Only one-third of firms deploy safeguards against generative AI threats, report finds

Generative AI gives attackers an edge over cyber defenders, according to a Splunk survey of security experts.

By Jim Tyson • May 13, 2024

Generative AI is a looming cybersecurity threat

Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention. 

By Jen A. Miller , Naomi Eide • May 8, 2024

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

The US really wants to improve critical infrastructure cyber resilience

A report from the Office of the National Cyber Director highlights persistent threats targeting healthcare and water, echoing warnings from cyber officials earlier this year. 

By David Jones • May 8, 2024

Hacktivists exploiting poor cyber hygiene at critical infrastructure providers

CISA, the FBI and international partner agencies want water, energy, agriculture and other sectors to immediately reset passwords and apply multifactor authentication.

By David Jones • May 1, 2024

Cactus ransomware targets a handful of Qlik Sense CVEs

Security researchers warn the threat group is ramping up exploitation of previously disclosed flaws in the cloud platform.

By David Jones • April 29, 2024

The top 3 ways AI power supports a dynamic business

It’s time to welcome a new era of dynamic digital defense. Artificial intelligence (AI) is revolutionizing network security with autonomous learning, holistic collaboration and rapid response capabilities.

April 29, 2024

Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg

State-linked actors are using a custom tool for post exploitation activity of a vulnerability in Windows Print Spooler, which could result in credential theft and backdoor installs.

By David Jones • April 24, 2024

Enterprises are getting better at detecting security incidents

Google Cloud’s Mandiant saw significant improvements in how organizations track down threats, yet hackers are still abusing common threat vectors.

By David Jones • April 23, 2024

NSA sounds alarm on AI’s cybersecurity risks

Attack vectors unique to AI may attract malicious actors on the hunt for sensitive data or intellectual property, the NSA warned.

By Alexei Alexis • April 19, 2024

Fears rise of social engineering campaign as open source community spots another threat

Federal officials are said to be investigating potential links between the recent XZ Utils campaign and new threat activity against JavaScript project maintainers.

By David Jones • April 16, 2024

CISA to big tech: After XZ Utils, open source needs your support

The attempted malicious backdoor may have been part of a wider campaign using social engineering techniques, the open source community warned.

By David Jones • April 15, 2024

Federal agencies caught sharing credentials with Microsoft over email

U.S. government agencies are in jeopardy of Russia-linked cyberattacks, and although CISA isn’t aware of any compromised environments, officials warn the risk is exigent.

By Matt Kapko • April 12, 2024

FBI director echoes past warnings, as critical infrastructure hacking threat festers

Chris Wray says adversaries from China, Russia and Iran are ramping up cyber, espionage and other threat activity against key sectors, including water, energy and telecommunications.

By David Jones • April 11, 2024

CISA assessing threat to federal agencies from Microsoft adversary Midnight Blizzard

Microsoft previously warned that the Russia-linked threat group was expanding malicious activity following the hack of senior company executives, which it disclosed in January.

By David Jones • April 5, 2024

Motivations behind XZ Utils backdoor may extend beyond rogue maintainer

Security researchers are raising questions about whether the actor behind an attempted supply chain attack was engaged in a random, solo endeavor.

By David Jones • April 2, 2024

Water woes: A federal push for cyber mitigation is highlighting the sector’s fault lines

The water utility industry says they recognize the heightened threat environment, but the current federal push fails to account for their resource constraints.

By David Jones • March 28, 2024

Security concerns creep into generative AI adoption

As the AI ecosystem grows and more tools connect to internal data, threat actors have a wider field to introduce vulnerabilities.

By Lindsey Wilkinson • March 27, 2024

Phishing remains top route to initial access

Tricking individuals to reveal sensitive information turns human behavior and trust into a weapon.

By Matt Kapko • March 26, 2024

Novel variant of wiper linked to Viasat attack during Ukraine war raises new fears

Researchers at SentinelLabs warn the new variant, called AcidPour, could place IoT, networking devices at risk. 

By David Jones • March 22, 2024

Five Eyes implores critical infrastructure execs to take China-linked threats seriously

Officials are pushing tips to help potential victims detect and mitigate Volt Typhoon’s evasive techniques as the was warnings take on urgency.

By Matt Kapko • March 20, 2024

Threat actors are turning to novel malware as malicious attacks rise

BlackBerry identified 5,300 unique malware samples targeting its customers per day from September through December.

By David Jones • March 14, 2024

Ransomware festers as a top security challenge, US intel leaders say

U.S. intelligence leaders warn ransomware activity is growing, despite high profile efforts to seize threat actors’ infrastructure.

By Matt Kapko • March 12, 2024

Financial services sees sharp increase in DDoS attacks as geopolitical tensions rise

The industry became the most-targeted sector in 2023, driven by cyber hacktivist groups and more powerful botnets.

By David Jones • March 7, 2024

Yet another threat actor seen exploiting ConnectWise ScreenConnect

Kroll researchers identified a new malware variant threat actors are deploying against the rapidly exploited security vulnerabilities. 

By David Jones • March 6, 2024

Utility regulators take steps to raise sector’s cybersecurity ‘baselines’

The voluntary cyber recommendations are intended to serve as a resource for state public utility commissions, utilities and distribution operators and aggregators.

By Robert Walton • Feb. 29, 2024