569 articles by Matt Kapko

• BeyondTrust customers hit by wave of attacks linked to compromised API key

  Dec. 20, 2024

• CISA mobile security advice gets personal in wake of telecom intrusions

  Dec. 19, 2024

• CISA orders federal agencies to meet security baselines in Microsoft 365

  Dec. 18, 2024

• CISA’s pre-ransomware alerts nearly doubled in 2024

  Dec. 17, 2024

• CISA, ONCD propose updated National Cyber Incident Response Plan

  Dec. 16, 2024

• Sen. Wyden wants FCC to tighten security rules on telecom companies

  Dec. 13, 2024

• SEC cyber incident reporting rule generates 71 filings in 11 months

  Dec. 11, 2024

• Snowflake to phase out single-factor authentication by late 2025

  Dec. 10, 2024

• Trump’s pick to run FCC deeply concerned about Salt Typhoon

  Dec. 9, 2024

• FCC proposes stronger telecom cyber rules as Salt Typhoon fallout continues

  Dec. 6, 2024

• T-Mobile undeterred as telecom sector reels from attack campaign

  Dec. 5, 2024

• At least 8 US companies hit in telecom attack spree, officials say

  Dec. 4, 2024

• Feds raise alarm on China-linked infiltration of telecom networks

  Dec. 4, 2024

• ENGlobal IT systems impacted by ransomware attack

  Dec. 3, 2024

• CrowdStrike avoids customer exodus after triggering global IT outage

  Nov. 27, 2024

• New York fines Geico, Travelers $11.3M for pandemic-era breaches

  Nov. 26, 2024

• Gambling tech vendor’s IT systems impacted by cyberattack

  Nov. 25, 2024

• Palo Alto Networks pushes back as Shadowserver spots 2K of its firewalls exploited

  Nov. 22, 2024

• Palo Alto Networks boasts as customers coalesce on its platforms

  Nov. 21, 2024

• Attackers wield password-spray attacks to zero-in on targets, research finds

  Nov. 20, 2024

• Palo Alto Networks customers grapple with another actively exploited zero-day

  Nov. 19, 2024

• AI training vendor iLearningEngines discloses cyberattack in wake of SEC probe

  Nov. 19, 2024

• Splunk accelerates Cisco’s security business as core networking sales decline

  Nov. 18, 2024

• Palo Alto Networks’ customer migration tool hit by trio of CVE exploits

  Nov. 15, 2024

• Feds find ‘broad and significant’ China espionage campaign in US telecom networks

  Nov. 14, 2024

• Zero-days from top security vendors were most exploited CVEs in 2023

  Nov. 13, 2024

• Critical Veeam CVE targeted by new ransomware variant

  Nov. 12, 2024

• Attackers target Palo Alto Networks’ customer migration tool

  Nov. 8, 2024

• Microchip Technology reports $21.4M expense from August cyberattack

  Nov. 7, 2024

• Google Cloud to mandate MFA for all users in 2025

  Nov. 6, 2024

• Cyberattacks hit 1 in 3 SMBs last year

  Nov. 5, 2024

• Enterprise executives cite AI-assisted attacks as top emerging risk, Gartner finds

  Nov. 4, 2024

• Fortinet finds more malicious IPs linked to widely exploited zero-day

  Oct. 31, 2024

• UnitedHealth Group names new CISO 8 months after massive ransomware attack

  Oct. 30, 2024

• Cyber task force has a long to-do list for next president

  Oct. 29, 2024

• Feds probe China-linked attacks on US telecom networks

  Oct. 28, 2024

• SonicWall firewalls the common access point in spreading ransomware campaign

  Oct. 25, 2024

• Fortinet zero-day attack spree hits at least 50 customers

  Oct. 24, 2024

• Critical Veeam CVE actively exploited in ransomware attacks

  Oct. 22, 2024

• Sophos to buy Secureworks in $859M push into XDR

  Oct. 21, 2024

• Zero-day exploits swelled in 2023: Mandiant

  Oct. 18, 2024

• Iran-linked attackers hit critical infrastructure with brute force

  Oct. 17, 2024

• Microsoft reveals ransomware attacks against its customers nearly tripled last year

  Oct. 16, 2024

• Lawmakers seek insight into China-linked attacks on telecom networks

  Oct. 15, 2024

• Decrease in deals and large rounds cut cyber funding to $2.1B in Q3

  Oct. 10, 2024

• FTC settles yearslong investigation into Marriott’s ‘security failures’

  Oct. 10, 2024

• MoneyGram attack exposed a trove of sensitive customer data

  Oct. 9, 2024

• ADT employee account data stolen in cyberattack

  Oct. 8, 2024

• Counter Ransomware Initiative summit emphasizes arduous effort

  Oct. 7, 2024

• CISA’s vulnerability management program spotted 250 critical CVEs in 2023

  Oct. 4, 2024

• What’s next for CrowdStrike on the road to repair its reputation?

  Oct. 3, 2024

• Phishing remains cloud intrusion tactic of choice for threat groups

  Oct. 2, 2024

• Ransomware attacks surge despite international enforcement effort

  Oct. 1, 2024

• Top cybersecurity conferences to attend in 2025

  Oct. 1, 2024

• For Google to reduce memory-safety defects, it focused on new code

  Sept. 26, 2024

• CrowdStrike CEO pushes ‘resilient by design’ framework, promising changes

  Sept. 26, 2024

• CrowdStrike’s mea culpa: 5 takeaways from the Capitol Hill testimony

  Sept. 25, 2024

• Major companies keep hiring North Korean IT workers

  Sept. 24, 2024

• Kevin Mandia’s 5 question confidence test for CISOs

  Sept. 20, 2024

• Port of Seattle official flags a cyber dilemma, ‘one-way street’ with federal agencies

  Sept. 19, 2024

• AT&T settles a 2023 data breach for $13M. Recent incidents are much worse.

  Sept. 18, 2024

• Valid accounts remain top access point for critical infrastructure attacks, officials say

  Sept. 17, 2024

• Port of Seattle officials pin attack, data theft to Rhysida ransomware group

  Sept. 16, 2024

• Fortinet customer data stolen from third-party file-sharing service

  Sept. 13, 2024

• Network security market breaks streak of declining growth in Q2: Dell’Oro Group

  Sept. 12, 2024

• Global cybersecurity workforce growth flatlines, stalling at 5.5M pros

  Sept. 11, 2024

• SonicWall firewall CVE exploits linked to ransomware attacks

  Sept. 10, 2024

• MOVEit victims are still coming forward. This time it’s Wisconsin Medicare.

