News

News

• July 31, 2024 31 Jul'24

  Microsoft confirms DDoS attack disrupted cloud services

  Microsoft suffered a DDoS attack on Tuesday that caused massive outages for customers around the world.

• July 30, 2024 30 Jul'24

  Microsoft: Ransomware gangs exploiting VMware ESXi flaw

  VMware ESXi has proven to be a popular target for ransomware threat actors and a challenge for enterprises to patch.

• July 29, 2024 29 Jul'24

  How the Change Healthcare attack may affect cyber insurance

  UnitedHealth's Change Healthcare attack continued to show the devastating aftermath of supply chain attacks. Experts say it could change contingent language for future policies.

• July 26, 2024 26 Jul'24

  Researcher says deleted GitHub data can be accessed 'forever'

  Truffle Security researcher Joe Leon warned GitHub users that deleted repository data is never actually deleted, which creates an "enormous attack vector" for threat actors.

• July 26, 2024 26 Jul'24

  BitLocker workaround may offer aid for CrowdStrike customers

  CrowdStrike customers grappling with blue screens of death from the recent IT outage may be able to sidestep BitLocker encryption schemes and recover their Windows systems.

• Sponsored News

  • Riding the Wave to Enterprise AI at Scale: The Transformation of Client Solutions

    Sponsored by Dell Technologies - While it’s true that AI is moving rapidly toward universal adoption, it is in the enterprise where AI is having its greatest impact. Enterprise AI certainly is an area of massive resource investment: Research pegs the size of the 2025 global enterprise AI market at $97 billion, growing to an astonishing $229 billion by 2030. All forms of AI—agentic AI, generative AI, machine learning, and predictive AI, to name a few—are transforming how, when, where, and why work is done. See More

  • The “Personal Touch” of AI is Undeniable, Thanks for Impressive Advances in Client Solutions

    Sponsored by Dell Technologies - The trend toward personal—and personalized—artificial intelligence (AI) has swiftly moved from interesting idea to undeniable market transformational catalyst. Research points out that 61% of U.S. adults have used AI in the past six months, with a growing number of those using it daily. This not only is an expected byproduct of widespread AI use in businesses and other enterprises, but the rapidly accelerating number of consumer-oriented use cases. See More

  • The Deepening Impact of “AI Everywhere” is Revolutionizing Client Solutions

    Sponsored by Dell Technologies - Artificial intelligence (AI) has rapidly become the technical development with the most profound impact on how we work, play, live, and interact. Although AI has been around for decades, earlier generations of expert systems, knowledge systems, and decision-support systems pale in comparison to the capabilities of the AI of today…and tomorrow. See More

  View All Sponsored News
• July 26, 2024 26 Jul'24

  CrowdStrike: 97% of Windows sensors back online after outage

  While most Windows systems are back online after last week's outage, CrowdStrike CEO George Kurtz said the vendor remains 'committed to restoring every impacted system.'

• July 24, 2024 24 Jul'24

  KnowBe4 catches North Korean hacker posing as IT employee

  KnowBe4 says it hired a new principal security engineer for its internal AI team, but quickly detected suspicious activity originating from the employee's workstation.

• July 24, 2024 24 Jul'24

  CrowdStrike: Content validation bug led to global outage

  CrowdStrike said last week's global outage was caused by a bug in the Falcon platform's content validator, which missed a defective configuration update for its Windows sensor.

• July 23, 2024 23 Jul'24

  Risk & Repeat: Faulty CrowdStrike update causes global outage

  Friday's outage, which was caused by a defective CrowdStrike channel file update, resulted in significant disruptions for airlines, critical infrastructure and more.

• July 23, 2024 23 Jul'24

  Dragos: New ICS malware FrostyGoop abuses Modbus

  Dragos published research Tuesday unveiling an industrial control systems-focused malware it dubbed FrostyGoop that targets Modbus to disrupt critical infrastructure.

• July 22, 2024 22 Jul'24

  Microsoft: Faulty CrowdStrike update affected 8.5M devices

  Microsoft says less than 1% of all Windows machines were affected by a defective CrowdStrike Falcon update on Friday, but the disruption has been widespread.

• July 19, 2024 19 Jul'24

  Defective CrowdStrike update triggers mass IT outage

  A faulty update for CrowdStrike's Falcon platform crashed customers' Windows systems, causing outages at airlines, government agencies and other organizations across the globe.

