Kaseya postpones service restoration, apologizes for attack

Outside engineers warned that Kaseya needs additional layers of protection as pre-existing vulnerabilities are revealed.

By David Jones • July 8, 2021

34% of health organizations hit by ransomware last year, report finds

Of those attacked, 65% said the cybercriminals were successful in encrypting their data, according to the report from cybersecurity company Sophos.

By Rebecca Pifer • June 30, 2021

Gaps in DOD supply chain leave Pentagon vulnerable: report

SMBs in the defense industry remain vulnerable to persistent threats, and research shows a large percentage are missing the security basics, including data storage security.

By David Jones • June 24, 2021

Legacy medical devices, growing hacker threats create perfect storm of cybersecurity risks

Hospitals are using more connected devices, many of which were not built with cybersecurity in mind, leaving healthcare organizations highly vulnerable to attacks.

By Greg Slabodkin • June 23, 2021

Attacks against container supply chains grow more sophisticated

Bad actors are finding novel methods of attacking cloud-native environments, raising new security challenges for developers. 

By David Jones • June 21, 2021

VPN exploitation rose in 2020, organizations slow to patch critical flaws

RDP and VPNs will remain a prime target for cybercriminals as remote and hybrid work continue, Trustwave said.

By Samantha Schwartz • June 18, 2021

Critical infrastructure sites face greater cyberthreat amid remote connectivity

Moody's warns oil, electric and other critical infrastructure providers are increasingly attractive targets for ransomware.

By David Jones • June 18, 2021

CISOs, CIOs see heightened mobile security threat amid shift to hybrid

Mobile devices are difficult to secure because of a combination of untrusted personal apps and data stored on the same device, one security expert said.

By David Jones • June 16, 2021

Patched Microsoft Teams vulnerability shows the delicacy of messaging platforms

A researcher said the patched vulnerability could have granted access to files in OneDrive and the ability to execute business email compromise.

By David Jones • June 15, 2021

APT actors ramp up cyber campaign targeting Pulse Secure VPNs

Mandiant researchers have identified four new malware families in an ongoing campaign targeting several key sectors, including the U.S. defense industry.

By David Jones • May 28, 2021

Compromised cloud costs companies $6.2M annually, study finds

Attackers heavily target Microsoft 365 and Google Workspace accounts using brute force or phishing attacks, according to Ponemon Institute research.

By David Jones • May 27, 2021

Threat actors scan for vulnerabilities faster than enterprises can respond: Palo Alto

Within five minutes of Microsoft's March disclosure of Exchange zero days, cyber adversaries began scanning networks for the flaw, research found. 

By David Jones • May 26, 2021

Off-the-shelf tools, unsophisticated techniques threaten industrial systems

Attacks have targeted internet-exposed OT providers that range from water control systems to solar energy panels, Mandiant research found.

By David Jones • May 25, 2021

AI will change scale and scope of hacking, security expert says

Artificial intelligence could push the boundaries of hacking in ways that increase risk, according to security thought leader Bruce Schneier. But, AI could also boost defenses. 

By David Jones • May 18, 2021

Colonial Pipeline disconnects OT systems to silo ransomware IT threat

Anxiety is rising among corporate security officials concerned about the impact of ransomware among critical infrastructure providers.

By David Jones • May 12, 2021

Critical infrastructure flaws surface after years of underinvestment, inaction

Providers — particularly in the energy sector — knew the warning signs but were slow to respond.

By David Jones • May 11, 2021

Demand for software transparency grows in more vulnerable supply chains

Catching vulnerabilities before the code is packaged into proprietary solutions has industry at a standstill.

By Samantha Schwartz • May 11, 2021

VPN vulnerabilities haunt defense industry as threat actors find new openings

APT actors have exploited longstanding vulnerabilities in Pulse Secure and other devices to gain access to government agencies and the private sector. 

By David Jones • May 10, 2021

3 reasons why you're more vulnerable than you think to fraud

Fraud prevention in the age of multiple digital channels has become a never-ending struggle and maintaining a seamless user experience and security is crucial.

May 10, 2021

Cyberthreats dog the US supply chain, complicated by global competition

As companies acquire components and services, they need mechanisms to ensure backdoors are not lurking in their systems, experts at the Hack the Capitol 2021 conference said.

By David Jones • May 5, 2021

Password managers are a necessary — yet vulnerable — last line of defense

The Passwordstate breach is forcing CISOs and researchers to review vendors and reassess security practices.

By David Jones • May 4, 2021

Work from home means far less security visibility, report says

The number of incidents are surging as companies shift to multicloud environments and struggle to track endpoint and IoT security. 

By David Jones • April 28, 2021

Cyberattack on Passwordstate tests confidence in password managers

The supply chain attack is raising questions about how best to deploy and secure the tools as corporations face heightened threats across the globe.

By David Jones • April 27, 2021

Software bug bests MacOS notarization protocols

The update, which fixes the bug, is available in MacOS version 11.3.

By Samantha Schwartz • April 27, 2021

Attackers leverage Pulse Secure VPNs to target defense, financial industries

Cybersecurity and Infrastructure Security Agency warned federal agencies of "unacceptable risk" in the latest campaign linked to suspected APT actors.

By David Jones • April 22, 2021