  Sept. 9, 2024

• Feds warn of broad Russia-linked CVE exploits targeting critical infrastructure

  Sept. 6, 2024

• Microchip Technology says its data was stolen amid alleged leaks online

  Sept. 5, 2024

• Infosec spending to hit 3-year growth peak, reach $212B next year: Gartner

  Sept. 5, 2024

• Microsoft is training developers on the intricacies of threat intelligence

  Sept. 4, 2024

• Seattle airport cyberattack outages persist heading into Labor Day travel rush

  Aug. 30, 2024

• CrowdStrike takes a revenue hit as global IT outage reckoning lingers

  Aug. 29, 2024

• Seattle airport confronts 4th day of cyberattack outages

  Aug. 27, 2024

• Several Port of Seattle systems down following ‘possible cyberattack’

  Aug. 26, 2024

• CISA’s $524M headquarters slated for DHS campus in 2027

  Aug. 23, 2024

• After a wave of attacks, Snowflake insists security burden rests with customers

  Aug. 22, 2024

• Microchip Technology operations, order fulfillment disrupted by cyberattack

  Aug. 21, 2024

• CISA warns of active exploits hitting popular CI/CD tool Jenkins

  Aug. 20, 2024

• Microsoft mandates MFA for all Azure users

  Aug. 19, 2024

• Manual techniques are fueling ransomware attacks, CrowdStrike says

  Aug. 16, 2024

• It’s time to stop thinking of threat groups as supervillains, experts say

  Aug. 15, 2024

• CISA director: Cybersecurity is ‘not an impossible problem’

  Aug. 13, 2024

• Microsoft Deputy CISO recounts responding to the CrowdStrike outage

  Aug. 12, 2024

• CrowdStrike snafu was a ‘dress rehearsal’ for critical infrastructure disruptions, CISA director says

  Aug. 8, 2024

• Are cybersecurity professionals OK?

  Aug. 7, 2024

• Ransomware swells despite collective push to curb attacks

  Aug. 6, 2024

• Global data breach costs reach all-time high of $4.9M, IBM says

  July 30, 2024

• CrowdStrike CEO’s quick apology stands out in an industry rife with deflection

  July 23, 2024

• CrowdStrike says flawed update was live for 78 minutes

  July 23, 2024

• CrowdStrike’s unforced error puts its reputation on the line

  July 22, 2024

• Larger deals propel cybersecurity funding to 2-year high in Q2

  July 18, 2024

• Weak credentials behind nearly half of all cloud-based attacks, research finds

  July 17, 2024

• Ransomware leak site posts jumped 20% in Q2

  July 16, 2024

• Snowflake-linked attack on Advance Auto Parts exposes 2.3 million people

  July 15, 2024

• Massive Snowflake-linked attack exposes data on nearly 110M AT&T customers

  July 12, 2024

• CISA calls for elimination of OS command injection vulnerabilities

  July 11, 2024

• MOVEit legal liabilities, expenses pile up for Progress Software

  July 10, 2024

• Snowflake allows admins to enforce MFA as breach investigations conclude

  July 9, 2024

• Sonic Automotive’s sales dip as CDK cyberattack causes material impact

  July 8, 2024

• HubSpot reports nearly 50 customer accounts compromised

  July 3, 2024

• CDK eyes service restoration for all car dealers by Fourth of July

  July 1, 2024

• 700,000 OpenSSH servers vulnerable to remote code execution CVE

  July 1, 2024

• Industrial cyberattacks fuel surge in OT cybersecurity spending

  June 28, 2024

• CDK restores service for small group of car dealers

  June 27, 2024

• Progress discloses more MOVEit CVEs, one year after 2023’s fiasco

  June 26, 2024

• CISA warns chemical facilities of potential data theft

  June 25, 2024

• CDK cyberattack stalls industry as car dealers disclose widespread impacts

  June 24, 2024

• What we know about the Snowflake customer attacks

  June 17, 2024

• Ransomware attacks hit manufacturing hard in 2023

  June 14, 2024

• Snowflake-linked attacks are testing the cloud’s shared responsibility status quo

  June 13, 2024

• Pure Storage comes forward as an early victim of Snowflake-linked attacks

  June 12, 2024

• Apple makes a password manager play in a heavily targeted market

  June 11, 2024

• 100 Snowflake customers attacked, data stolen for extortion

  June 10, 2024

• Telecom, media and tech companies are cyber defense standouts: Moody’s

  June 7, 2024

• Pressure mounts on Snowflake and its customers as attacks spread

  June 6, 2024

• CVE exploits, stolen credentials fueled ransomware surge in 2023

  June 4, 2024

• Snowflake customers caught in identity-based attack spree

  June 3, 2024

• Live Nation confirms jumbo breach, Ticketmaster customer data exposed

  June 3, 2024

• NIST has a plan to clear the vulnerability analysis backlog

  May 31, 2024

• Okta rides out cyberattack fallout with ‘minimal impact’

  May 30, 2024

• Critical CVEs are going under-analyzed as NIST falls behind

  May 28, 2024

• Cyberattacks are good for security vendors, and business is booming

  May 23, 2024

• Microsoft president set to testify before Congress on ‘security shortcomings’

  May 22, 2024

• Kevin Mandia to step down as CEO of Mandiant on May 31

  May 21, 2024

• SEC requires financial firms to disclose data breaches within 30 days

  May 20, 2024

• CISA senior official Goldstein to leave agency in June

  May 16, 2024

• Remote-access tools the intrusion point to blame for most ransomware attacks

  May 16, 2024

• Unsafe software development practices persist, despite CISA’s push

  May 15, 2024

• Cyber pros weigh an intel-sharing quandary: What to share when attacks hit close to home

  May 14, 2024

• Congress wants to question Microsoft exec over security defects

  May 13, 2024

• Officials see a real change in Microsoft’s security plans: financial accountability

  May 10, 2024

• CISA explains why it doesn’t call out tech vendors by name

  May 9, 2024

• China-linked attackers are successfully targeting network security devices, worrying officials

  May 7, 2024

• Change Healthcare cyberattack: 5 technical takeaways from UnitedHealth CEO’s testimony

  May 6, 2024

• Every Dropbox Sign user, account holders or not, stung in cyberattack

  May 2, 2024

• CISA warned 1,750 organizations of ransomware vulnerabilities last year. Only half took action.

