Valid accounts remain top access point for critical infrastructure attacks, officials say

CISA attributed 2 in 5 successful intrusions to valid account abuse last year, but that is down from 2022.

By Matt Kapko • Sept. 17, 2024

Hackers exploit CVE in older versions of Ivanti Cloud Service Appliance

Version 4.6 has reached end of life and the company is urging customers to upgrade to version 5.0 to receive support.

By David Jones • Sept. 16, 2024

Explore the Trendline➔

Top 5 stories from Cybersecurity Dive

A wave of rules, regulations and federal action is putting pressure on businesses to shore up security amid a backdrop of emboldened threat actors has a nice ring to it.

By Cybersecurity Dive staff

Port of Seattle officials pin attack, data theft to Rhysida ransomware group

The port restored most of the systems impacted by the ransomware attack as officials warn their refusal to pay extortion demand could result in data leaks.

By Matt Kapko • Sept. 16, 2024

Fortinet customer data stolen from third-party file-sharing service

The breach marks yet another attack originating in a file-sharing or -transfer service, a common and highly damaging attack vector for opportunistic cybercriminals.

By Matt Kapko • Sept. 13, 2024

SonicWall firewall CVE exploits linked to ransomware attacks

Active exploits aimed at firewalls mark yet another string of attacks targeting devices with high-value initial access, researchers said.

By Matt Kapko • Sept. 10, 2024

MOVEit victims are still coming forward. This time it’s Wisconsin Medicare.

The delayed notifications underscore the difficulty organizations confront in discovering breaches and attributing compromises to a root cause or source.

By Matt Kapko • Sept. 9, 2024

Feds warn of broad Russia-linked CVE exploits targeting critical infrastructure

Attackers operating under the direction of Russia’s military intelligence service are targeting governments, finance, transportation, energy and healthcare.

By Matt Kapko • Sept. 6, 2024

Microchip Technology says its data was stolen amid alleged leaks online

The chipmaker said an unidentified attacker stole employee contact information and some encrypted and hashed passwords.

By Matt Kapko • Sept. 5, 2024

Prolific RansomHub engaged in attack spree, feds warn

The group has been among the most active threat groups of 2024, and is linked to a tool that can neutralize endpoint security.

By David Jones • Sept. 4, 2024

Halliburton confirms data stolen in August cyberattack

The company continues to incur expenses related to the attack, but does not expect a material impact. 

By David Jones • Sept. 3, 2024

Schools, colleges faced record-breaking year of ransomware attacks in 2023

There were 121 incidents found last year alone, according to an analysis by Comparitech, but researchers noted their findings “only scratch the surface.”

By Anna Merod • Sept. 3, 2024

Seattle airport cyberattack outages persist heading into Labor Day travel rush

Airport staff began turning on and testing systems for international and low-volume carriers, which are the most heavily impacted by the outage.

By Matt Kapko • Aug. 30, 2024

McLaren Health Care restores network weeks after ransomware attack

Still, it may take several weeks to input patient information manually collected during the outage into its electronic health record, the Michigan-based health system said. McLaren was also hit by a ransomware attack last year.

By Emily Olsen • Aug. 29, 2024

Volt Typhoon exploiting zero-day in campaign targeting ISPs, MSPs

Researchers from Black Lotus Labs warn the state-linked adversary is exploiting a vulnerability in Versa Director using custom web shells against the telecom sector.

By David Jones • Aug. 28, 2024

Seattle airport confronts 4th day of cyberattack outages

Most flights are departing and arriving as scheduled, but the Port of Seattle’s websites, phone, email and Wi-Fi are down. Manual processes at check-in counters are causing delays.

By Matt Kapko • Aug. 27, 2024

Several Port of Seattle systems down following ‘possible cyberattack’

IT systems at the port and Seattle-Tacoma International Airport remain offline. The port first reported system outages Saturday morning.

By Matt Kapko • Aug. 26, 2024

Halliburton hit by cyberattack, certain systems impacted

Federal officials said energy services have not been affected, however the company is still working on remediation.

By David Jones • Updated Aug. 23, 2024

After a wave of attacks, Snowflake insists security burden rests with customers

The cloud-based data warehouse vendor remains “slightly muted” about the attacks on its customers because it wasn’t breached, CEO Sridhar Ramaswamy said.

By Matt Kapko • Aug. 22, 2024

Microchip Technology operations, order fulfillment disrupted by cyberattack

The Arizona-based chipmaker disclosed the intrusion in a regulatory filing. Manufacturing facilities and certain IT systems are impacted.

By Matt Kapko • Aug. 21, 2024

CISA warns of active exploits hitting popular CI/CD tool Jenkins

Researchers at CloudSEK and Juniper Networks said a ransomware group targeted Brontoo Technology Solutions by exploiting the critical CVE. The attack disrupted banks in India.

By Matt Kapko • Aug. 20, 2024

Manual techniques are fueling ransomware attacks, CrowdStrike says

2024 is on track to be the highest-grossing year for ransomware payments, Chainalysis found, and threat groups are going after the technology sector.

By Matt Kapko • Aug. 16, 2024

M&A activity can amplify ransomware insurance losses, research finds

The financial severity of claims related to ransomware attacks increased more than 400% from 2022 to 2023, the study found.

By Alexei Alexis • Aug. 14, 2024

Attackers target legacy Cisco Smart Install features

Thousands of Cisco Smart Install IPs remain exposed to the internet as CISA warns that organizations are still employing weak passwords.

By David Jones • Aug. 12, 2024

LoanDepot reports net loss as cyber-related settlement hit Q2 financial results

The company disclosed $27 million in charges primarily related to a settlement deal in connection with a class action lawsuit.

By David Jones • Aug. 9, 2024

Henry Schein’s slow recovery from cyber incident hits Q2 results

William Blair analysts said the “lingering impacts from the cyberattack are somewhat surprising.”

By Nick Paul Taylor • Aug. 8, 2024