• July 18, 2024 18 Jul'24

  Fin7 helps ransomware gangs with EDR bypass

  SentinelOne found the Russia-based cybercriminal group is helping other threat actors, including ransomware gangs, to evade detection with a custom tool named AvNeutralizer.

• July 18, 2024 18 Jul'24

  Judge tosses most of SEC's lawsuit against SolarWinds

  A judge dismissed many of the charges in the U.S. Securities and Exchange Commission's lawsuit against SolarWinds and its CISO, Timothy Brown, though some charges remain.

• July 18, 2024 18 Jul'24

  Amazon CISO discusses the company's cautious approach to AI

  At the recent AWS re:Inforce 2024 conference, Amazon CISO CJ Moses spoke about the risks and threats associated with new AI technology and how the cloud giant addresses them.

• July 17, 2024 17 Jul'24

  NullBulge threat actor targets software supply chain, AI tech

  SentinelOne published new research detailing NullBulge, an emerging ransomware actor that recently claimed to have stolen data from Disney's internal Slack channels.

• July 16, 2024 16 Jul'24

  Risk & Repeat: AT&T's Snowflake database breached

  AT&T disclosed a breach in which threat actors compromised the company's Snowflake instance and stole call and text records from 'nearly all' the company's cellular customers.

• July 15, 2024 15 Jul'24

  Experts weigh in on Snowflake database MFA features

  In response to a wave of recent attacks on customers, Snowflake introduces new authentication offerings that enable administrators to require MFA for all user accounts.

• July 12, 2024 12 Jul'24

  AT&T breach affects 'nearly all' customers' call, text records

  Fallout from the attacks on Snowflake customers continues as AT&T is the latest victim organization to disclose a data breach stemming from a compromised cloud instance.

• July 11, 2024 11 Jul'24

  Ransomware gangs increasingly exploiting vulnerabilities

  New research from Cisco Talos highlighted three of the most popular known vulnerabilities that were exploited by ransomware gangs for initial access during 2023 and 2024.

• July 10, 2024 10 Jul'24

  Check Point sheds light on Windows MSHTML zero-day flaw

  A Check Point Software Technologies researcher who discovered CVE-2024-38112 said the Windows spoofing vulnerability may have been exploited as far back at January 2023.

• July 09, 2024 09 Jul'24

  Microsoft fixes 2 zero-days in massive July Patch Tuesday

  Microsoft disclosed and patched a whopping 142 vulnerabilities in a busy Patch Tuesday that included two zero-day flaws under active exploitation in the wild.

• July 09, 2024 09 Jul'24

  Governments issue warning on China's APT40 attacks

  Government agencies say APT40 continues to pose significant risk to organizations across the globe by exploiting vulnerabilities in public-facing applications.

• July 09, 2024 09 Jul'24

  Risk & Repeat: Hacks, lies and LockBit

  Months after an international law enforcement effort disrupted the notorious ransomware-as-a-service operation, LockBit falsely claimed that it breached the U.S. Federal Reserve.

• July 08, 2024 08 Jul'24

  Ransomware hits CDK Global, public sector targets in June

  The prevalent threat continued to cause disruptions last month as city halls were forced to close and auto dealerships faced downstream effects after an attack against CDK Global.

• July 01, 2024 01 Jul'24

  Critical OpenSSH vulnerability could affect millions of servers

  Exploitation against CVE-2024-6387, which Qualys nicknamed 'regreSSHion,' could let attackers bypass security measures and gain root access to vulnerable servers.

• June 28, 2024 28 Jun'24

  TeamViewer breached by Russian state actor Midnight Blizzard

  TeamViewer says a Russian state-sponsored threat actor known as Midnight Blizzard gained accessed to the company's corporate network via compromised employee credentials.

• June 27, 2024 27 Jun'24

  Supply chain attacks conducted through Polyfill.io service

  In February, a Chinese company named Funnell bought the Polyfill.io domain, which sparked concerns in the infosec community about potential supply chain threats.

• June 26, 2024 26 Jun'24

  LockBit claim about hacking U.S. Federal Reserve fizzles

  Evolve Bank & Trust confirmed that it was affected by a cybersecurity-related incident, but has not yet said whether the LockBit ransomware gang was responsible.