  May 1, 2024

• Change Healthcare, compromised by stolen credentials, did not have MFA turned on

  April 30, 2024

• What is success in cybersecurity? Failing less.

  April 26, 2024

• CISA director pushes for vendor accountability and less emphasis on victims’ errors

  April 25, 2024

• Zero-day exploits hit CrushFTP, researchers expect rapid exploitation

  April 24, 2024

• Palo Alto Networks quibbles over impact of exploited, compromised firewalls

  April 23, 2024

• Mitre R&D network hit by Ivanti zero-day exploits

  April 22, 2024

• Frontier Communications hit by cyberattack, IT systems impacted

  April 19, 2024

• Palo Alto Networks warns firewall exploits are spreading

  April 18, 2024

• Cisco Duo MFA message logs exposed in third-party breach

  April 16, 2024

• Palo Alto Networks fixes maximum severity, exploited CVE in firewalls

  April 16, 2024

• Top officials again push back on ransom payment ban

  April 15, 2024

• Federal agencies caught sharing credentials with Microsoft over email

  April 12, 2024

• Cybersecurity jobs pay well, but gender disparities persist

  April 11, 2024

• What’s going on with the National Vulnerability Database?

  April 10, 2024

• Mandiant spots advanced exploit activity in Ivanti devices

  April 9, 2024

• D-Link tells customers to sunset actively exploited storage devices

  April 8, 2024

• Cybersecurity venture funding remains weak, near three-year low

  April 5, 2024

• What CISA wants to see in CIRCIA reports

  April 4, 2024

• CISA asserts no data stolen during Ivanti-linked attack on the agency

  April 2, 2024

• Phishing remains top route to initial access

  March 26, 2024

• Threat groups hit enterprise software, network infrastructure hard in 2023

  March 22, 2024

• Change Healthcare’s drawn-out recovery catches flak from cyber experts

  March 21, 2024

• Five Eyes implores critical infrastructure execs to take China-linked threats seriously

  March 20, 2024

• How companies describe cyber incidents in SEC filings

  March 19, 2024

• Stronger FCC data breach reporting rules for telecom go live

  March 15, 2024

• Change Healthcare locates ransomware attack vector

  March 14, 2024

• Google Cloud CISO spots asymmetric advantage for AI in defense

  March 13, 2024

• Ransomware festers as a top security challenge, US intel leaders say

  March 12, 2024

• CISA attacked in Ivanti vulnerabilities exploit rush

  March 11, 2024

• Ransomware attacks are hitting critical infrastructure more often, FBI says

  March 11, 2024

• Microsoft’s security woes persist as Midnight Blizzard remains on the offensive

  March 8, 2024

• CrowdStrike dodges pricing war with Palo Alto Networks

  March 6, 2024

• AWS CISO: Generative AI is just a tool, ‘not a magic wand’

  March 5, 2024

• AlphV’s hit on Change Healthcare strikes a sour note for defenders

  March 4, 2024

• Why Okta is overhauling its priorities, culture around security

  March 1, 2024

• NIST makes it official: governance is a critical part of cybersecurity

  Feb. 29, 2024

• Okta reports ‘minimal’ financial impact following support portal attack

  Feb. 29, 2024

• Okta, with a bruised reputation, rethinks security from the top down

  Feb. 27, 2024

• LockBit group revives operations after takedown

  Feb. 26, 2024

• Cloud intrusions spiked 75% in 2023, CrowdStrike says

  Feb. 23, 2024

• IBM marks monumental shift in valid account attacks

  Feb. 21, 2024

• NSA Cyber Director Rob Joyce to retire

  Feb. 20, 2024

• Critical infrastructure vendor PSI Software hit by ransomware

  Feb. 20, 2024

• State Department puts $10M bounty on AlphV ransomware group

  Feb. 15, 2024

• AlphV claims hit on Canada’s Trans-Northern Pipelines

  Feb. 14, 2024

• Microsoft Azure customers hit by phishing, account takeover attacks

  Feb. 13, 2024

• Attackers hit more networking gear, this time a critical Fortinet CVE

  Feb. 12, 2024

• CISA blitzes Super Bowl with cyber campaign as businesses fumble security

  Feb. 9, 2024

• Ransomware actors hit zero-day exploits hard in 2023

  Feb. 8, 2024

• AnyDesk attack response stirs threat analyst criticism and doubts

  Feb. 7, 2024

• Mortgage industry attack spree punctuates common errors

  Feb. 6, 2024

• AnyDesk initiates extensive credentials reset following cyberattack

  Feb. 5, 2024

• Cloudflare hit by follow-on attack from previous Okta breach

  Feb. 2, 2024

• Okta to cut 7% of workforce as push to revamp security is underway

  Feb. 1, 2024

• White House rejects efforts to undo SEC cyber disclosure rule

  Jan. 31, 2024

• Johnson Controls reports $27M hit from ransomware attack

  Jan. 31, 2024

• MOVEit liabilities mount for Progress Software

  Jan. 30, 2024

• Popular CI/CD tool Jenkins discloses critical CVE

  Jan. 29, 2024

• Nearly 800 GoAnywhere instances are unpatched, exposed to critical CVE

  Jan. 26, 2024

• HPE hit by a monthslong cyberattack on its cloud-based email

  Jan. 25, 2024

• US data compromises surged to record high in 2023

  Jan. 25, 2024

• GoAnywhere MFT customers confront yet another critical file-transfer CVE

  Jan. 24, 2024

• Will the movement to ban ransom payments gain steam in 2024?

