AlphV’s bid to report its victim to the SEC could backfire
The ransomware group AlphV reported a victim to the SEC for failing to report a cybersecurity incident, placing government regulators in a precarious position.
MOVEit Transfer saga shows danger of the 'Dark Middle'
When attackers find vulnerabilities in software used by service providers with dozens or hundreds of clients, the impact of a breach can quickly spiral out of control.
Bad torts: Law firms feel the heat from rising cyber threats
Experts say the sensitive data law firms hold and their lagging attention to cybersecurity make them prime targets.
Death by digital: attacks on healthcare put people at risk
At least one person has died as what was arguably the direct result of a digital attack on a hospital, but cybercriminals seem unlikely to stop.
Dark Caracal: A bumbling, yet surprisingly effective, cyber mercenary group
At DEF CON, EFF security researcher Cooper Quintin discussed a mysterious group called Dark Caracal that has proven effective despite making many mistakes.
Attackers are on the edge. Where are defenders?
VPNs, virtualization hosts, secure email gateways and other network “edge” devices have become a common entry point for attackers in significant enterprise breaches. How can defenders respond?
2022 was the year of crippling ransomware attacks on small countries
The country of Vanuatu is the latest victim in a string of crippling ransomware attacks on small countries this year. Experts say various motives underlie these incidents but disagree on whether this trend reflects a shift in threat actors away from well-resourced Western nations.
Uber hack jolts outlook for MFA, cybersecurity regulations
A teenager believed to be associated with the Lapsus$ cybercriminal group hacked Uber last week, putting wind in the sails of U.S. efforts to enact stricter cybersecurity rules.
Deep-rooted firmware cyberthreats put defenders in a bind
Recent cyberthreats targeting firmware technology have underscored how tricky it is to weed out malware that can start wreaking havoc before infected computers even boot up.
Ghosts of Log4j: Open-source vulnerabilities confound software developers
Most of the code in typical applications comes from open-source projects, importing dozens — and often, hundreds — of components created by volunteers. As the Log4j incident shows, those deep dependencies can carry critical vulnerabilities.
Page