• June 26, 2024 26 Jun'24

  MoveIt Transfer vulnerability targeted amid disclosure drama

  Progress Software's MoveIt Transfer is under attack again, just one year after a Clop ransomware actor exploited a different zero-day MoveIt flaw against thousands of customers.

• June 25, 2024 25 Jun'24

  CISA discloses breach of Chemical Security Assessment Tool

  The breach, which CISA first disclosed in March, stemmed from Ivanti zero-day vulnerabilities that a Chinese nation-state threat actor first exploited in January.

• June 24, 2024 24 Jun'24

  Corvus: Cyber insurance premiums see 'stabilization'

  Corvus Insurance's Peter Hedberg provided insight into the cyber insurance landscape after a tumultuous 2023 and what enterprises can expect moving forward.

• June 21, 2024 21 Jun'24

  Biden administration bans Kaspersky Lab products in US

  The Biden administration announced a ban on Kaspersky Lab products inside the United States due to the antivirus vendor's ties with the Russian government.

• June 20, 2024 20 Jun'24

  SolarWinds Serv-U vulnerability under attack

  The Centre for Cybersecurity Belgium observed exploitation against CVE-2024-28995, a high-severity vulnerability in SolarWind's Serv-U file transfer product.

• June 20, 2024 20 Jun'24

  Phoenix SecureCore UEFI firmware bug affects Intel processors

  Multiple Intel processors and hundreds of PC models are potentially vulnerable to a recently disclosed vulnerability in Phoenix SecureCore UEFI firmware.

• June 20, 2024 20 Jun'24

  How Amazon's decision to ditch Active Directory paid off

  Amazon's decision to build its own identity and access management system was an expensive one, but an infamous supply chain attack validated the move.

• June 18, 2024 18 Jun'24

  Risk & Repeat: Microsoft under fire again over Recall

  Microsoft made changes to its AI-driven Recall feature, but that didn't stop Congress from grilling company president Brad Smith during a House committee hearing.

• June 18, 2024 18 Jun'24

  EPAM denies link to Snowflake customer attacks

  EPAM, a Belarusian software company, said an investigation found no evidence that it was connected to recent attacks against Snowflake customer databases.

• June 17, 2024 17 Jun'24

  Alex Stamos on how to break the cycle of security mistakes

  In an interview, SentinelOne's Alex Stamos discussed the importance of security by design and why it needs to be applied to emerging technologies, including generative AI.

• June 14, 2024 14 Jun'24

  Congress grills Microsoft president over security failures

  Microsoft President Brad Smith testifies on a wide range of issues, including Chinese and Russian nation-state attacks, the controversial AI-powered Recall feature and more.

• June 13, 2024 13 Jun'24

  Microsoft's Recall changes might be too little, too late

  Criticism of Microsoft's Recall feature continues even after the software giant announced several updates to address concerns from the infosec community.

• June 12, 2024 12 Jun'24

  AWS touts security culture, AI protections at re:Inforce 2024

  AWS executives highlighted the company's longstanding security, which evoked comparisons to its chief cloud rival Microsoft and the recent Cyber Safety Review Board report.

• June 12, 2024 12 Jun'24

  Black Basta might have exploited Microsoft flaw as zero-day

  While investigating a ransomware attack, Symantec found evidence that suggests Black Basta threat actors exploited a Microsoft vulnerability as a zero-day.

• June 12, 2024 12 Jun'24

  Acronis XDR expands endpoint security capabilities for MSPs

  Extended detection and response capabilities for the Acronis platform can automatically lock accounts and generate incident summaries for MSPs looking for additional security.

• June 10, 2024 10 Jun'24

  Mandiant: 'Exposed credentials' led to Snowflake attacks

  According to new threat research, Mandiant is reporting that UNC5537 conducted attacks against Snowflake database customers at least as early as April 14.

• June 06, 2024 06 Jun'24

  Critical Progress Telerik vulnerability under attack

  Threat actors are targeting vulnerable Progress Telerik Report Server systems just days after a proof of concept was published detailing a vulnerability exploit chain.

• June 06, 2024 06 Jun'24

  Ransomware ravaged schools and cities in May

  The public sector took the brunt of ransomware in May, while another damaging attack against a healthcare company disrupted patient access to pharmacy services.