  Jan. 23, 2024

• LoanDepot ransomware attack exposes data on almost 17M customers

  Jan. 22, 2024

• CISA’s 1,200 pre-ransomware alerts saved organizations millions in damages

  Jan. 19, 2024

• Progress Software shakes off MOVEit’s financial consequences, maintains customers

  Jan. 18, 2024

• Wealthy countries boast superior cyber defenses

  Jan. 17, 2024

• Progress Software’s MOVEit meltdown: uncovering the fallout

  Jan. 16, 2024

• Elevated ransomware activity hit nearly 5,200 organizations in 2023

  Jan. 12, 2024

• Cyber funding and M&A drop in 2023

  Jan. 11, 2024

• 5 cybersecurity trends to watch in 2024

  Jan. 10, 2024

• DDoS attack traffic surged in 2023, Cloudflare finds

  Jan. 9, 2024

• LoanDepot caught in mortgage industry cyberattack spree

  Jan. 8, 2024

• Extent of a cyber specialist law firm’s data breach grows

  Jan. 5, 2024

• LastPass enforces 12-character master password lengths

  Jan. 4, 2024

• Fleeting fake delivery phishing campaign targets last-minute shoppers

  Dec. 22, 2023

• Cisco to buy open source multicloud security vendor Isovalent

  Dec. 21, 2023

• Notorious ransomware group tussles with law enforcement, regenerates after takedown

  Dec. 20, 2023

• US leads AlphV ransomware infrastructure takedown

  Dec. 19, 2023

• Mr. Cooper cyberattack hits every current — and former — customer

  Dec. 18, 2023

• Kraft Heinz probes ransomware attack claim

  Dec. 15, 2023

• Credit unions recover from outages caused by third-party ransomware attack

  Dec. 14, 2023

• Senate confirms Harry Coker Jr. as national cyber director

  Dec. 13, 2023

• FBI to field SEC cyber incident disclosure delay requests

  Dec. 12, 2023

• Norton Healthcare ransomware attack exposes 2.5M people

  Dec. 11, 2023

• Data breaches fallout reach new heights as the number of exposed records soars

  Dec. 8, 2023

• Progress Software discloses 2 new CVEs in MOVEit

  Dec. 7, 2023

• Payments processor Tipalti investigating ransomware attack

  Dec. 4, 2023

• Dozens of credit unions confront outages linked to third-party ransomware attack

  Dec. 4, 2023

• Yet again, threat actors exploit a critical file-transfer service CVE

  Dec. 1, 2023

• Okta again promises it is taking security seriously

  Nov. 30, 2023

• All Okta support system customers caught in previously disclosed breach

  Nov. 29, 2023

• Amazon CSO likens security to psychological chess matches

  Nov. 28, 2023

• SMBs hit by rise in legitimate tool-based attacks

  Nov. 21, 2023

• CISA explains how to apply secure-by-design principles

  Nov. 20, 2023

• Threat actors behind Las Vegas casino attacks are social-engineering mavens

  Nov. 17, 2023

• Cisco looks to Splunk for security business growth

  Nov. 16, 2023

• 5 Juniper CVEs actively exploited in the wild

  Nov. 15, 2023

• File-transfer services, rich with sensitive data, are under attack

  Nov. 14, 2023

• Weeks after Boeing attack, ransomware group leaks allegedly stolen files

  Nov. 13, 2023

• For Maine, the MOVEit attack is personal

  Nov. 10, 2023

• Mr. Cooper customers’ data exposed by cyberattack

  Nov. 9, 2023

• Ransomware targeting casinos is on the rise, FBI warns

  Nov. 9, 2023

• Cyberattack hits Singapore’s Marina Bay Sands hotel and casino

  Nov. 8, 2023

• Cyberattack hits Mr. Cooper, blocks millions of mortgage payments

  Nov. 7, 2023

• Atlassian Confluence customers confront pair of critical vulnerabilities

  Nov. 7, 2023

• Countries pledge to not pay ransoms, but experts question impact

  Nov. 6, 2023

• 5 Okta customers snared in attack on the provider’s support system

  Nov. 3, 2023

• Okta employee data breached in third-party healthcare attack

  Nov. 2, 2023

• Boeing confirms cyberattack, global services disrupted

  Nov. 2, 2023

• Splunk to cut 7% of staff in latest layoff round this year

  Nov. 1, 2023

• BeyondTrust, Cloudflare averted Okta attacks thanks to security chops

  Nov. 1, 2023

• Boeing assessing ransomware group’s claim of ‘sensitive’ data theft

  Oct. 30, 2023

• High-profile summer attacks linked to same aggressive ransomware group

  Oct. 27, 2023

• Philadelphia discloses email compromise 5 months after initial detection

  Oct. 26, 2023

• LastPass working through ‘systemic’ security overhaul

  Oct. 25, 2023

• 1Password caught in Okta breach, impacting employee-facing apps

  Oct. 24, 2023

• Okta attacked again, this time hitting its support system

  Oct. 20, 2023

• FAIR Institute wants to quantify just how much a cyberattack costs

  Oct. 20, 2023

• Cyber venture capital funding on pace to hit four-year low

  Oct. 19, 2023

• US data compromises hit all-time high

  Oct. 16, 2023

• CISA’s top 10 misconfigurations reveal ‘systemic weaknesses’

  Oct. 16, 2023

• Microsoft tops CISA’s list of exploited CVEs used in ransomware attacks

  Oct. 13, 2023

• Progress Software’s financial hit from MOVEit cuts deeper

  Oct. 11, 2023

• Most CISOs confront ransomware — and pay ransoms

  Oct. 11, 2023

• CISO salaries are up, but growth is slowing

  Oct. 10, 2023

• Cyberattack against Johnson Controls sparks downstream concerns

  Oct. 5, 2023

• AWS kicks off cloud race to mandate MFA by default

  Oct. 3, 2023

• Multiple exploits hit Progress Software’s WS_FTP Server

  Oct. 3, 2023

• Cyber investments on pace to reach $215B in 2024: Gartner

  Oct. 2, 2023

• Progress Software discloses 8 vulnerabilities in one of its other file-transfer services

