News

Conceptual image of a network of executives / silhouettes of executives in motion.

New US CISO appointments, February 2021

United States Capitol building / United States Congress / abstract security concept

Cyber Diplomacy Act aims to elevate America's global cybersecurity standing

CSO > cyber insurance / umbrella hub connected to connected devices and online activities

New York issues cyber insurance framework as ransomware, SolarWinds costs mount

The state looks to protect one of its core industries, which is threatened by mounting and potentially "unsustainable" losses due to the SolarWinds and ransomware attacks.

ransomware breach hackers dark web

Egregor ransomware takes a hit after arrests in Ukraine

Ukrainian, French and US operation targets ransomware group members and takes down its infrastructure.

cso security hack breach water leak gettyimages 466029458 by firmafotografen 2400x1600px

Oldsmar cyberattack raises importance of water utility assessments, training

The attempt to poison a city's water supply by remotely accessing its ICS underscores the need for cybersecurity assistance at under-resourced critical infrastructure facilities.

Unitd States cybersecurity > U.S. flag with a digital network of locks instead of stars

Biden administration brings expertise, new attitude to cybersecurity

The US president promises a reckoning for SolarWinds hackers and places cybersecurity at the top of the administration's agenda.

human weak link cybersecurity primary

Supply chain attacks show why you should be wary of third-party providers

The weak link in your enterprise security might lie with partners and suppliers. Here’s how to understand and mitigate that risk.

spider dark web bug virus poisonous threat weave pattern by steve norris getty

Sprite Spider emerging as one of the most destructive ransomware threat actors

Having flown under the radar for several years, the Sprite Spider group is using a ransomware code suite that is effective and hard to detect.

Botnet Trouble / Botnet army

TrickBot returns with campaign against legal and insurance firms

The new iteration of the TrickBot botnet, which had enabled Ryuk and other ransomware attacks, uses malicious links in emails rather than rogue email attachments.

CSO > Botnets

Law enforcement takes over Emotet, one of the biggest botnets

Multi-national cooperation removes this key malware delivery service as a threat, at least temporarily.

A computer monitor displays abstract data, a skill and crossbones, and 'HACKED.'

SonicWall warns customers about zero-day vulnerabilities

Attack targets SonicWall's SMA Series access management gateways and is another in a string of incidents against security vendors.

padlock / Domain Name System / DNS / ICANN / security

Flaws in widely used dnsmasq software leave millions of Linux-based devices exposed

A set of seven vulnerabilities, called DNSpooq, allows attackers to redirect users or execute malicious code. Patch dnsmasq now.

ransomware attack

New Intel CPU-level threat detection capabilities target ransomware

The new capabilities in the Intel mobile processors will make it harder for ransomware to avoid detection.

United States Capitol building / United States Congress / abstract security concept

SolarWinds hack is quickly reshaping Congress’s cybersecurity agenda

More cybersecurity funding for states and Capitol, new breach reporting rules, and ransomware-related bills will likely be on the agenda for the 117th Congress.

power plant utilities energy innovation industrial iot american public power association unsplash

US bulk energy providers must now report attempted breaches

US bulk energy providers must now report attempted breaches as well as successful breaches. Guidance is murky over what constitutes an "attempted" breach.

Load More