LoanDepot reports net loss as cyber-related settlement hit Q2 financial results

The company disclosed $27 million in charges primarily related to a settlement deal in connection with a class action lawsuit.

By David Jones • Aug. 9, 2024

Henry Schein’s slow recovery from cyber incident hits Q2 results

William Blair analysts said the “lingering impacts from the cyberattack are somewhat surprising.”

By Nick Paul Taylor • Aug. 8, 2024

Explore the Trendline➔

Top 5 stories from Cybersecurity Dive

A wave of rules, regulations and federal action is putting pressure on businesses to shore up security amid a backdrop of emboldened threat actors has a nice ring to it.

By Cybersecurity Dive staff

CrowdStrike snafu was a ‘dress rehearsal’ for critical infrastructure disruptions, CISA director says

Despite the disruption, Jen Easterly said the outage was a "useful exercise" to determine the resiliency of critical infrastructure organizations.

By Matt Kapko • Aug. 8, 2024

Are cybersecurity professionals OK?

Absorbing the impacts of cyberattacks takes a personal toll on defenders. Separating the evil they see from all that’s good in the world doesn’t always come easy.

By Matt Kapko • Aug. 7, 2024

Ransomware swells despite collective push to curb attacks

Rapid7 researchers observed more than 2,570 ransomware attacks in the first half of 2024. That’s the equivalent of 14 publicly claimed attacks per day, on average.

By Matt Kapko • Aug. 6, 2024

Inside the NOC used to defend this year’s Black Hat

With the power of security operations automation, we are freed up from the more mundane tasks and can examine more complex threat patterns to protect the conference.

By James Holland, Senior Solutions Architect, Palo Alto Networks • Aug. 5, 2024

Microsoft confirms Azure, 365 outage linked to DDoS attack

The company said its own response to the outage may have made the impact worse.

By David Jones • July 31, 2024

Some companies pay ransomware attackers multiple times, survey finds

Even after paying a ransom, more than a third of companies either did not receive the decryption keys or were given corrupted keys, Semperis found.

By Justin Bachman • July 31, 2024

Water systems under siege: How CISOs can protect critical infrastructure from cyberthreats

As regulatory oversight evolves, most CISOs are focused on modernizing and improving OT cybersecurity.

July 29, 2024

Healthcare is an ‘easy victim’ for ransomware attacks. How hospitals can mitigate the damage.

Limited resources in a highly connected ecosystem can make hospitals vulnerable, but planning ahead and implementing key protections could help thwart attacks.

By Emily Olsen • July 19, 2024

Majority of SEC civil fraud case against SolarWinds dismissed, but core remains

The court ruling related to claims leading up to and immediately following the 2020 Sunburst supply chain hack.

By David Jones • Updated July 18, 2024

UnitedHealth’s cyberattack response costs to surpass $2.3B this year

The healthcare giant’s new estimate is roughly $1 billion higher than previous forecasts as the cyberattack on subsidiary Change Healthcare continues to hamper its profit outlook.

By Rebecca Pifer • July 17, 2024

Weak credentials behind nearly half of all cloud-based attacks, research finds

Credential mismanagement was the top initial access vector for cloud environment attacks during the first half of 2024, a Google Cloud report found.

By Matt Kapko • July 17, 2024

Ransomware leak site posts jumped 20% in Q2

Threat groups claimed attacks on 1,237 organizations during the quarter, marking an increase from Q1. U.S.-based businesses accounted for more than half of all victims, Reliaquest found.

By Matt Kapko • July 16, 2024

AutoNation warns CDK cyberattack will dent quarterly earnings

The major North American car dealership estimates the attack will lead to a $1.50 per-share earnings impact.

By David Jones • July 15, 2024

Snowflake-linked attack on Advance Auto Parts exposes 2.3 million people

One of the few customers to publicly link Snowflake to a third-party intrusion said its database was breached for 40 days. 

By Matt Kapko • July 15, 2024

Massive Snowflake-linked attack exposes data on nearly 110M AT&T customers

Attackers breached AT&T’s Snowflake environment for 11 days in April, and stole customers’ call and text message records spanning a six-month period from 2022.

By Matt Kapko • July 12, 2024

MOVEit legal liabilities, expenses pile up for Progress Software

The prospective financial hit from a widely exploited vulnerability in the file-transfer service is growing. Progress confronts lawsuits, regulator scrutiny and government investigations.

By Matt Kapko • July 10, 2024

Snowflake allows admins to enforce MFA as breach investigations conclude

Three months after an attacker targeted more than 100 customer environments, Snowflake is making it easier for existing customers to enforce MFA, but it isn’t requiring it.

By Matt Kapko • July 9, 2024

Sonic Automotive’s sales dip as CDK cyberattack causes material impact

The company reported ongoing service disruptions and said vehicle sales declined after an attack on a third-party vendor.

By Matt Kapko • July 8, 2024

HubSpot reports nearly 50 customer accounts compromised

The customer relationship management vendor said it notified all impacted customers, but it has not publicly disclosed how attackers gained unauthorized access.

By Matt Kapko • July 3, 2024

CDK eyes service restoration for all car dealers by Fourth of July

The software vendor is critical to the automotive retail supply chain. A systemwide outage following a cyberattack has impacted more than 15,000 car dealers since June 19.

By Matt Kapko • July 1, 2024

TeamViewer’s IT network breached through compromised employee credentials

The remote access software provider said the impact of the attack from Midnight Blizzard was limited to its internal network and customer environments were not affected.

By David Jones • July 1, 2024

CDK restores service for small group of car dealers

The software vendor said it will restore critical services in phases, but warned some integrations with third-party vendors might be delayed.

By Matt Kapko • June 27, 2024

CISA warns chemical facilities of potential data theft

The attack targeting the Chemical Facility Anti-Terrorism Standards program was linked to widely exploited vulnerabilities in Ivanti remote access VPNs.

By Matt Kapko • June 25, 2024