In ConnectWise attacks, Play and LockBit ransomware exploits developed quickly

The incidents highlight rapid ongoing exploitation by criminal threat actors as customers are urged to patch.

By David Jones • March 4, 2024

Why Okta is overhauling its priorities, culture around security

CSO David Bradbury acknowledges the company’s brand is tarnished. “We need a track record of zero breaches. That’s what builds trust.”

By Matt Kapko • March 1, 2024

Explore the Trendline➔

Top 5 stories from Cybersecurity Dive

A wave of rules, regulations and federal action is putting pressure on businesses to shore up security amid a backdrop of emboldened threat actors has a nice ring to it.

By Cybersecurity Dive staff

Okta reports ‘minimal’ financial impact following support portal attack

The identity and access management firm is promising to make security a top priority, even though Okta’s CFO said the attack fallout is “not quantifiable.”

By Matt Kapko • Feb. 29, 2024

Okta, with a bruised reputation, rethinks security from the top down

CSO David Bradbury detailed to Cybersecurity Dive what the identity and access management company got wrong and the security pledges it's making to customers.

By Matt Kapko • Feb. 27, 2024

LockBit group revives operations after takedown

The comeback is no surprise to experts — and some think LockBit as a brand is dead — but the reemergence underscores persistent challenges for authorities.

By Matt Kapko • Feb. 26, 2024

MGM Resorts’ cyberattack headache continues as regulators launch investigations

The company said it could face fines in connection with regulatory inquiries stemming from the social engineering attack.

By David Jones • Feb. 26, 2024

ConnectWise ScreenConnect faces new attacks involving LockBit ransomware

A variety of hackers are working to exploit a critical vulnerability in the remote desktop application.

By David Jones • Feb. 23, 2024

Cloud intrusions spiked 75% in 2023, CrowdStrike says

Threat actors are targeting organizations’ inconsistent cloud security systems to intrude networks and maintain persistence.

By Matt Kapko • Feb. 23, 2024

Change Healthcare hit by cyberattack

The UnitedHealth-owned healthcare technology company disconnected its systems after detecting an “outside threat,” according to a status update page.

By Emily Olsen • Feb. 22, 2024

IBM marks monumental shift in valid account attacks

X-Force identified a 71% increase in valid account credential attacks, the most common point of entry last year.

By Matt Kapko • Feb. 21, 2024

Critical infrastructure vendor PSI Software hit by ransomware

The Germany-based company shut down systems after it detected the intrusion, and it remains offline.

By Matt Kapko • Updated Feb. 21, 2024

LockBit operations dismantled following international takedown

An international group of law enforcement partners seized the infrastructure of the prolific ransomware group, obtaining decryption keys along the way. 

By David Jones • Feb. 20, 2024

AlphV claims hit on Canada’s Trans-Northern Pipelines

The pipeline operator confirmed its internal systems, including communications, were impacted by a November cyberattack. However, the pipelines and fuel delivery were never disrupted.

By Matt Kapko • Feb. 14, 2024

Microsoft Azure customers hit by phishing, account takeover attacks

More than 200 organizations have been targeted via employee compromise, Proofpoint said.

By Matt Kapko • Feb. 13, 2024

Attackers hit more networking gear, this time a critical Fortinet CVE

The active exploits of Fortinet appliances come during a heightened period of China state-linked malicious activity targeting networking equipment.

By Matt Kapko • Feb. 12, 2024

Chicago children’s hospital confirms cyberattack, continues to provide care

Lurie Children’s Hospital took its computer systems offline more than a week ago.

By Emily Olsen • Updated Feb. 9, 2024

Ransomware actors hit zero-day exploits hard in 2023

Ransomware payments surpassed $1.1 billion and researchers say attack sprees targeting MOVEit, GoAnywhere, Citrix devices and PaperCut helped fuel the surge.

By Matt Kapko • Feb. 8, 2024

AnyDesk attack response stirs threat analyst criticism and doubts

The company said session hijacking is "extremely unlikely" and credential compromise is a "theoretical risk," but a possibility it cannot rule out.

By Matt Kapko • Feb. 7, 2024

Clorox says it incurred $49M in costs from 2023 cyberattack

The breach caused system disruptions that led to order processing delays and “significant product outages,” negatively impacting net sales and earnings.

By Alexei Alexis • Feb. 7, 2024

Mortgage industry attack spree punctuates common errors

Attacks against Mr. Cooper Group, Fidelity National Financial, First American Financial and loanDepot impacted operations and put customers in a bind.

By Matt Kapko • Feb. 6, 2024

Ivanti VPNs face renewed threat activity after initial patch release and new CVEs

After weeks of mitigation efforts, CISA ordered federal civilian agencies to disconnect the devices.

By David Jones • Feb. 6, 2024

AnyDesk initiates extensive credentials reset following cyberattack

The widely used remote access tool revoked all passwords to its web portal as researchers warn about potential theft of AnyDesk’s code signing certificate.

By Matt Kapko • Feb. 5, 2024

Cloudflare hit by follow-on attack from previous Okta breach

A threat actor that previously intruded Cloudflare’s network through its Okta environment regained access with mistakenly unrotated credentials.

By Matt Kapko • Feb. 2, 2024

Johnson Controls reports $27M hit from ransomware attack

The industrial controls conglomerate said a threat actor stole data and deployed ransomware on its internal IT infrastructure.

By Matt Kapko • Jan. 31, 2024

MOVEit liabilities mount for Progress Software

The company revealed multiple government investigations are underway into the MOVEit vulnerability. It’s also party to more than 100 class-action lawsuits.

By Matt Kapko • Jan. 30, 2024