Cisco’s critical IOS XE software zero day is a ‘bad situation’

Researchers from VulnCheck said they have found thousands of implanted hosts.

By David Jones • Oct. 17, 2023

US data compromises hit all-time high

Supply-chain attacks and zero-day exploits, such as the widespread attacks against the MOVEit file-transfer service, are surging, according to the Identity Theft Resource Center.

By Matt Kapko • Oct. 16, 2023

Explore the Trendline➔

Top 5 stories from Cybersecurity Dive

A wave of rules, regulations and federal action is putting pressure on businesses to shore up security amid a backdrop of emboldened threat actors has a nice ring to it.

By Cybersecurity Dive staff

Critical Atlassian Confluence CVE under exploit by prolific state-linked actor

Microsoft researchers warn a threat actor with ties to China has been exploiting the vulnerability since mid-September.

By David Jones • Oct. 13, 2023

Microsoft tops CISA’s list of exploited CVEs used in ransomware attacks

CISA updated its Known Exploited Vulnerabilities Catalog to alert organizations to CVEs linked to ransomware.

By Matt Kapko • Oct. 13, 2023

Estes cyberattack affected carrier’s phones, other communications

The LTL carrier is moving freight and remains "open for business," President and COO Webb Estes said in a video message.

By Colin Campbell • Oct. 12, 2023

Progress Software’s financial hit from MOVEit cuts deeper

With insurance coverage dwindling, and class-action lawsuits and financial restitution claims piling up, more trouble could be on the way for the software company.

By Matt Kapko • Oct. 11, 2023

Most CISOs confront ransomware — and pay ransoms

The number of ransomware attacks organizations face has a direct correlation with the frequency with which ransoms are paid.

By Matt Kapko • Oct. 11, 2023

Cloud giants sound alarm on record-breaking DDoS attacks

Google, AWS and Cloudflare warned the HTTP/2 Rapid Reset attacks are beyond anything ever recorded. 

By David Jones • Oct. 10, 2023

Caesars Entertainment says social-engineering attack behind August breach

In a filing with the Maine attorney general, the gaming company said the attack began in mid-August and impacted tens of thousands of the state's residents.

By David Jones • Oct. 9, 2023

5 ways to help instill a cybersecurity culture within your organization

Educate your workforce on the importance of mitigating cybersecurity threats to help prevent a cyberattack on your organization.

Oct. 9, 2023

MGM Resorts’ Las Vegas area operations to take $100M hit from cyberattack

The Bellagio and Mandalay Bay casino operator said hotel occupancies are down and certain customer data up to March 2019 was stolen. 

By David Jones • Oct. 6, 2023

Clorox warns of quarterly loss related to August cyberattack, production delays

The company expects a significant financial impact stemming from the recent cyberattack, which is reportedly linked to the Scattered Spider threat group.

By David Jones • Oct. 5, 2023

Estes reports cyberattack caused ongoing tech outage

The Richmond-based LTL carrier said its drivers and dockworkers are continuing to move customers' freight.

By Colin Campbell • Oct. 5, 2023

Cyberattack against Johnson Controls sparks downstream concerns

Worries mounted quickly after the attack on the building automation and industrial control systems vendor, which works extensively with multiple federal agencies.

By Matt Kapko • Oct. 5, 2023

Multiple exploits hit Progress Software’s WS_FTP Server

A Progress spokesperson criticized unnamed third parties for releasing a proof of concept that "provided threat actors a roadmap on how to exploit the vulnerabilities."

By Matt Kapko • Oct. 3, 2023

Clorox resumes normal plant operations in the wake of cyberattack

The Pine-Sol maker said it was scaling up production to replenish inventories following an extended product shortage.

By David Jones • Oct. 2, 2023

Johnson Controls hit by ‘severe’ cyberattack

The manufacturer of industrial control systems, security systems and HVAC equipment, said it’s still assessing what information was impacted.

By Matt Kapko • Sept. 28, 2023

Progress Software says business impact ‘minimal’ from MOVEit attack spree

While the company reported $951,000 in cyber incident and vulnerability response expenses for its third quarter, they represent just a sliver of its revenue.

By Matt Kapko • Sept. 28, 2023

Caesars Entertainment faces class action lawsuits following rewards database hack

At least four separate plaintiffs allege the company was negligent for allowing their sensitive personal data to be stolen in a social engineering attack by criminal threat groups. 

By David Jones • Sept. 27, 2023

Campbell Soup says summer cyberattack caused limited business impact

The company will incur some costs, but it considers the disruption nonmaterial.

By David Jones • Sept. 26, 2023

Royal lurked in Dallas’ systems weeks before ransomware attack

The prolific threat actor gained initial access on April 7 and stole almost 1.2 TB of data before it deployed ransomware on May 3, city officials said in a post-attack report.

By Matt Kapko • Sept. 25, 2023

MGM Resorts warns customers of fraud as it faces class action lawsuits

The plaintiffs claim the company was negligent for failing to protect customer data despite prior warnings about previous attacks.

By David Jones • Sept. 25, 2023

Guard against SMS phishing in your organization

How to Guard Against SMS Phishing In Your Organization with Secure Service Desk Verification.

Sept. 25, 2023

MGM Resorts says hotel, casino operations back up and running

The company was still working to restore online functionality for hotel reservations and rewards program users following a major cyberattack.

By David Jones • Sept. 21, 2023

Clorox warns of product shortages a month after disclosing cyberattack

The household product maker said the incident damaged IT systems and will have a material effect on its fiscal Q1 performance.

By David Jones • Sept. 18, 2023