Persistent cyberthreat groups target US think tanks, CISA says

Advanced persistent threat groups, including Cozy Bear, have a history victimizing research and policy institutes. 

By Samantha Schwartz • Dec. 2, 2020

Supreme Court decision on computer fraud law hinges on one word — 'so'

The U.S. Supreme Court held the Computer Fraud and Abuse Act does not cover incidents which individuals with authorized access to a computer system abuse access privileges.

By Samantha Schwartz • Updated June 3, 2021

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

A cyber stakeholder's guide to Van Buren vs. US

The Supreme Court could determine what constitutes the limits of authorized computer access under the Computer Fraud and Abuse Act. Should this issue be left for Congress?

By Samantha Schwartz • Nov. 30, 2020

Sharp rise in IT spending as cyberthreats evolve, Crowdstrike finds

Companies had to evolve as legacy security systems, including firewalls and antivirus software, fell short during the pandemic. 

By David Jones • Nov. 25, 2020

Black Friday threat to watch: Inevitable employee online shopping

This year, security organizations had just over eight months to adapt to security challenges of remote work and risky behaviors.

By Samantha Schwartz • Nov. 25, 2020

Carnegie researchers seek urgent action to combat financial cyberthreats

Fintech business development and digital transformation in banking is creating opportunities for malicious actors to attack vulnerable systems.

By David Jones • Nov. 20, 2020

Why does industry say there are air gaps between IT and OT?

Not only is OT connected to the internet now, cyberattacks can trickle through IT environments.

By Samantha Schwartz • Nov. 16, 2020

Ransomware latches onto fake ads for Microsoft Teams updates

When a victim clicked on a corrupt link, a PowerShell script was executed via a payloader. To disguise the malicious activity, a "legitimate copy" of Microsoft Teams was also installed.

By Samantha Schwartz • Nov. 12, 2020

How companies are meeting the challenge of a changing cyberthreat landscape

Security teams don't have as much access to remote work devices, which obscures network visibility. Cybercriminals capitalized on the opportunity.

By Sue Poremba • Nov. 11, 2020

US election cybersecurity ushers in public, private sector coordination next steps

A quiet Election Day highlights what's possible in cybersecurity deterrence, Sen. Angus King said. 

By Samantha Schwartz • Nov. 9, 2020

Ryuk is challenging traditional 'find a flaw, fix a flaw' strategy

There is no universal solution for ransomware prevention, and even simulated phishing campaigns for employee awareness and deterrence fall short.

By Samantha Schwartz • Nov. 4, 2020

Most organizations don't have an election cyber war room. They don't need one

The latest technological developments are almost irrelevant if security is absent from company culture. It's a matter of reminding organizations of their security hygiene.

By Samantha Schwartz • Nov. 3, 2020

Parked domains are simple but effective distributors of phishing, malware

At least 60,000 parked domains transitioned to "malicious" since March, Palo Alto Networks' Unit 42 found. 

By Samantha Schwartz • Nov. 2, 2020

Maze operators to close shop, report says

It's unknown if the operators will release decryption keys like other retired ransomware, reports Bleeping Computer.

By Samantha Schwartz • Oct. 30, 2020

5 cybersecurity and threat trends CISOs must watch

Attacks are all but guaranteed, threats are evolving and a digital realm is targeting the physical. What's keeping CISOs up at night? Everything. 

By Naomi Eide • Oct. 26, 2020

Transit agencies 'ill prepared' for cyberattack: survey

Only 60% of agencies have a cybersecurity plan in place and 43% say their plan is insufficient, according to the Mineta Transportation Institute.

By Chris Teale • Oct. 13, 2020

'Rogue' employees caused Shopify's data breach. What makes an insider a threat?

Coinciding crises are contributing to "a perfect storm for malicious insiders," Forrester's Joseph Blankenship says.

By Samantha Schwartz • Sept. 24, 2020

Passwords for everything. Why are they still terrible?

Passwords are the cockroaches of cybersecurity, yet the methods for managing them don't have to live forever.

By Samantha Schwartz • July 24, 2020

Everyone is struggling with cloud security

WIth rising complexity, 96% of organizations are concerned about their cloud security, a Sophos report found. Misconfigurations are at the heart of the trouble.

By Samantha Schwartz • July 10, 2020

4 myths cybersecurity experts want busted

No, malware cannot spread from devices sitting next to each other.

By Samantha Schwartz • May 19, 2020