• June 05, 2024 05 Jun'24

  Risk & Repeat: Sorting out Snowflake's security mess

  This podcast episode discusses the recent attacks against Snowflake customers and a controversial report that claimed the cloud storage and analytics giant had been breached.

• June 04, 2024 04 Jun'24

  Tenable warns of vulnerability in Azure service tags

  Microsoft disagreed with Tenable's assessment, saying the security issue in Azure service tags is not a vulnerability and that additional authentication layers are required.

• June 03, 2024 03 Jun'24

  Mandiant: Ransomware investigations up 20% in 2023

  The cybersecurity company observed a sharp rise in activity on data leak sites in 2023 as well as an increase in ransomware actors using legitimate commercial tools during attacks.

• June 03, 2024 03 Jun'24

  Hugging Face tokens exposed, attack scope unknown

  After detecting unauthorized access on its Spaces platform, Hugging Face disclosed that customer secrets might have been exposed and began revoking access tokens.

• June 03, 2024 03 Jun'24

  Snowflake: No evidence of platform breach

  Snowflake on Saturday issued a joint statement with third-party investigators Mandiant and CrowdStrike denying reports that its platform had been breached.

• May 31, 2024 31 May'24

  Threat actor compromising Snowflake database customers

  A threat actor tracked as UNC5537 is using stolen credentials against Snowflake database customers to conduct data theft and extortion attacks, cloud security firm Mitiga said.

• May 30, 2024 30 May'24

  Law enforcement conducts 'largest ever' botnet takedown

  An international law enforcement effort called 'Operation Endgame' disrupted several infamous malware loaders and botnets used by ransomware gangs and other cybercriminals.

• May 29, 2024 29 May'24

  Check Point discovers vulnerability tied to VPN attacks

  While Check Point identified CVE-2024-24919 as the root cause behind recent attack attempts on its VPN products, it's unclear if threat actors gained access to customer networks.

• May 28, 2024 28 May'24

  Check Point warns of threat actors targeting VPNs

  Check Point said threat actors were targeting a small number of customers by attempting to compromise local VPN accounts that only utilized passwords for authentication.

• May 28, 2024 28 May'24

  How AI could bolster software supply chain security

  Supply chain risks have become more complicated and continue to affect a variety of organizations, but Synopsys' Tim Mackey believes AI could help create more secure software.

• May 23, 2024 23 May'24

  CISA executive director discusses CIRCIA, incident reporting

  CISA Executive Director Brandon Wales speaks with TechTarget Editorial to discuss CIRCIA and the importance of incident reporting to the larger cybersecurity ecosystem.

• May 23, 2024 23 May'24

  93% of vulnerabilities unanalyzed by NVD since February

  New research from VulnCheck shows the NIST's National Vulnerability Database has struggled to manage a growing number of reported vulnerabilities this year.

• May 22, 2024 22 May'24

  Arctic Wolf CPO: Most AI deployment is generic, 'pretty weak'

  Dan Schiappa, chief product officer at Arctic Wolf, said that while generative AI technology has enormous potential, many companies are deploying it for the wrong reasons.

• May 21, 2024 21 May'24

  Critical bug discovered in open source utility Fluent Bit

  Tenable researchers discovered a critical vulnerability, dubbed 'Linguistic Lumberjack,' in Fluent Bit, an open source logging utility widely used by major cloud providers.

• May 21, 2024 21 May'24

  Rapid7 warns of alarming zero-day vulnerability trends

  The cybersecurity vendor tracked vulnerabilities that were used by threat actors in mass compromise events and found more than half were exploited as zero days.

• May 20, 2024 20 May'24

  CyberArk to acquire Venafi from Thoma Bravo for $1.5B

  CyberArk said it intends to help enterprises with the growing number of machine identities, which the company said surpasses human identities by a ratio of 40 to 1.

• May 16, 2024 16 May'24

  What LockBitSupp charges mean for ransomware investigations

  At RSA Conference 2024, Recorded Future's Allan Liska discussed evolving ransomware trends and how authorities recently exposed the LockBit ransomware group ringleader.

• May 16, 2024 16 May'24

  IBM sells QRadar SaaS assets to Palo Alto Networks

  The deal with Palo Alto Networks comes one year after IBM announced QRadar Suite, an AI-enhanced security platform that combined existing SIEM and XDR products.