  Sept. 29, 2023

• Johnson Controls hit by ‘severe’ cyberattack

  Sept. 28, 2023

• Progress Software says business impact ‘minimal’ from MOVEit attack spree

  Sept. 28, 2023

• Cisco’s big bet on Splunk accelerates market shifts

  Sept. 27, 2023

• Royal lurked in Dallas’ systems weeks before ransomware attack

  Sept. 25, 2023

• Security has an underlying defect: passwords and authentication

  Sept. 18, 2023

• Compromised credential use jumps 300% in cloud intrusions: IBM

  Sept. 13, 2023

• High-profile CVEs turn up in vulnerability exploit sales

  Sept. 12, 2023

• Cisco BroadWorks vulnerability snags highest CVSS score

  Sept. 11, 2023

• Aviation sector organization hit by exploit of CVE duo

  Sept. 8, 2023

• BEC phishing kit hits thousands of Microsoft 365 business accounts

  Sept. 7, 2023

• Okta customers’ IT staff duped by MFA reset swindle

  Sept. 6, 2023

• Top 5 behaviors of successful CISOs: Gartner

  Sept. 5, 2023

• Malwarebytes, within a week, acquires a company and reportedly cuts staff

  Aug. 31, 2023

• Mandiant blends Google Cloud, AI to automate threat hunting

  Aug. 29, 2023

• MOVEit attack victim count surpasses 1,000 organizations

  Aug. 28, 2023

• Prospect Medical stolen data listed for sale by emerging ransomware group

  Aug. 25, 2023

• Ransoming Linux and ESXi systems is getting easier

  Aug. 24, 2023

• For security to benefit from AI, companies need to shore up their data

  Aug. 24, 2023

• Ransomware attack dwell times fall, pressuring companies to quickly respond

  Aug. 23, 2023

• MOVEit attack spree makes Clop this summer’s most-prolific ransomware group

  Aug. 22, 2023

• Cuba ransomware group exploits Veeam to hit critical infrastructure

  Aug. 21, 2023

• Cyber authorities have a plan to defend remote monitoring tools

  Aug. 18, 2023

• Security basics aren’t so basic — they’re hard

  Aug. 17, 2023

• AWS customers’ most common security mistake

  Aug. 16, 2023

• How disjoined threat intelligence limits companies — and what to do about it

  Aug. 15, 2023

• Dallas to pay vendors $8.6M for their ransomware recovery services

  Aug. 14, 2023

• Why Walden thinks this national cybersecurity strategy will work

  Aug. 11, 2023

• 4 ways organizations can take back the advantage from attackers

  Aug. 10, 2023

• The MOVEit spree is as bad as — or worse than — you think it is

  Aug. 9, 2023

• Threat actors abuse valid accounts using manual tactics, CrowdStrike says

  Aug. 8, 2023

• Ransomware attack on Prospect Medical Holdings impacts hospitals across 4 states

  Aug. 7, 2023

• Inside the most-commonly exploited CVEs of 2022

  Aug. 4, 2023

• Poor access management besets most cloud compromises, Google says

  Aug. 3, 2023

• Hot Topic hit by automated credential stuffing attack spree

  Aug. 2, 2023

• Tempur Sealy responding to cyberattack that disrupted operations

  Aug. 1, 2023

• Valid account credentials are behind most cyber intrusions, CISA finds

  July 28, 2023

• Mandiant finds no evidence of data or cryptocurrency theft in JumpCloud attack

  July 26, 2023

• To execute the national cyber strategy, it’s going to take the whole US government

  July 25, 2023

• Investigations are causing data breach costs to skyrocket, IBM finds

  July 24, 2023

• JumpCloud cyberattack hits up to 5 customers, 10 devices

  July 20, 2023

• US government plays catchup on phishing-resistant MFA

  July 20, 2023

• Estée Lauder takes down some systems following cyberattack

  July 19, 2023

• GoTo, parent company to LastPass, names new CISO

  July 19, 2023

• UKG agrees to pay up to $6M in lawsuit tied to 2021 breach

  July 18, 2023

• Cyberattack compromised JumpCloud customer environments

  July 17, 2023

• MOVEit mass exploit timeline: How the file-transfer service attacks entangled victims

  July 14, 2023

• White House shares the 69 initiatives slated to shore up national cybersecurity

  July 13, 2023

• JumpCloud abruptly initiates mass API key reset

  July 10, 2023

• TPG to buy Forcepoint’s public sector cybersecurity business for $2.45B

  July 10, 2023

• Only 5% of CISOs report to CEOs, survey finds

  July 7, 2023

• Most Fortinet FortiGate firewalls remain vulnerable to critical CVE

  July 6, 2023

• MOVEit vulnerability snags almost 200 victims, more expected

  July 5, 2023

• White House releases cyber budget priorities for fiscal year 2025

  June 29, 2023

• Cyberattack exposes data on nearly 9K American and Southwest Airlines pilot applicants

  June 27, 2023

• MOVEit vulnerability ensnares more victims

  June 27, 2023

• Cyber CEOs are all-in on generative AI

  June 21, 2023

• MOVEit customers on high alert as Clop’s deadline expires

  June 14, 2023

• LastPass CEO reflects on lessons learned, regrets and moving forward from a cyberattack

  June 13, 2023

• Barracuda urges customers to replace compromised ESG appliances immediately

  June 9, 2023

• Clop claims hundreds of MOVEit vulnerability victims

  June 8, 2023

• Dallas in the homestretch of ransomware attack recovery

  June 7, 2023

• What we know about the MOVEit vulnerabilities and compromises

  June 6, 2023

• Worries mount for MOVEit vulnerability, as likelihood of compromise expands

  June 5, 2023

• MOVEit zero-day vulnerability under active exploit, data already stolen

  June 1, 2023

• CrowdStrike adds threat data to generative AI push

  June 1, 2023

• Barracuda zero-day vulnerability exploited for 7 months before detection

  May 31, 2023

• Palo Alto Networks teases plans for generative AI across security services

  May 31, 2023

• ABB confirms ransomware attack resulted in data theft

  May 30, 2023

• Royal messes with Texas

  May 26, 2023

• Barracuda patches actively exploited zero-day vulnerability in email gateways

  May 25, 2023

• SMBs, regional MSPs under fire from targeted phishing attacks

  May 24, 2023

• KeePass master password manager at risk as users await patch

  May 23, 2023

• Dallas under pressure as Royal ransomware group threatens leak

  May 22, 2023

• Critical infrastructure security spending to grow 83% by 2027: ABI Research

  May 19, 2023

• Why and how to report a ransomware attack

  May 18, 2023

• Dallas courts still closed 2 weeks post-ransomware attack

  May 17, 2023

• VMware’s ‘target-rich environment’ is growing more volatile, CrowdStrike warns

  May 16, 2023

• Emerging ransomware group quickly hits 4 critical infrastructure providers

  May 15, 2023

• Costs of software supply chain attacks could exceed $46B this year

  May 12, 2023

• PaperCut actively exploited by multiple threat actors, targeting education sector

