Cyberattacks
Cyberattacks | News, how-tos, features, reviews, and videos
![Tech Spotlight > Analytics [CSO] > An image of a bottle of poison emanating binary code.](https://images.idgesg.net/images/article/2021/04/spot_analytics_04_cso_bottle_of_poison_by_arek_socha_aka_qimono_cc0-like_via_pixabay_binary_spiral_by_gordon_johnson_aka_gdj_cc0-like_via_pixabay_3x2_2400x1600-100884336-medium.3x2.jpg)
Experts fear that Biden’s cybersecurity executive order will repeat mistakes of the past
President Biden is expected to issue an executive order soon in response to the SolarWinds and Exchange Server attacks. Leaked details suggest it might not focus on the most effective actions.
![Digital Transformation [DX] > dandelion seeds blown by a virtual wind of change](https://images.idgesg.net/images/article/2020/01/cio_dandelion_seeds_blown_by_virtual_wind_of_change_digital_transformation_flower_by_dawid_zawila_cc0_via_unsplash_abstract_digital_wave_stream_by_pete_linforth_aka_thedigitalartist_cc0_via_pixabay_1200x800-100826623-small.3x2.jpg)
The SolarWinds hack timeline: Who knew what, and when?
Impact, detection, response, and ongoing fallout from the attack on SolarWinds' Orion remote IT management software.
![A gavel rests on open law book. [law / regulation / compliance / legal liability]](https://images.idgesg.net/images/article/2020/09/gavel_mallett_rests_on_open_law_book_legal_liability_risk_regulations_compliance_by_andreypopov_gettyimages-1021544574_2400x1600-100860121-small.3x2.jpg)
States enact safe harbor laws against cyberattacks, but demand adoption of cybersecurity frameworks
Connecticut might soon follow Ohio and Utah by enacting a law that offers liability protection against ransomware and other cyberattacks, but only if victims follow security best practices.
US government calls for better information sharing in wake of SolarWinds, Exchange attacks
The Biden administration seeks ways to better gather and share security intelligence from the private sector, but experts see barriers to success.
Ryuk ransomware explained: A targeted, devastatingly effective attack
Ryuk ransomware attacks are targeted to the most vulnerable, most likely to pay companies and are often paired with other malware such as TrickBot.
The SolarWinds Senate hearing: 5 key takeaways for security admins
Testimony by key security executives in the US Senate reveal how unprepared most organizations are for supply chain attacks. Here are the lessons security admins should learn from it.
5 questions CISOs should be able to answer about software supply chain attacks
The SolarWinds attack put a spotlight on the threats that compromised third-party software present organizations. Here are the top questions executive management, boards and partners are asking CISOs about their preparedness.
Why the Microsoft Exchange Server attack isn’t going away soon
For some victims, patching and proper forensics will be difficult, plus new threat actors are now exploiting the same Exchange Server vulnerabilities.
How to patch Exchange Server for the Hafnium zero-day attack
Admins in many businesses report indicators of compromise from an Exchange zero-day vulnerability. Don't assume you're not a target. Investigate for signs of the attack and patch now.
![Tech Spotlight > Cybersecurity [CSO] > Hands gesture in conversation](https://images.idgesg.net/images/article/2021/03/spot_cybersecurity_02_cso_hands_gestures_talking_by_rawpixel_cc0_abstract_security_by_jeff_hu_gettyimages-1221975486-100879633-small.3x2.jpg){kind=tracking}
4 ways to keep the cybersecurity conversation going after the crisis has passed
Executives and board members focus more on cybersecurity when there’s immediate danger. Here’s how CISOs can use a crisis like SolarWinds to translate security into business strategy.
The biggest data breach fines, penalties, and settlements so far
Hacks and data thefts, enabled by weak security, cover-ups or avoidable mistakes have cost these companies a total of nearly $1.3 billion and counting.
Chinese cyberespionage group hacks US organizations with Exchange zero-day flaws
Microsoft believes Chinese APT group Hafnium is using a set of previously unknown Exchange Server vulnerabilities to access mailbox contents and perform remote code execution.
Cyber Diplomacy Act aims to elevate America's global cybersecurity standing
The new bill has bipartisan support to improve the US's ability to prevent and respond to cyberattacks and correct missteps of the Trump administration.
New York issues cyber insurance framework as ransomware, SolarWinds costs mount
The state looks to protect one of its core industries, which is threatened by mounting and potentially "unsustainable" losses due to the SolarWinds and ransomware attacks.
Egregor ransomware group explained: And how to defend against it
Egregor is one of the most rapidly growing ransomware families. It employs "double ransom" techniques to threaten reputational damage and increase pressure to pay.
CSO's guide to the worst and most notable ransomware
The ransomware gangs and their malware listed here have victimized millions of companies and caused billions of dollars in costs.
How ransomware negotiations work
Here's what experienced negotiators say your organization should expect if it ever needs to pay a ransomware demand.
Oldsmar cyberattack raises importance of water utility assessments, training
The attempt to poison a city's water supply by remotely accessing its ICS underscores the need for cybersecurity assistance at under-resourced critical infrastructure facilities.
-
Solution Brief
Sponsored -
White Paper
-
Video/Webcast
Sponsored -
White Paper
-
White Paper