• May 15, 2024 15 May'24

  Risk & Repeat: Recapping RSA Conference 2024

  Artificial intelligence was center stage at RSA Conference 2024, but the show also focused on secure-by-design principles, the ransomware landscape and more.

• May 15, 2024 15 May'24

  AI-driven attacks seen as chief cloud security threat

  Tried and true cloud security threats are on the rise. But according to a new report from Palo Alto Networks, the specter of generative AI threats has organizations concerned.

• May 14, 2024 14 May'24

  Google discloses 2 zero-day vulnerabilities in less than a week

  Google released fixed versions to address the two vulnerabilities in its Chrome web browser, but the updates will roll out in stages with no specific dates available.

• May 14, 2024 14 May'24

  SonicWall CEO talks transformation, security transparency

  SonicWall's CEO said that following a string of serious vulnerabilities the company responded to in 2021, product development and quality assurance operations were overhauled.

• May 10, 2024 10 May'24

  US officials optimistic on AI but warn of risks, abuse

  Federal government leaders at RSA Conference 2024 touted the benefits of AI pilot programs but also outlined how a variety of threat actors are currently abusing the technology.

• May 09, 2024 09 May'24

  Dell 'security incident' might affect millions

  Dell notified customers that a company portal connected to customer data exposed orders, names and addresses, while reports indicate the data is now up for sale on the dark web.

• May 09, 2024 09 May'24

  'Secure by design' makes waves at RSA Conference 2024

  Cybersecurity vendors and public sector organizations heavily promoted the secure by design approach, particularly for generative AI tools and projects.

• May 08, 2024 08 May'24

  National Security Agency warns against paying ransoms

  Rob Joyce and David Luber, former and current directors of cybersecurity at the NSA, discuss how the ransomware attack on Change Healthcare exemplified the cons of paying ransoms.

• May 08, 2024 08 May'24

  Experts highlight progress, challenges for election security

  Infosec professionals at RSA Conference 2024 discuss digital and physical security challenges for election cycles across the globe in a post-COVID-19 landscape.

• May 08, 2024 08 May'24

  White House: Threats to critical infrastructure are 'severe'

  While the White House released the new National Cybersecurity Strategy last year to help combat threats to critical infrastructure organizations, attacks have continued.

• May 08, 2024 08 May'24

  Microsoft touts expansion of Secure Future Initiative

  At RSA Conference 2024, Microsoft vice president Vasu Jakkal discussed some of the criticisms leveled against the company and how the Secure Future Initiative will address them.

• May 07, 2024 07 May'24

  SentinelOne: Ransomware actors are adapting to EDR

  At RSA Conference 2024, SentinelOne's Alex Stamos discussed ongoing global threats such as ransomware and how threat actors are changing their techniques.

• May 07, 2024 07 May'24

  Authorities identify, sanction LockBit ransomware ringleader

  After weeks of waiting, authorities in the U.S., the U.K. and Australia publicly identified 'LockBitSupp,' the mysterious operator behind the prolific LockBit ransomware gang.

• May 07, 2024 07 May'24

  U.S. agencies continue to observe Volt Typhoon intrusions

  A panel of experts at RSA Conference 2024 discussed Volt Typhoon and warned the Chinese nation-state threat group is still targeting and compromising U.S. organizations.

• May 06, 2024 06 May'24

  Google unveils new threat intelligence service at RSAC 2024

  Google Threat Intelligence combines investigation findings from Mandiant with crowdsourced intelligence from VirusTotal and operationalizes the data with Google's Gemini AI model.

• May 06, 2024 06 May'24

  Recorded Future observes 'concerning' hacktivism shift

  At RSA Conference 2024, Recorded Future detailed alarming trends as nation-state attackers operate under the guise of hacktivism to cover real threats to organizations.

• May 06, 2024 06 May'24

  Splunk details Sqrrl 'screw-ups' that hampered threat hunting

  At RSA Conference 2024, Splunk's David Bianco emphasizes that enterprises need revamped threat hunting frameworks to help with threat detection and response challenges.

• May 06, 2024 06 May'24

  IBM study shows security for GenAI projects is an afterthought

  IBM's survey of C-suite executives finds that 82% say trustworthy and secure AI are essential, but only 24% have a security component included in their GenAI projects.

