Threat hunters minimize Russia's cyber prowess

U.S. organizations have a lot to learn from Ukrainian cyber defenders’ sophisticated resiliency during hostile conditions.

By Matt Kapko • June 9, 2022

Food supplier cyber risk spreads 1 year after JBS attack

Ransomware attacks target common vulnerabilities like legacy OT systems and equipment that lacks modern security tools.

By Matt Kapko • June 2, 2022

Conti ransomware gang grows brash and flames out. What's next?

The group's reported demise is likely a diversion. Members of the group still pose a significant ransom and data extortion threat to enterprises.

By Matt Kapko • May 31, 2022

Google Cloud positions itself as a 'standalone security brand'

The platform reinforced its bid to become an all-inclusive security provider with forthcoming services for open source software and zero-trust architecture.

By Matt Kapko • May 24, 2022

How the Colonial Pipeline attack instilled urgency in cybersecurity

The federal government and private sector are still coming to terms with how to protect operational technology in an increasingly volatile threat environment.

By David Jones • May 17, 2022

US, allies blame Russia for Viasat cyberattack

The Five Eyes and other EU authorities linked Russia to a series of web defacement, DDoS and destructive wiper attacks in the weeks leading up to the Ukraine invasion.

By David Jones • May 11, 2022

Colonial Pipeline faces nearly $1M in penalties as federal regulator discloses violations

The Transportation Department’s pipeline safety regulator scrutinized control room management, which may have contributed to the fuel disruptions from the 2021 ransomware attack.

By David Jones • May 6, 2022

Merchants prioritize fraud prevention as fraud costs, impact to businesses rise

Merchants are grappling with which tools to use, which are most effective and how to balance rising fraud attacks on a limited budget without hampering CX.   

April 25, 2022

Microsoft blocks Russian cyberattacks linked to Ukraine war

Strontium, a GRU-linked threat actor, targeted Ukraine media, foreign policy think tanks and government agencies in the U.S. and Europe.

By David Jones • April 8, 2022

Okta denies security incident as Lapsus$ group goes on a spree

The identity and access management firm believes screenshots connected with the breach are related to a January security incident that was contained.

By Naomi Eide • March 22, 2022

Protecting against software supply chain attacks

It's so important to protect the supply chain and ensure the companies you're working with are as committed to that protection as you are.  

March 21, 2022

Kronos ransomware attack raises questions of vendor liability

A cyberattack with supply chain and legal consequences has stakeholders considering contract minutiae.

By Lance Whitney • March 14, 2022

Sinclair losses mount as ransomware costs exceed insurance policy

The group overhauled its internal security policies and named a board-level subcommittee as part of its ongoing attack recovery.

By David Jones • March 7, 2022

IT and tech firms hit hard by cyberattacks

  Lack of cybersecurity awareness among employees, especially regarding password security, also contributes to organizations' inability to comprehensively secure their networks.  

March 7, 2022

Cyber risk to US utilities seen as limited as Biden sets red line

Critical infrastructure is on high alert, but — at least for now — the conflict in Europe could signal a lull in utility ransomware attacks.

By Robert Walton • March 4, 2022

Ukraine war tests cyber insurance exclusions

Enterprise customers should expect higher premiums and more restrictive underwriting criteria, though a recent court victory may force insurers to honor wartime claims.

By David Jones • March 3, 2022

New wiper, worm attacks emerge in Ukraine targeting government and industry

CISA shared indicators of compromise Thursday, months after the malware strains emerged. 

By David Jones • Updated April 29, 2022

Cyberattack on Nvidia results in data leak, credential theft

The incident took place as Russia's war in Ukraine unfolds against a backdrop of U.S. warnings to protect critical industries.

By Naomi Eide , David Jones • Updated March 1, 2022

Botnets, data wiping malware spread as Ukraine incursion begins

A new variant of Cyclops Blink is now targeting Asus routers. 

By David Jones • Updated March 18, 2022

US links Russia to Ukraine DDoS attacks

Administration officials said there are no specific or credible cyberthreats to the U.S., but private sector organizations should report unusual activity. 

By Naomi Eide , David Jones • Feb. 18, 2022

With K-12 cyberattacks expected to worsen in 2022, what can districts do?

Collaboration with local, federal and ed tech leaders to find solutions may help address K-12's growing vulnerabilities to cyberattacks.

By Anna Merod • Jan. 26, 2022

Google Drive, OneDrive top cloud apps for malware delivery: report

Netskope's findings are based on blocked malware, so the hacker's attempts to get a user to open a malicious download were initially successful. 

By Samantha Schwartz • Jan. 12, 2022

Phishing lures await in Google Docs comments

Email addresses are hidden when someone mentions a user in a comment, so the human instinct to question the legitimacy of the notification decreases. 

By Samantha Schwartz • Jan. 10, 2022

C-suite leaders are confident in ransomware protections, despite more attacks

While it's important for non-IT and security leaders to have buy-in, CISOs have the responsibility to level with their C-suite counterparts on the true threat of ransomware, (ISC)² research shows.

By Samantha Schwartz • Jan. 5, 2022

One year later: Has SolarWinds changed how industry builds software?

The SolarWinds hack caused government and industry leaders to rethink how software is made and secured, giving rise to close scrutiny of the software supply chain.

By Samantha Schwartz • Dec. 14, 2021