M&A activity can amplify ransomware insurance losses, research finds

The financial severity of claims related to ransomware attacks increased more than 400% from 2022 to 2023, the study found.

By Alexei Alexis • Aug. 14, 2024

CrowdStrike snafu was a ‘dress rehearsal’ for critical infrastructure disruptions, CISA director says

Despite the disruption, Jen Easterly said the outage was a "useful exercise" to determine the resiliency of critical infrastructure organizations.

By Matt Kapko • Aug. 8, 2024

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

Federal watchdog urges EPA to develop comprehensive cyber strategy to protect water systems

The report comes amid a rise in malicious cyberthreats from state-linked and criminal hackers targeting U.S. drinking water and water treatment facilities.

By David Jones • Aug. 6, 2024

Water systems under siege: How CISOs can protect critical infrastructure from cyberthreats

As regulatory oversight evolves, most CISOs are focused on modernizing and improving OT cybersecurity.

July 29, 2024

Dragos warns of novel malware targeting industrial control systems

FrostyGoop, the ninth ICS-specific malware observed by Dragos, was linked to a January attack on an energy provider in Ukraine.

By David Jones • July 23, 2024

CrowdStrike, Microsoft scramble to contain fallout from global IT outage

Cybersecurity and IT experts said users are having major difficulties in recovery efforts, despite workarounds and guidance the vendors released.

By David Jones • July 22, 2024

76% of SaaS companies use ‘dark patterns,’ analysis finds

With federal regulators and states clamping down on the practice, companies might take a hard look at how they’re presenting information on their websites and in their apps.

By Robert Freedman • July 11, 2024

Risk escalates as communication channels proliferate

The chance of losing data to a breach rises in tandem with the number of channels — like email and file sharing — that an organization uses.

By Robert Freedman • July 10, 2024

Microsoft warns of elevated risk in Rockwell Automation PanelView Plus CVEs

Microsoft researchers warn the vulnerabilities can be exploited, potentially resulting in remote code execution and denial of service.

By David Jones • July 3, 2024

Cisco Nexus devices zero day raises alarms despite CVSS score

Though the NX-OS CVE only has a 6.0 score, a suspected espionage actor is deploying custom malware to exploit a command injection vulnerability in a range of switching devices.

By David Jones • July 2, 2024

Cybersecurity is now a top concern for auto industry, report finds

Automotive leaders fear exposure to threats will worsen as the sector invests more in technology to drive efficiencies, Rockwell Automation found.

By Kalena Thomhave • July 2, 2024

Microsoft alerts additional customers of state-linked threat group attacks

The company told customers the Midnight Blizzard attacks disclosed in January were more widespread than previously known.

By David Jones • June 28, 2024

Is the cybersecurity industry ready for AI?

As cybersecurity teams focus on how to thwart threat actors, they are missing the risks around the data they are sharing willingly.

By Sue Poremba • June 24, 2024

IT pros worry over the data that fuels AI

More than 2 in 5 technologists have already had a negative AI experience, according to a SolarWinds survey.

By Matt Ashare • June 20, 2024

MFA plays a rising role in major attacks, research finds

Poor configurations and deliberate MFA bypasses were at the center of numerous attacks in recent months, Cisco Talos found.

By David Jones • June 18, 2024

Cyberattacks pose mounting risks to creditworthiness: Moody’s

“As more data becomes available — thanks to recently adopted disclosure requirements — attacks continue to proliferate,” a Moody’s executive said.

By Jim Tyson • June 6, 2024

Cyber risk is rising for poorly configured OT devices

Since late last year, researchers have identified more politically motivated groups targeting water and other key critical infrastructure systems.

By David Jones • June 3, 2024

Check Point Software customers targeted by hackers using old, local VPN accounts

The incidents mark the latest attempts to compromise organizations by exploiting vulnerable edge devices used for remote access.

By David Jones • May 28, 2024

Cyber officials, incident response teams brace for Memorial Day weekend

The holiday weekend has emerged as a prime opportunity for ransomware attacks as security operations teams scale down for the summer. 

By David Jones • May 24, 2024

Popular LLMs are insecure, UK AI Safety Institute warns

AI models released by “major labs” are highly vulnerable to even basic attempts to circumvent safeguards, the researchers found.

By Lindsey Wilkinson • May 23, 2024

EPA to ramp up enforcement as most water utilities lack cyber safeguards

The agency may consider taking civil and criminal penalties against utilities following months of attacks against drinking and wastewater treatment facilities.

By David Jones • May 21, 2024

Open source threat intel platform launched weeks after malicious backdoor targeted XZ Utils

OSSF developed warning system to protect open source maintainers, developers from social engineering, active exploits.

By David Jones • May 20, 2024

Microsoft warns of hacker misusing Quick Assist in Black Basta ransomware attacks

Threat researchers say a financially-motivated attacker has deployed the tool in social-engineering attacks since April.

By David Jones • May 17, 2024

AI raises CIO cyber anxieties

Using third-party generative AI products without the proper controls exposes existing security gaps, McKinsey and Co. Partner Jan Shelly Brown said Tuesday at the MIT Sloan CIO Symposium.

By Matt Ashare • May 17, 2024

National Cyber Director echoes past warnings: Nation-state cyber threats are mounting

State-linked actors with ties to China and Russia are growing more sophisticated in their efforts to disrupt critical infrastructure, Harry Coker Jr. said during a CyberUK conference keynote.

By David Jones • May 15, 2024