  May 12, 2023

• Flood of ransom payments continues as officials mull ban

  May 11, 2023

• It’s becoming more common for ransomware to lock up data

  May 10, 2023

• Dallas restores core emergency dispatch systems

  May 9, 2023

• White House considers ban on ransom payments, with caveats

  May 8, 2023

• Dallas still recovering from ransomware on eve of municipal election

  May 5, 2023

• Dallas ransomware attack causes critical service outages

  May 4, 2023

• How 7 cybersecurity experts manage their passwords

  May 4, 2023

• Companies need a wakeup call to fix chronic security shortcomings, cyber experts say

  May 3, 2023

• Cybersecurity pros plant seeds of hope at RSA Conference

  May 2, 2023

• 3 areas of generative AI the NSA is watching in cybersecurity

  May 1, 2023

• Mandiant CEO’s 7 tips for cyber defense

  April 28, 2023

• Acting National Cyber Director downplays reports of interagency strife

  April 27, 2023

• White House to share roadmap for national cyber strategy implementation this summer

  April 26, 2023

• Teenagers, young adults pose prevalent cyberthreat to US, Mandiant says

  April 25, 2023

• Supply chain attack that hit 3CX caught at least 4 other victims, Symantec says

  April 24, 2023

• Threat actors can use ChatGPT to sharpen cyberthreats, but no need to panic yet

  April 21, 2023

• 3CX attack caused by another supply chain attack, Mandiant says

  April 20, 2023

• Microsoft summons weather events to name threat actors

  April 19, 2023

• NCR in recovery as ransomware disrupts widely used point-of-sale system

  April 18, 2023

• ChatGPT prompts experts to consider AI’s mark on cybersecurity

  April 18, 2023

• Cyber venture capital funding slows to a trickle, a sharp decline from 2022 investment

  April 14, 2023

• Rorschach ransomware, with a rare encryption speed, makes it even harder for companies to respond

  April 14, 2023

• Explore the core tactics of secure by design and default

  April 13, 2023

• How Target approaches identity and access management

  April 12, 2023

• Cyberattacks hit almost all companies last year, Sophos says

  April 4, 2023

• IBM file transfer service under active exploit, security researchers warn

  March 31, 2023

• Australia’s Crown Resorts hit in Clop ransomware spree

  March 30, 2023

• Marsh brokerage program lowers threshold for cyber insurance coverage

  March 29, 2023

• Clop ransomware group triggers new attack spree, hitting household brands

  March 28, 2023

• CISA summons outside tips to alert victims of early-stage ransomware

  March 27, 2023

• 5 steps organizations can take to counter IAM threats

  March 24, 2023

• Threat intelligence isn’t for everyone, Google says

  March 23, 2023

• Ill-prepared against cyberattacks? You’re not alone, Cisco says

  March 22, 2023

• Ransomware gangs incite fear in victims to fuel attacks

  March 21, 2023

• Zero-days fell by one-third in 2022, Mandiant says

  March 20, 2023

• Global cybersecurity spending to top $219B this year: IDC

  March 17, 2023

• Cybersecurity market confronts potential consequences of banking crisis

  March 16, 2023

• Ransomware hit critical infrastructure hard in 2022, FBI says

  March 15, 2023

• Bank failure panic fuels moment of opportunity for threat actors

  March 14, 2023

• Worried about data breaches? Blame the information sector

  March 9, 2023

• How will the government enforce the national cyber strategy?

  March 8, 2023

• Organizations tempt risk as they deploy code more frequently

  March 7, 2023

• LastPass aftermath leaves long to-do list for business customers

  March 6, 2023

• JetBlue taps new CISO as major deals hang in balance

  March 3, 2023

• LastPass breach timeline: How a monthslong cyberattack unraveled

  March 2, 2023

• LastPass CEO admits disclosure mistakes, pledges improved communications

  March 1, 2023

• LastPass compromise grew worse after DevOps engineer targeted for encryption key

  Feb. 28, 2023

• Phishing takes financial bite out of more victim organizations

  Feb. 28, 2023

• Los Angeles school district confirms sensitive student data leaked

  Feb. 27, 2023

• Ukraine discovers lingering breaches 1 year into Russia invasion

  Feb. 24, 2023

• For GoDaddy customers, a long dwell time means all could be victims

  Feb. 23, 2023

• Attackers reduce complexity to catch more potential victims

  Feb. 23, 2023

• Phishing, king of compromise, remains top initial access vector

  Feb. 22, 2023

• GoDaddy source code stolen as part of a multiyear campaign

  Feb. 17, 2023

• FBI contains ‘isolated’ malicious activity on network

  Feb. 17, 2023

• Companies grapple with post-breach disclosure risks

  Feb. 16, 2023

• Cybersecurity jobs least likely to be impacted by economic uncertainty, (ISC)2 says

  Feb. 16, 2023

• What’s known about the ESXiArgs ransomware hitting VMware servers

  Feb. 15, 2023

• Economic volatility to exacerbate cyber risk in 2023

  Feb. 14, 2023

• VMware ransomware was on the rise leading up to ESXiArgs spree, research finds

  Feb. 13, 2023

• VMware ransomware evolves to evade data recovery, reinfects servers

  Feb. 10, 2023

• Layoffs come for cybersecurity, too

  Feb. 9, 2023

• Unsophisticated ransomware campaign targeting VMware ripe for copycats

  Feb. 8, 2023

• Ransomware attack spree hits thousands of VMware servers

  Feb. 6, 2023

• Hive takedown puts ‘small dent’ in ransomware problem

  Feb. 6, 2023

• Okta CEO blames overhiring, ‘execution challenges’ for layoffs

  Feb. 2, 2023

• T-Mobile CEO spins recent breach, says its cybersecurity chops ‘showed up’

