Protecting the cloud: combating credential abuse and misconfigurations

To defend against two of today’s biggest cloud security threats, organizations must adapt and develop proactive strategies, Google Cloud’s Brian Roddy writes. 

CISA, German cyber authorities warn Zyxel firewalls facing active exploitation

Attackers have targeted dozens of companies with Helldown ransomware, researchers found.

Ascension reduces operating loss as it rebounds from cyberattack

A sweeping cyberattack this spring took the provider’s electronic health record offline for weeks and led to significant losses.

UK cyber chief warns country is at an inflection point as digital threats rise

In his first major speech, NCSC CEO Richard Horne said state linked and criminal threat groups are working to undermine the nation’s reliance on technology. 

ENGlobal IT systems impacted by ransomware attack

The attack marks at least the third disruptive cyberattack impacting energy sector providers based in Texas since August.

Blue Yonder moves closer to full recovery after November ransomware attack

U.K. supermarket chain Morrisons says its operations are mostly restored, while Blue Yonder is working with other customers to recover operations.

Note from the Editor-in-Chief

A change in ownership and what it means for our readers.

When password rules change, who benefits?

As the National Institute of Standards and Technology rolls out updated password guidance, some experts want to make passwords a thing of the past.

CrowdStrike avoids customer exodus after triggering global IT outage

The cybersecurity vendor reported $33.9 million in expenses related to the July 19 incident, which caused the company to swing to a loss.

FBI, CISA warn of heightened risk of BEC attacks during holiday season

Authorities encouraged prompt reporting, which can help recover stolen payments.

SEC reports drop in enforcement actions for 2024 FY

The securities regulator also reported a record $8.2 billion in monetary remedies for its last fiscal year, driven by Terraform Labs crypto fraud settlement.

As holiday season begins, US braces for looming risk of cyberattacks

Security teams are on the alert for nation-state threats and ransomware as millions of workers break for a holiday.

Starbucks confirms Blue Yonder attack impacted employee scheduling platform

The company is reverting to manual operations to make sure workers are paid on time, a spokesperson said. 

New York fines Geico, Travelers $11.3M for pandemic-era breaches

The auto insurance companies were penalized for a series of attacks that exposed the personal data of 120,000 people in late 2020 and early 2021.

Ransomware hits supply chain software firm Blue Yonder ahead of Thanksgiving

The attack against Blue Yonder led to issues for Morrisons, a U.K.-based grocery chain, in its warehouse management system for fresh food and produce.

Gambling tech vendor’s IT systems impacted by cyberattack

International Game Technology, which makes slot machines and other gambling technology, said it took systems offline following a Nov. 17 cyberattack.

Palo Alto Networks pushes back as Shadowserver spots 2K of its firewalls exploited

The security vendor maintains only a limited number of customers’ firewalls have been exploited by a zero-day it patched earlier this week.

Corporate security teams want specialty cyber roles as regulatory pressure grows

A report from IANS and Artico Search shows businesses are looking to bring on chiefs of staff, business CISOs and privacy officers as federal and state regulators push for greater compliance.

Healthcare providers will need to boost cyber defenses amid AI adoption: Moody’s

AI could ease labor shortages, but health systems will need to increase cybersecurity spending to manage heightened risks, according to the credit ratings agency.

Microsoft unveils resiliency, security enhancements following July global IT outage

The updates are part of a larger effort at the company to overhaul its internal security culture.

Palo Alto Networks boasts as customers coalesce on its platforms

The cybersecurity vendor said it ended its fiscal Q1 with 1,100 platformization deals and remains on pace to reach at least 2,500 such deals within five years.

Attackers wield password-spray attacks to zero-in on targets, research finds

The highly effective brute-force attack method requires little effort, Trellix said. Organizations with weak password policies or no MFA are especially at risk.

HHS facing challenges as lead agency for healthcare cybersecurity: GAO

The department hasn’t implemented some policies recommended by the watchdog, which could pose a risk to cybersecurity in the sector as attacks increase, according to the Government Accountability Office.

Security awareness and training is a method, not an outcome

In 2024, the idea of human risk management shifted from concept to reality as frustrated CISOs looked for solutions beyond security awareness and training to make real change. 

Palo Alto Networks customers grapple with another actively exploited zero-day

The security vendor warned of an unconfirmed vulnerability in PAN-OS earlier this month. A CVE entry and patch came 10 days later.