• May 06, 2024 06 May'24

  Cisco details Splunk security integrations, AI developments

  Just two months after Cisco completed its $28 billion acquisition of analytics giant Splunk, the company added XDR capabilities into Splunk Enterprise Security.

• May 02, 2024 02 May'24

  Dropbox discloses data breach involving Dropbox Sign

  A threat actor accessed Dropbox Sign customer names, emails, hashed passwords, API keys, OAuth tokens, multifactor authentication information and other data.

• May 01, 2024 01 May'24

  U.S. warns of pro-Russian hacktivist attacks against OT systems

  CISA calls on OT device manufacturers to implement more effective security protocols as attacks against critical infrastructure organizations continue.

• May 01, 2024 01 May'24

  Verizon DBIR: Vulnerability exploitation in breaches up 180%

  Verizon said it examined approximately twice as many breaches for the 2024 Data Breach Investigations Report -- 10,626 out of 30,458 total tracked incidents.

• April 30, 2024 30 Apr'24

  Change Healthcare breached via Citrix portal with no MFA

  UnitedHealth Group CEO Andrew Witty's opening statement for Wednesday's congressional hearing shed more light on the ransomware attack against Change Healthcare.

• April 25, 2024 25 Apr'24

  Risk & Repeat: Change Healthcare's bad ransomware bet

  This Risk & Repeat podcast discusses Change Healthcare's ransomware attack and the apparent further spread of sensitive data despite the company paying a ransom.

• April 25, 2024 25 Apr'24

  Dymium scares ransomware attacks with honeypot specters

  Dymium, a security startup that recently emerged from stealth, offers ransomware defense for data stores with a network of honeypot traps for spoofing attackers.

• April 25, 2024 25 Apr'24

  Cisco zero-day flaws in ASA, FTD software under attack

  Cisco revealed that a nation-state threat campaign dubbed 'ArcaneDoor' exploited two zero-day vulnerabilities in its Adaptive Security Appliance and Firepower Threat Defense products.

• April 24, 2024 24 Apr'24

  Critical CrushFTP zero-day vulnerability under attack

  While a patch is now available, a critical CrushFTP vulnerability came under attack as a zero-day and could allow attackers to exfiltrate all files on the server.

• April 24, 2024 24 Apr'24

  Coalition: Insurance claims for Cisco ASA users spiked in 2023

  Coalition urged enterprises to be cautious when using Cisco and Fortinet network boundary devices as attackers can leverage the attack vectors to gain initial access.

• April 24, 2024 24 Apr'24

  GitHub vulnerability leaks sensitive security reports

  The vulnerability is triggered when GitHub users correct code or other mistakes they discover on repositories. But GitHub does not believe it warrants a fix.

• April 23, 2024 23 Apr'24

  U.S. cracks down on commercial spyware with visa restrictions

  The move marks the latest effort by the U.S. government to curb the spread of commercial spyware, which has been used to target journalists, politicians and human rights activists.

• April 23, 2024 23 Apr'24

  Mandiant: Attacker dwell time down, ransomware up in 2023

  Mandiant's 'M-Trends' 2024 report offered positive signs for global cybersecurity but warned that threat actors are shifting to zero-day exploitation and evasion techniques.

• April 22, 2024 22 Apr'24

  Mitre breached by nation-state threat actor via Ivanti flaws

  An unnamed nation-state threat actor breached Mitre through two Ivanti Connect Secure zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, disclosed earlier this year.

• April 19, 2024 19 Apr'24

  CISA: Akira ransomware extorted $42M from 250+ victims

  The Akira ransomware gang, which utilizes sophisticated hybrid encryption techniques and multiple ransomware variants, targeted vulnerable Cisco VPNs in a campaign last year.

• April 18, 2024 18 Apr'24

  Cisco discloses high-severity vulnerability, PoC available

  The security vendor released fixes for a vulnerability that affects Cisco Integrated Management Controller, which is used by devices including routers and servers.

• April 18, 2024 18 Apr'24

  CrowdStrike extends cloud security to Mission Cloud customers

  CrowdStrike Falcon Cloud Security and Falcon Complete Cloud Detection and Response (CDR) will be made available through the Mission Cloud One AWS MSP platform.