  Feb. 1, 2023

• GitHub resets code signing certificates following breach

  Feb. 1, 2023

• On deck for the business of cybersecurity: Fire sales and due diligence

  Jan. 31, 2023

• Box CEO on the ‘perfect storm’ of challenges in cybersecurity

  Jan. 31, 2023

• Most data breach notices lacked detail in 2022

  Jan. 30, 2023

• Industrial organizations may worry too much about ICS vulnerabilities

  Jan. 27, 2023

• CISA issues baseline cybersecurity recommendations for K-12 schools

  Jan. 26, 2023

• Breach hits GoTo, the parent company of LastPass

  Jan. 24, 2023

• Los Angeles school system shifts timeline of ransomware attack

  Jan. 24, 2023

• Experts question T-Mobile’s security culture as breach cycle churns

  Jan. 20, 2023

• T-Mobile breached again, 37M customer accounts exposed

  Jan. 19, 2023

• PayPal warns 35,000 customers of exposure following credential stuffing attack

  Jan. 19, 2023

• Threat actors lure phishing victims with phony salary bumps, bonuses

  Jan. 19, 2023

• A ransomware negotiator shares 3 tips for victim organizations

  Jan. 18, 2023

• CISA’s 2022 highlight reel details progress and potential for security coordination

  Jan. 17, 2023

• Open-source repository risk amplified on GitHub

  Jan. 12, 2023

• T-Mobile CSO: One wrong decision can wreak havoc

  Jan. 11, 2023

• Ransomware attack exposes California transit giant’s sensitive data

  Jan. 10, 2023

• FCC revives push to speed up telecom incident disclosures

  Jan. 10, 2023

• Tech priorities out of sync with security needs, CISA director says

  Jan. 9, 2023

• What’s at stake for 33M compromised LastPass users?

  Jan. 6, 2023

• 6 security experts on what cyberthreats they expect in 2023

  Jan. 6, 2023

• What we know about the LastPass breach (so far)

  Jan. 5, 2023

• Ransomware hit US schools at steady rate in 2022

  Jan. 4, 2023

• After LastPass hack, only its master passwords remain uncompromised

  Dec. 27, 2022

• National Cyber Director eyes retirement: report

  Dec. 22, 2022

• Okta’s GitHub source code stolen, company downplays impact

  Dec. 22, 2022

• Incident responders brace for end-of-year cyber scaries

  Dec. 19, 2022

• NIST bids adieu to SHA-1 cryptographic algorithm

  Dec. 16, 2022

• CISOs are becoming more technical

  Dec. 15, 2022

• Threat actor exploits critical Citrix vulnerability

  Dec. 13, 2022

• California authorities confirm cyber intrusion, LockBit claims ransomware hit

  Dec. 12, 2022

• Google stresses unmet need for software supply chain security

  Dec. 8, 2022

• Apple expands iCloud encryption, boosts MFA with security keys

  Dec. 8, 2022

• Internet Explorer is still a viable zero-day attack vector

  Dec. 7, 2022

• What does it take to be good at cybersecurity?

  Dec. 7, 2022

• Ransomware attacks shift beyond US borders

  Dec. 6, 2022

• Cuba ransomware group hitting US organizations in 5 critical sectors

  Dec. 5, 2022

• AWS builds a lake for multivendor security data sharing

  Dec. 2, 2022

• LastPass breach fallout spreads to expose customer data

  Dec. 1, 2022

• CrowdStrike CEO: SMB deals delayed as enterprises hold firm on cyber spend

  Dec. 1, 2022

• AWS CEO stresses the core elements of cloud security

  Nov. 30, 2022

• Where is AWS in the cybersecurity conversation?

  Nov. 29, 2022

• FCC bans imports of telecom gear from China-based companies

  Nov. 28, 2022

• ‘Tis the season for shopping and scams, CISA warns

  Nov. 23, 2022

• Growing Mastodon security community grapples with CISA impersonators

  Nov. 23, 2022

• Where will the security community turn, if not Twitter?

  Nov. 21, 2022

• Cybercriminals strike understaffed organizations on weekends and holidays

  Nov. 18, 2022

• SMB cyber budgets under pressure amid slowing economy

  Nov. 17, 2022

• Nokia warns 5G security ‘breaches are the rule, not the exception’

  Nov. 16, 2022

• Confidential computing critical for cloud security, Google and Intel say

  Nov. 15, 2022

• CISA wants to change how organizations prioritize vulnerabilities

  Nov. 14, 2022

• Twitter, amid security and compliance officer exodus, could run afoul of FTC rules

  Nov. 10, 2022

• 5 security musts for industrial control systems

  Nov. 10, 2022

• CISA’s K-12 cyber education program goes nationwide

  Nov. 9, 2022

• Precise ransomware strikes boost threat actors’ success rate

  Nov. 8, 2022

• CISA demystifies phishing-resistant MFA

  Nov. 4, 2022

• No, your CEO is not texting you

  Nov. 3, 2022

• FTC slams Chegg for chronic, ‘careless security’

  Nov. 1, 2022

• ‘Point solutions just need to die’: The end of the one-trick security tool

  Oct. 31, 2022

• How cybersecurity experts are reacting to CISA’s security goals

  Oct. 28, 2022

• Vice Society’s ransomware playbook, queries for potential victims leaked

  Oct. 26, 2022

• Ransomware activity persists, but lags 2021 highs

  Oct. 25, 2022

• 4 security predictions from Google’s cyber leaders

  Oct. 21, 2022

• CISA’s priority sectors for 2023: water, hospitals, K-12

  Oct. 21, 2022

• 4 ways Target dynamically tracks the most alarming threats

  Oct. 20, 2022

• Cybersecurity spending on pace to surpass $260B by 2026

  Oct. 18, 2022

• Mandiant CEO pledges to automate threat intel under Google

  Oct. 17, 2022

• Mandiant propels Google Cloud’s security prospects

  Oct. 11, 2022

• What is phishing-resistant multifactor authentication? It’s complicated.

