Federal agencies fall short on cybersecurity, undermining standards

The SolarWinds hack could change how industry coordinates response to future cyberattacks.

By Samantha Schwartz • Dec. 17, 2020

Feds require banks to report cyberattacks within 36 hours

The rule, taking effect May 1, requires bank technology vendors to immediately notify customers if an incident disrupted services four hours or more.

By Dan Ennis • Updated Nov. 19, 2021

FireEye killswitch stops SolarWinds hack

After identifying the supply chain attack against SolarWinds, the security firm partnered with Microsoft and GoDaddy to block malware from further operation.

By David Jones • Dec. 16, 2020

Microsoft to begin blocking binaries linked to SolarWinds cyberattack

Microsoft Defender Antivirus will quarantine the trojan before it can begin processing, though the company said "it may not be simple to remove the product from service."

By Samantha Schwartz • Dec. 16, 2020

SolarWinds Orion vulnerability: What security teams need to know

As SolarWinds and investigators seek answers on the extent of the Orion vulnerability's impact, experts say the attack raises broader questions about readiness.

By David Jones • Dec. 15, 2020

SolarWinds Orion flaw linked to government cyberattacks

The Cybersecurity and Infrastructure Agency called on all federal civilian agencies to review their networks for evidence of compromise and to disconnect or power off SolarWinds Orion products immediately. 

By David Jones • Dec. 14, 2020

Federal agencies warn of heightened cyberthreats against K-12 schools

Cyberattackers are trying to steal data and disrupt remote learning as COVID-19 continues to impact schools, the FBI, CISA and MS-ISAC said. 

By David Jones • Dec. 11, 2020

Vendor ransomware attack disrupts DSW's inventory management

The impact of cyberattacks on retailers and their vendors is even greater during this digital-first period brought on by the coronavirus pandemic.

By Emma Cosgrove • Dec. 10, 2020

COVID-19 vaccine data manipulated after leak, EU drug regulator says

The compromised data included vaccine information from the Pfizer and BioNTech COVID-19 vaccine, the regulator said.

By Samantha Schwartz • Updated Jan. 15, 2021

FireEye cyberattack leaves more questions than answers

If there is a crack in FireEye's defenses, it could allow attacks against companies under its protection, resulting in devastating supply chain attacks, experts say.

By Naomi Eide • Dec. 9, 2020

FireEye attacked by tailored, nation-state cyber effort, firm says

The attacked accessed FireEye's Red Team assessment tools, which the company used to test their customers' security.

By Katie Malone • Dec. 8, 2020

Kmart's reported ransomware attack highlights ongoing threat to retail

Egregor is emerging as growing cyberthreat as the pandemic shifts holiday shopping even further toward e-commerce.

By David Jones • Dec. 4, 2020

Ransom sanctions leave little room for companies desperate to resolve an attack

Victimized organizations are balancing the risk and cost of stalled operations and encrypted data, with federal watchdogs ready to act. Response and recovery is never going to be an easy process.

By Samantha Schwartz • Nov. 20, 2020

After a ransomware attack, choose what data needs recovery first

Shaun Marion, CISO at Republic Services, doesn't treat all his data the same. There's some data he won't care about losing in light of a ransomware attack.

By Samantha Schwartz • Nov. 18, 2020

Biotech Miltenyi, aiding in COVID-19 research, recovering from malware

For two weeks the company dealt with "isolated cases" of malware in its IT infrastructure. Operations are restored and the company does not expect delays in orders.

By Samantha Schwartz • Nov. 18, 2020

Complex cloud deployments amplify ransomware impact, report finds

There's a connection between ransomware payment and the average number of cloud deployments, a survey from Veritas found. The more complex an environment, the more likely organizations are to pay up.

By Samantha Schwartz • Nov. 17, 2020

Facebook ads posted to 'shame' Campari to pay its ransom, report says

Operators behind the Ragnar Locker ransomware strain hacked a business Facebook account to post the ads, reported KrebsOnSecurity. Facebook eventually caught the ads as fraudulent.

By Samantha Schwartz • Nov. 12, 2020

28% of 'extreme' cyber incidents cost more than $100M, report finds

Outside of financial fallout, cyber incidents can damage corporate reputations, increase regulatory oversight and impact executive careers, Cyentia found. 

By Samantha Schwartz • Nov. 10, 2020

Mattel's July ransomware reportedly linked to Trickbot

The company's investigation found no data exfiltration. 

By Samantha Schwartz • Nov. 4, 2020

From stunted operations to stolen data, how much can ransomware cost?

Cyberattacks are a business and business has been good.

By Samantha Schwartz • Oct. 30, 2020

Small players along critical infrastructure at mercy of ransomware

Between data exfiltration and frozen operations, ransomware is compromising the weakest elements of critical infrastructure. 

By Samantha Schwartz • Oct. 30, 2020

5 charts to show the impact of ransomware attacks in 2020

Even if patterns in code and strategy resemble a certain group, it's not always reliable enough to definitively identify an attacker or variant. 

By Samantha Schwartz • Oct. 30, 2020

Ransomware 2020: the scale, scope and impact of attacks on business

In an international health crisis ripe with economic volatility, ransomware attacks have remained persistent. The fallout is growing more costly.

By Samantha Schwartz • Oct. 30, 2020

Maze operators to close shop, report says

It's unknown if the operators will release decryption keys like other retired ransomware, reports Bleeping Computer.

By Samantha Schwartz • Oct. 30, 2020

Ryuk wakes from hibernation; FBI, DHS warn of healthcare attacks

Researchers found that threat group UNC1878 is responsible for one-fifth of Ryuk intrusions. "Herein lies our monster," said Mandiant's Aaron Stephens.

By Samantha Schwartz • Oct. 29, 2020