Threats
-
Drew Angerer via Getty Images
Microsoft alerts additional customers of state-linked threat group attacks
The company told customers the Midnight Blizzard attacks disclosed in January were more widespread than previously known.
By David Jones • June 28, 2024 -
Matt Kapko/Security Wall/Security Wall
Is the cybersecurity industry ready for AI?
As cybersecurity teams focus on how to thwart threat actors, they are missing the risks around the data they are sharing willingly.
By Sue Poremba • June 24, 2024 -
Explore the Trendline➔
ar-chi via Getty Images
TrendlineRisk Management
Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues.
By Security Wall staff -
HenrikNorway via Getty Images
IT pros worry over the data that fuels AI
More than 2 in 5 technologists have already had a negative AI experience, according to a SolarWinds survey.
By Matt Ashare • June 20, 2024 -
LeoPatrizi via Getty Images
MFA plays a rising role in major attacks, research finds
Poor configurations and deliberate MFA bypasses were at the center of numerous attacks in recent months, Cisco Talos found.
By David Jones • June 18, 2024 -
jariyawat thinsandee via Getty Images
Cyberattacks pose mounting risks to creditworthiness: Moody’s
“As more data becomes available — thanks to recently adopted disclosure requirements — attacks continue to proliferate,” a Moody’s executive said.
By Jim Tyson • June 6, 2024 -
TU IS via Getty Images
Cyber risk is rising for poorly configured OT devices
Since late last year, researchers have identified more politically motivated groups targeting water and other key critical infrastructure systems.
By David Jones • June 3, 2024 -
gorodenkoff via Getty Images
Check Point Software customers targeted by hackers using old, local VPN accounts
The incidents mark the latest attempts to compromise organizations by exploiting vulnerable edge devices used for remote access.
By David Jones • May 28, 2024 -
tonymelony via Getty Images
Cyber officials, incident response teams brace for Memorial Day weekend
The holiday weekend has emerged as a prime opportunity for ransomware attacks as security operations teams scale down for the summer.
By David Jones • May 24, 2024 -
Justin Sullivan via Getty Images
Popular LLMs are insecure, UK AI Safety Institute warns
AI models released by “major labs” are highly vulnerable to even basic attempts to circumvent safeguards, the researchers found.
By Lindsey Wilkinson • May 23, 2024 -
lnzyx for iStock via Getty Images
EPA to ramp up enforcement as most water utilities lack cyber safeguards
The agency may consider taking civil and criminal penalties against utilities following months of attacks against drinking and wastewater treatment facilities.
By David Jones • May 21, 2024 -
gorodenkoff via Getty Images
Open source threat intel platform launched weeks after malicious backdoor targeted XZ Utils
OSSF developed warning system to protect open source maintainers, developers from social engineering, active exploits.
By David Jones • May 20, 2024 -
gorodenkoff via Getty Images
Microsoft warns of hacker misusing Quick Assist in Black Basta ransomware attacks
Threat researchers say a financially-motivated attacker has deployed the tool in social-engineering attacks since April.
By David Jones • May 17, 2024 -
Matt Ashare/Security Wall
AI raises CIO cyber anxieties
Using third-party generative AI products without the proper controls exposes existing security gaps, McKinsey and Co. Partner Jan Shelly Brown said Tuesday at the MIT Sloan CIO Symposium.
By Matt Ashare • May 17, 2024 -
Permission granted by Matthew Horwood
National Cyber Director echoes past warnings: Nation-state cyber threats are mounting
State-linked actors with ties to China and Russia are growing more sophisticated in their efforts to disrupt critical infrastructure, Harry Coker Jr. said during a CyberUK conference keynote.
By David Jones • May 15, 2024 -
jariyawat thinsandee via Getty Images
Only one-third of firms deploy safeguards against generative AI threats, report finds
Generative AI gives attackers an edge over cyber defenders, according to a Splunk survey of security experts.
By Jim Tyson • May 13, 2024 -
dem10 via Getty Images
Generative AI is a looming cybersecurity threat
Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention.
By Jen A. Miller , Naomi Eide • May 8, 2024 -
Permission granted by Information Technology Industry Council
The US really wants to improve critical infrastructure cyber resilience
A report from the Office of the National Cyber Director highlights persistent threats targeting healthcare and water, echoing warnings from cyber officials earlier this year.
By David Jones • May 8, 2024 -
Cinefootage Visuals via Getty Images
Hacktivists exploiting poor cyber hygiene at critical infrastructure providers
CISA, the FBI and international partner agencies want water, energy, agriculture and other sectors to immediately reset passwords and apply multifactor authentication.
By David Jones • May 1, 2024 -
DKosig via Getty Images
Cactus ransomware targets a handful of Qlik Sense CVEs
Security researchers warn the threat group is ramping up exploitation of previously disclosed flaws in the cloud platform.
By David Jones • April 29, 2024 -
Permission granted by Fortinet
Sponsored by FortinetThe top 3 ways AI power supports a dynamic business
It’s time to welcome a new era of dynamic digital defense. Artificial intelligence (AI) is revolutionizing network security with autonomous learning, holistic collaboration and rapid response capabilities.
April 29, 2024 -
Simonkr via Getty Images
Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg
State-linked actors are using a custom tool for post exploitation activity of a vulnerability in Windows Print Spooler, which could result in credential theft and backdoor installs.
By David Jones • April 24, 2024 -
stefanovsky via Getty Images
Enterprises are getting better at detecting security incidents
Google Cloud’s Mandiant saw significant improvements in how organizations track down threats, yet hackers are still abusing common threat vectors.
By David Jones • April 23, 2024 -
Motortion via Getty Images
NSA sounds alarm on AI’s cybersecurity risks
Attack vectors unique to AI may attract malicious actors on the hunt for sensitive data or intellectual property, the NSA warned.
By Alexei Alexis • April 19, 2024 -
BrianAJackson via Getty Images
Fears rise of social engineering campaign as open source community spots another threat
Federal officials are said to be investigating potential links between the recent XZ Utils campaign and new threat activity against JavaScript project maintainers.
By David Jones • April 16, 2024 -
gorodenkoff via Getty Images
CISA to big tech: After XZ Utils, open source needs your support
The attempted malicious backdoor may have been part of a wider campaign using social engineering techniques, the open source community warned.
By David Jones • April 15, 2024
