CrowdStrike soars on security tool consolidation demand

US leads takedown of Qakbot malware, which automated initial infections

Cyber insurance providers increase scrutiny on enterprise risk, report finds

MOVEit attack victim count surpasses 1,000 organizations

Corporate boards expand cybersecurity risk oversight, report finds

Generative AI tips and warnings from 5 providers

Software industry urged to assume risk on open source security

Ransoming Linux and ESXi systems is getting easier

For security to benefit from AI, companies need to shore up their data

Barracuda ESG zero-day exploit still under way after patches fail

Government investigation puts spotlight on password insecurity

Hackers target Pentagon contract site via compromised routers

Ransomware attack dwell times fall, pressuring companies to quickly respond

Zoom’s AI terms overhaul sets stage for broader data use scrutiny

SentinelOne pursues potential sale amid slow growth, report says

MOVEit attack spree makes Clop summer’s most prolific ransomware group

Cuba ransomware group exploits Veeam to hit critical infrastructure

Palo Alto Networks closely watched ahead of late Friday Q4 report

Cyber authorities have a plan to defend remote monitoring tools

Security basics aren’t so basic — they’re hard

Suncor CEO says company mostly recovered from June cyberattack

SEC cyber rules ignite tension between reputation and security risk

AWS customers’ most common security mistake

Automotive data privacy under scrutiny in California

Chamber of Commerce urges SEC to delay cyber rule implementation

How disjoined threat intelligence limits companies — and what to do about it

Dallas to pay vendors $8.6M for their ransomware recovery services

Microsoft, cloud security under the microscope with federal cyber review

TIAA hit with class-action lawsuit over MOVEit data breach

Lock your doors to Kerberos golden ticket attacks

3 best practices from the White House K-12 cybersecurity summit

White House wants input on open source security, memory-safe languages

Why Walden thinks this national cybersecurity strategy will work

New York rolls out statewide cybersecurity strategy

4 ways organizations can take back the advantage from attackers

White House launches AI cyber competition to fix software vulnerabilities

NIST releases draft overhaul of its core cybersecurity framework

Rapid7 to cut 18% of workforce, shutter certain offices

The MOVEit spree is as bad — or worse — than you think it is

Cyber insurer Resilience raises $100M in expansion bid

Threat actors abuse valid accounts using manual tactics, CrowdStrike says

AWS pledges $20M to K-12 cyber training, incident response

CISA seeks to address visibility, resilience in 3-year strategic plan

White House rolls out millions in funding to combat K-12 cyberattacks

Ransomware attack on Prospect Medical Holdings impacts hospitals across 4 states

C-suite, rank-and-file at odds over security’s role

Broad SBOM adoption takes root as businesses watch their supply chains

Inside the most-commonly exploited CVEs of 2022

Generative AI risks loom as businesses increase investments

Tenable CEO calls out Microsoft delay on months-old Azure vulnerability

Poor access management besets most cloud compromises, Google says

Hot Topic hit by automated credential stuffing attack spree

Businesses improved cyber incident response times following Log4j, report finds

White House looks to close massive cyber skills gap

Tempur Sealy responding to cyberattack that disrupted operations

MoveIT breach exposes data of 612K Medicare beneficiaries, CMS says

Reddit names seasoned IT security leader as new CISO

How to communicate data risk to the business

Valid account credentials are behind most cyber intrusions, CISA finds

New Jersey Supreme Court to hear Merck insurance dispute over NotPetya attack

TSA revises security directives for oil and gas pipelines to test resilience

SEC votes to overhaul disclosure rules for material cyber events

Mandiant finds no evidence of data or cryptocurrency theft in JumpCloud attack

White House taps longtime military, intelligence leader for national cyber director

New York cyber lead warns of what states face in critical infrastructure defense

To execute the national cyber strategy, it’s going to take the whole US government

Average cost of healthcare data breach reaches $11M, report finds

Citrix zero day exposes critical infrastructure, one provider hit

Investigations are causing data breach costs to skyrocket, IBM finds

White House secures safety commitments from 7 AI companies

Microsoft attackers may have data access beyond Outlook, researchers warn

JumpCloud cyberattack hits up to 5 customers, 10 devices

US government plays catchup on phishing-resistant MFA

DDoS attacks, growing more sophisticated, surged in Q2

GoTo, parent company to LastPass, names new CISO

Microsoft offers free security logs amid backlash from State Department hack

Estée Lauder takes down some systems following cyberattack

White House unveils consumer labeling program to strengthen IoT security

UKG agrees to pay up to $6M in lawsuit tied to 2021 breach

Microsoft hardens key issuance systems after state-backed hackers breach Outlook accounts

Cyberattack compromised JumpCloud customer environments

Block known breached passwords from your active directory

Cybersecurity funding drops sharply in Q2

Johns Hopkins hit with class action suit following MOVEit data breach

IronNet restructures management in deal to go private

RomCom uses Word documents in new phishing campaign, Microsoft warns

Microsoft warns China-linked APT actor hacked US agency, other email accounts

White House shares the 69 initiatives slated to shore up national cybersecurity

Fed ends Capital One breach-related enforcement action

FCC chair proposes $200M investment to boost K-12 cybersecurity

MOVEit mass exploit timeline: How the file-transfer service attacks entangled victims

Rockwell Automation, Honeywell warned of critical vulnerabilities in industrial products