnerabilities disclosed in 2023 and later analyzed by the threat intelligence firm, 97 were exploited as zero-days.

By Matt Kapko • Oct. 18, 2024

US disables Anonymous Sudan infrastructure linked to DDoS attack spree

Authorities unsealed charges alleging two Sudanese nationals ran the hacktivist group, linked to major attacks against Microsoft and others.

By David Jones • Oct. 17, 2024

Iran-linked attackers hit critical infrastructure with brute force

CISA and the FBI warn healthcare, government, IT and other sectors of password spraying and multifactor authentication push bombing.

By Matt Kapko • Oct. 17, 2024

Microsoft reveals ransomware attacks against its customers nearly tripled last year

Despite the increase, the percentage of cyberattacks reaching the encryption stage continued to decline, according to a Microsoft study.

By Matt Kapko • Oct. 16, 2024

Lawmakers seek insight into China-linked attacks on telecom networks

Members of congress want to know when and how AT&T, Lumen and Verizon learned of the intrusions and what data the threat group accessed.

By Matt Kapko • Oct. 15, 2024

Clorox says 2023 cyberattack hurt progress on 2030 plastic, waste reduction goals

The company is reassessing some sustainability goals, according to its latest annual report. Data shows the company stagnated on lowering virgin material and upping PCR in packaging.

By Maria Rachal • Oct. 14, 2024

American Water Works reconnecting systems a week after cyberattack

The water utility said there is no evidence of damage to its facilities, but law enforcement and forensic experts are still investigating. 

By David Jones • Oct. 11, 2024

FTC settles yearslong investigation into Marriott’s ‘security failures’

The settlement caps a pattern of major data breaches at Marriott and its subsidiary Starwood Hotels and Resorts Worldwide over the last decade.

By Matt Kapko • Oct. 10, 2024

Trio of Ivanti CSA zero-day vulnerabilities under exploit threat

The latest round of exploitation follows more than three weeks of CVE disclosures involving various Ivanti products. 

By David Jones • Oct. 9, 2024

MoneyGram attack exposed a trove of sensitive customer data

The attack led to a days-long outage in September. The money transfer firm hasn’t described the nature of the incident or said how many people are impacted.

By Matt Kapko • Oct. 9, 2024

ADT employee account data stolen in cyberattack

The alarm system company said an attacker accessed its network with compromised credentials obtained from an unnamed third party.

By Matt Kapko • Oct. 8, 2024

American Water Works investigates unauthorized cyber intrusion

The New Jersey-based utility said none of its water or wastewater operations were impacted by the hack.

By David Jones • Oct. 7, 2024

Ivanti up against another attack spree as hackers target its endpoint manager

Ivanti customers are facing a new series of exploitation attempts after the company pledged in April to launch a comprehensive overhaul of its internal security practices.

By David Jones • Oct. 3, 2024

Two-thirds of healthcare organizations hit by ransomware in past year: survey

Nearly 40% of healthcare organizations reported it took more than a month to recover after an attack, according to the survey by cybersecurity firm Sophos.

By Emily Olsen • Oct. 2, 2024

Phishing remains cloud intrusion tactic of choice for threat groups

The long-lasting effectiveness and success of phishing campaigns underscores the most central challenge in cybersecurity — people are the weakest link.

By Matt Kapko • Oct. 2, 2024

Ransomware attacks surge despite international enforcement effort

Progress remains elusive as federal authorities point to ransomware payments inhibiting progress to reduce the volume and impact of attacks.

By Matt Kapko • Oct. 1, 2024

MoneyGram faces backlog after cyberattack

The international wire transfer company has restarted some services since the incident, but is battling to fulfill transactions after taking its systems offline for much of the week.

By Lynne Marek • Sept. 27, 2024

Major companies keep hiring North Korean IT workers

Dozens of Fortune 100 organizations have inadvertently hired workers from North Korea applying for remote jobs, Mandiant said.

By Matt Kapko • Sept. 24, 2024

Cybersecurity firm flags attack on construction accounting system

Users of Foundation Software, which serves 43,000 construction pros, may be at risk of intrusion if they still use default credentials, according to cybersecurity firm Huntress.

By Matthew Thibault • Sept. 20, 2024

Port of Seattle official flags a cyber dilemma, ‘one-way street’ with federal agencies

A ransomware atttack disrupted the Seattle-Tacoma International Airport for weeks. Part of the problem, one official said, is that federal cyber recommendations are not timely.

By Matt Kapko • Sept. 19, 2024

US authorities take down a Mirai-variant botnet tied to DDoS threat

An FBI-led operation to disrupt a China-linked botnet comes months after a similar operation in January linked to Volt Typhoon.

By David Jones • Sept. 19, 2024

Suffolk County ransomware attack linked to lack of planning, ignored warnings

A special report blames county officials for ignoring FBI warnings during the 2022 attack and an overall failure of IT and security leadership.

By David Jones • Sept. 18, 2024

AT&T settles a 2023 data breach for $13M. Recent incidents are much worse.

Telecom cybersecurity remains a challenge with widespread impacts. AT&T is not alone in experiencing a pattern of extensive breaches exposing customer data.

By Matt Kapko • Sept. 18, 2024