Threats
-
gorodenkoff via Getty Images
Open source threat intel platform launched weeks after malicious backdoor targeted XZ Utils
OSSF developed warning system to protect open source maintainers, developers from social engineering, active exploits.
By David Jones • May 20, 2024 -
gorodenkoff via Getty Images
Microsoft warns of hacker misusing Quick Assist in Black Basta ransomware attacks
Threat researchers say a financially-motivated attacker has deployed the tool in social-engineering attacks since April.
By David Jones • May 17, 2024 -
Explore the Trendline➔
ar-chi via Getty Images
TrendlineRisk Management
Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues.
By Cybersecurity Dive staff -
Matt Ashare/Cybersecurity Dive
AI raises CIO cyber anxieties
Using third-party generative AI products without the proper controls exposes existing security gaps, McKinsey and Co. Partner Jan Shelly Brown said Tuesday at the MIT Sloan CIO Symposium.
By Matt Ashare • May 17, 2024 -
Permission granted by Matthew Horwood
National Cyber Director echoes past warnings: Nation-state cyber threats are mounting
State-linked actors with ties to China and Russia are growing more sophisticated in their efforts to disrupt critical infrastructure, Harry Coker Jr. said during a CyberUK conference keynote.
By David Jones • May 15, 2024 -
jariyawat thinsandee via Getty Images
Only one-third of firms deploy safeguards against generative AI threats, report finds
Generative AI gives attackers an edge over cyber defenders, according to a Splunk survey of security experts.
By Jim Tyson • May 13, 2024 -
dem10 via Getty Images
Generative AI is a looming cybersecurity threat
Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention.
By Jen A. Miller , Naomi Eide • May 8, 2024 -
Permission granted by Information Technology Industry Council
The US really wants to improve critical infrastructure cyber resilience
A report from the Office of the National Cyber Director highlights persistent threats targeting healthcare and water, echoing warnings from cyber officials earlier this year.
By David Jones • May 8, 2024 -
Cinefootage Visuals via Getty Images
Hacktivists exploiting poor cyber hygiene at critical infrastructure providers
CISA, the FBI and international partner agencies want water, energy, agriculture and other sectors to immediately reset passwords and apply multifactor authentication.
By David Jones • May 1, 2024 -
DKosig via Getty Images
Cactus ransomware targets a handful of Qlik Sense CVEs
Security researchers warn the threat group is ramping up exploitation of previously disclosed flaws in the cloud platform.
By David Jones • April 29, 2024 -
Permission granted by Fortinet
Sponsored by FortinetThe top 3 ways AI power supports a dynamic business
It’s time to welcome a new era of dynamic digital defense. Artificial intelligence (AI) is revolutionizing network security with autonomous learning, holistic collaboration and rapid response capabilities.
April 29, 2024 -
Simonkr via Getty Images
Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg
State-linked actors are using a custom tool for post exploitation activity of a vulnerability in Windows Print Spooler, which could result in credential theft and backdoor installs.
By David Jones • April 24, 2024 -
stefanovsky via Getty Images
Enterprises are getting better at detecting security incidents
Google Cloud’s Mandiant saw significant improvements in how organizations track down threats, yet hackers are still abusing common threat vectors.
By David Jones • April 23, 2024 -
Motortion via Getty Images
NSA sounds alarm on AI’s cybersecurity risks
Attack vectors unique to AI may attract malicious actors on the hunt for sensitive data or intellectual property, the NSA warned.
By Alexei Alexis • April 19, 2024 -
BrianAJackson via Getty Images
Fears rise of social engineering campaign as open source community spots another threat
Federal officials are said to be investigating potential links between the recent XZ Utils campaign and new threat activity against JavaScript project maintainers.
By David Jones • April 16, 2024 -
gorodenkoff via Getty Images
CISA to big tech: After XZ Utils, open source needs your support
The attempted malicious backdoor may have been part of a wider campaign using social engineering techniques, the open source community warned.
By David Jones • April 15, 2024 -
3000ad via Getty Images
Federal agencies caught sharing credentials with Microsoft over email
U.S. government agencies are in jeopardy of Russia-linked cyberattacks, and although CISA isn’t aware of any compromised environments, officials warn the risk is exigent.
By Matt Kapko • April 12, 2024 -
Lee Pellegrini, Boston College
FBI director echoes past warnings, as critical infrastructure hacking threat festers
Chris Wray says adversaries from China, Russia and Iran are ramping up cyber, espionage and other threat activity against key sectors, including water, energy and telecommunications.
By David Jones • April 11, 2024 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA assessing threat to federal agencies from Microsoft adversary Midnight Blizzard
Microsoft previously warned that the Russia-linked threat group was expanding malicious activity following the hack of senior company executives, which it disclosed in January.
By David Jones • April 5, 2024 -
Wirestock via Getty Images
Motivations behind XZ Utils backdoor may extend beyond rogue maintainer
Security researchers are raising questions about whether the actor behind an attempted supply chain attack was engaged in a random, solo endeavor.
By David Jones • April 2, 2024 -
Courtesy of Billington CyberSecurity Summit
Water woes: A federal push for cyber mitigation is highlighting the sector’s fault lines
The water utility industry says they recognize the heightened threat environment, but the current federal push fails to account for their resource constraints.
By David Jones • March 28, 2024 -
Leon Neal via Getty Images
Security concerns creep into generative AI adoption
As the AI ecosystem grows and more tools connect to internal data, threat actors have a wider field to introduce vulnerabilities.
By Lindsey Wilkinson • March 27, 2024 -
Philip Steury via Getty Images
Phishing remains top route to initial access
Tricking individuals to reveal sensitive information turns human behavior and trust into a weapon.
By Matt Kapko • March 26, 2024 -
Retrieved from Jen Easterly/CISA.
Novel variant of wiper linked to Viasat attack during Ukraine war raises new fears
Researchers at SentinelLabs warn the new variant, called AcidPour, could place IoT, networking devices at risk.
By David Jones • March 22, 2024 -
NicoElNino via Getty Images
Five Eyes implores critical infrastructure execs to take China-linked threats seriously
Officials are pushing tips to help potential victims detect and mitigate Volt Typhoon’s evasive techniques as the was warnings take on urgency.
By Matt Kapko • March 20, 2024 -
onurdongel via Getty Images
Threat actors are turning to novel malware as malicious attacks rise
BlackBerry identified 5,300 unique malware samples targeting its customers per day from September through December.
By David Jones • March 14, 2024
