Network SecurityFBI warns of email spoofing by North Korean threat actor KimsukyLaura FrenchMay 3, 2024The state-sponsored group is exploiting weak DMARC policies to impersonate legitimate domains.
Cloud SecurityAttackers evade detection by leveraging Microsoft Graph APISteve ZurierMay 3, 2024Microsoft Graph API has become popular with hackers because running criminal ops on widely used cloud services raises less suspicion.
Vulnerability ManagementCritical GitLab account takeover flaw added to CISA’s KEV CatalogLaura FrenchMay 2, 2024More than 2,100 servers may still be vulnerable to GitLab password reset exploits.
Cloud SecurityAttackers steal API keys, OAuth tokens, in Dropbox Sign breachSteve ZurierMay 2, 2024Security pros see the Dropbox Sign breach as not just a blow to Dropbox, but a really bad day for electronic signatures.
OT SecurityPro-Russia hackers target OT weaknesses in critical infrastructureSimon HenderyMay 2, 2024Government agencies warn industry to improve their operational technology security following breaches of North American and European systems.
RansomwareVerizon’s 2024 Data Breach Investigations Report: 5 key takeawaysLaura FrenchMay 1, 2024Vulnerability exploits, pure extortion and internal risks are on the rise, while AI threats fall short.
RansomwareSenators grill UnitedHealth CEO on Change Healthcare cyberattackSteve ZurierMay 1, 2024Andrew Witty stuck with the familiar corporate line of providing consumers with two years of credit monitoring.
Network SecurityChina’s attacks on critical infrastructure ‘tip of the iceberg’Simon HenderyMay 1, 2024CISA Director Jen Easterly told lawmakers that Chinese cyberespionage threats warrants budget boost.
Incident ResponseLondon Drugs pharmacy closes all stores to respond to cyber incidentLaura FrenchApril 30, 2024More than 80 stores across Western Canada are affected by the temporary closures.
Network SecurityChange Healthcare incident caused by compromised Citrix credentialsSteve ZurierApril 30, 2024UnitedHealth Group’s CEO Andrew Witty set to testify before Congress tomorrow – security pros say there’s more to the story and it will take several more months of investigation before we know the full kill chain.
Note to investors and security pros: drive innovation by going on the offensive Bob Ackerman May 3, 2024