  Oct. 10, 2022

• Incident responders report alarming rates of mental strain

  Oct. 7, 2022

• LA schools system downplays impact of leaked data

  Oct. 6, 2022

• Multifactor authentication is not all it’s cracked up to be

  Oct. 5, 2022

• Los Angeles schools’ data leaked after ransomware attack

  Oct. 3, 2022

• State and local governments report spike in ransomware attacks

  Oct. 3, 2022

• Vice Society raises ransomware pressure on Los Angeles school district

  Sept. 30, 2022

• Google Cloud research links CI/CD to security prowess

  Sept. 29, 2022

• US organizations hit by almost half of all ransomware since 2020

  Sept. 28, 2022

• Australia’s telecom giant Optus avoids ransom demand as attacker reverses course

  Sept. 27, 2022

• Australia’s second-largest wireless carrier suffers major cyberattack

  Sept. 23, 2022

• How common telecom cyber risks snowball in cloud, open source

  Sept. 23, 2022

• The tools and strategies schools need for ransomware defense

  Sept. 22, 2022

• Ransom demand escalates fallout from Los Angeles schools cyberattack

  Sept. 21, 2022

• Uber details how it got hacked, claims limited damage

  Sept. 19, 2022

• US government rejects ransom payment ban to spur disclosure

  Sept. 19, 2022

• Threat actor breaches many of Uber’s critical systems

  Sept. 16, 2022

• Microsoft cloud security exec challenges organizations to ditch outdated practices

  Sept. 16, 2022

• CISA can’t definitively say if ransomware is getting better or worse

  Sept. 15, 2022

• Cloud security pros expect elevated risk for serious data breaches

  Sept. 14, 2022

• Energy providers hit by North Korea-linked Lazarus exploiting Log4j VMware vulnerabilities

  Sept. 13, 2022

• Google closes $5.4B Mandiant acquisition

  Sept. 12, 2022

• Los Angeles school district hit by ransomware attack

  Sept. 6, 2022

• Most organizations remain unprepared for ransomware attacks

  Sept. 6, 2022

• Okta CEO pushes for passwordless future in wake of phishing attacks

  Sept. 2, 2022

• Multifactor authentication has its limits, but don’t blame the technology

  Sept. 1, 2022

• CISOs aim to balance investments, outsourcing against risks

  Aug. 31, 2022

• Okta entangled by Twilio phishing attack

  Aug. 30, 2022

• Twilio discloses more victims as phishing attack effects cascade

  Aug. 29, 2022

• Tips for how to safeguard against third-party attacks

  Aug. 25, 2022

• Ransomware attack surges tied to crypto spikes

  Aug. 24, 2022

• Credential stuffing hammers US businesses as account data for sale in bulk

  Aug. 23, 2022

• Third-party attacks spike as attackers target software connections

  Aug. 22, 2022

• LockBit ransomware group claims responsibility for Entrust attack

  Aug. 19, 2022

• Google Cloud’s CISO is a short-term cyber pessimist, but a long-term optimist

  Aug. 18, 2022

• The same old problems nag cybersecurity professionals

  Aug. 17, 2022

• Twilio phishing attack fallout spreads to Signal

  Aug. 15, 2022

• How attackers are breaking into organizations

  Aug. 15, 2022

• US falters while ‘cybercriminals have been eating our lunch,’ ex-CISA chief Krebs says

  Aug. 12, 2022

• Internal Cisco data stolen after employee hit by voice phishing attack

  Aug. 11, 2022

• Don’t count on government, tech vendors to fix security woes, former CISA chief Krebs says

  Aug. 10, 2022

• AWS, Splunk lead open source effort to spot and curb cyberattacks

  Aug. 10, 2022

• Cloudflare thwarts ‘sophisticated’ phishing attack strategy that bruised Twilio

  Aug. 9, 2022

• Twilio employees duped by text message phishing attack

  Aug. 8, 2022

• Encevo stays resilient post-attack, but it’s still assessing the data damage

  Aug. 8, 2022

• Slack resets passwords en masse after invite link vulnerability

  Aug. 5, 2022

• The 11 most-prevalent malware strains of 2021 fuel cybercrime

  Aug. 5, 2022

• Ransomware defense guidance risks hang-ups under many steps

  Aug. 4, 2022

• VMware discloses new authentication bypass vulnerability

  Aug. 2, 2022

• Luxembourg energy supplier Encevo hit by ransomware attack

  Aug. 1, 2022

• Most cyberattacks come from ransomware, email compromise

  Aug. 1, 2022

• Data breach costs spread downstream, IBM says

  July 29, 2022

• Entrust acknowledges June cyberattack, remains tight-lipped on the details

  July 28, 2022

• AWS wants to be an enterprise security strategy advisor

  July 27, 2022

• Relentless vulnerabilities and patches induce cybersecurity burnout

  July 26, 2022

• T-Mobile agrees to $500M settlement for 2021 cyberattack

  July 25, 2022

• Atlassian urges rapid response after Confluence hardcoded password leaked

  July 22, 2022

• Network vulnerabilities declined in 2021, but attacks hit all-time high

  July 22, 2022

• New ransomware discovered using Rust, atypical encryption

  July 20, 2022

• LockBit ransomware hitting network servers

  July 20, 2022

• US effort to rip and replace hardware made in China is ballooning in cost

  July 18, 2022

• CISA releases indicators of compromise for hard-hit VMware Horizon

  July 18, 2022

• Fake GitHub commits can trick developers into using malicious code

  July 18, 2022

• The US is losing the cyberspace race

  July 15, 2022

• Ransomware attacks surge in education sector

  July 14, 2022

• Threat actors favor brute force attacks to hit cloud services

  July 12, 2022

• What to watch with 5G network security

  July 8, 2022

• Latest Marriott breach shows a human error pattern

  July 7, 2022

• Hive ransomware group migrates code to Rust, accelerating data encryption

  July 6, 2022

• Ransomware groups shift tactics and objectives

  June 15, 2022

• How and why ransomware responses go haywire

  June 13, 2022

• 5 takeaways from the RSA Conference

  June 13, 2022

• America's cyber chiefs have a long to-do list

  June 9, 2022

• Threat hunters minimize Russia's cyber prowess

  June 9, 2022

• Food supplier cyber risk spreads 1 year after JBS attack

  June 2, 2022

• Conti ransomware gang grows brash and flames out. What's next?

  May 31, 2022

• Persistent vulnerabilities put VMware on the defense

  May 27, 2022

• Google Cloud positions itself as a 'standalone security brand'

  May 24, 2022

• Critical VMware vulnerabilities resurface after threat actors evade patches within 48 hours

  May 19, 2022

• CISOs say they're at less risk of a substantial cyberattack

  May 17, 2022

• Enterprises rarely follow advice to never pay ransoms

  May 16, 2022

• Emotet reemerges as top malware in circulation

  May 12, 2022

• SEO-savvy threat actors drive surge in malware downloads

  May 10, 2022

• Vet software security as part of enterprise procurement, NIST says

  May 9, 2022

• Threat actor launches email attacks to lift corporate M&A secrets, Mandiant says

  May 5, 2022