Microsoft confirms DDoS attacks caused Azure, OneDrive outages

The DDoS attacks, targeting layer 7, were designed to overwhelm application server infrastructure and are considered especially complex to detect. 

By David Jones • Updated June 20, 2023

Another MOVEit vulnerability found, as state and federal agencies reveal breaches

The third vulnerability since Progress Software first disclosed a MOVEit Transfer zero day arrived just as CISA officials said a “small number” of federal agencies were impacted. 

By Naomi Eide • June 16, 2023

Clop names a dozen MOVEit victims, but holds back details

As its deadline expired, the ransomware group released the first batch of victim organizations, most of which were U.S.-based, ReliaQuest found.

By Naomi Eide • June 15, 2023

MOVEit customers on high alert as Clop’s deadline expires

As more compromised organizations come forward, one risk analysis firm is pushing the timeline for the vulnerability back years.

By Matt Kapko • June 14, 2023

Fortinet urges firmware upgrades after critical vulnerability at risk of malicious attacks

The warning comes just weeks after the company was linked to the Volt Typhoon campaign against U.S. critical infrastructure targets.

By David Jones • June 13, 2023

LastPass CEO reflects on lessons learned, regrets and moving forward from a cyberattack

Karim Toubba is ready to talk nearly a year after LastPass suffered a cyberattack that became one of the biggest security blunders of 2022.

By Matt Kapko • June 13, 2023

Microsoft investigating threat actor claims following multiple outages in 365, OneDrive

A hacktivist group known as Anonymous Sudan has claimed to be involved in DDoS attacks.

By David Jones • June 9, 2023

Barracuda urges customers to replace compromised ESG appliances immediately

The retirement of all compromised ESG appliances is akin to an admission the company could not remove threat actor access and recover the devices for customers.

By Matt Kapko • June 9, 2023

Clop claims hundreds of MOVEit vulnerability victims

The prolific threat actor is responsible for two of the three high-profile, actively exploited vulnerabilities in file-transfer services so far this year.

By Matt Kapko • June 8, 2023

Dallas in the homestretch of ransomware attack recovery

Security operations and tools are also getting a refresh as city officials rebuild impacted systems and make upgrades across multiple departments.

By Matt Kapko • June 7, 2023

What we know about the MOVEit vulnerabilities and compromises

Active exploits already resulted in a follow-on attack that’s impacted multiple organizations. Threat hunters are on guard and anticipate more victims.

By Matt Kapko • Updated June 12, 2023

Cybercriminals target C-suite, family members with sophisticated attacks

A study by BlackCloak and Ponemon shows senior executives are being targeted for IP theft, doxxing and extortion, often through home office networks.

By David Jones • June 5, 2023

Worries mount for MOVEit vulnerability, as likelihood of compromise expands

MOVEit has customers across highly regulated industries, exemplifying the potential damage among government, finance and healthcare organizations.

By Matt Kapko • June 5, 2023

MOVEit zero-day vulnerability under active exploit, data already stolen

Mandiant found evidence of attacks over Memorial Day weekend and said it’s possible earlier instances of exploitation may still be uncovered.

By Matt Kapko • June 1, 2023

Barracuda zero-day vulnerability exploited for 7 months before detection

The latest disclosure increases the potential for widespread compromise for customers using the security vendor’s email security gateway appliances.

By Matt Kapko • May 31, 2023

Moody’s cites credit risk from state-backed cyber intrusions into US critical infrastructure

Key sectors could face short-term revenue impacts and long-term reputational harm and litigation risk, the credit ratings service said.

By David Jones • May 31, 2023

ABB confirms ransomware attack resulted in data theft

The Switzerland-based industrial automation giant said customer systems were not directly impacted. Key services and factories remain operational.

By Matt Kapko • May 30, 2023

PyPI to mandate 2FA by the end of 2023

The mandate is part of a larger effort to prevent account takeover attacks.

By David Jones • May 30, 2023

Royal messes with Texas

A trio of ransomware attacks targeting the Dallas metro area have the hallmarks of a targeted campaign. They also underscore a very real problem: society is becoming desensitized to disruption.

By Matt Kapko • May 26, 2023

Broad campaign underway to access US critical infrastructure using small, home office devices

A state-linked actor, Volt Typhoon, is attempting to gain a foothold across U.S. networks amid rising tensions in the Pacific, Microsoft and the Five Eyes authorities said.

By David Jones • May 25, 2023

CISA updates ransomware guide 3 years after its debut

The #StopRansomware guide, updated in partnership with the FBI, NSA and MS-ISAC, reflects aggressive new techniques used by threat actors, including double extortion.

By David Jones • May 24, 2023

SMBs, regional MSPs under fire from targeted phishing attacks

Sophisticated cybercriminals are attacking vulnerable target rich and resource poor organizations to reach secondary victims via phishing campaigns, Proofpoint researchers warn.

By Matt Kapko • May 24, 2023

Dallas under pressure as Royal ransomware group threatens leak

By listing Dallas on its leak site on the dark web, Royal rebutted the city’s claims that data was not compromised during the attack.

By Matt Kapko • May 22, 2023

Dole incurs $10.5M in direct costs from February ransomware attack

The attack impacted about half of Dole's legacy company’s servers and one-quarter of its end-user computers.

By David Jones • May 18, 2023

UMass Memorial agrees to pay $1.2M to settle FLSA claims stemming from Kronos attack

A ransomware attack took the UKG product offline for weeks and has spawned several lawsuits.

By Kate Tornone • May 18, 2023