10 lessons Fannie Mae learned redesigning its security network

The lending company experienced minor hiccups while building out micro-segmentation. 

By Samantha Schwartz • Sept. 16, 2019

Internet treated casually, but it's 'live-fire combat,' experts say

Nation state actors attract the attention and get the blame, but cyberattacks are more likely executed by run-of-the-mill cybercriminals.

By Samantha Schwartz • Sept. 13, 2019

Explore the Trendline➔

IT Security

Security strategies benefit from nimbleness as companies respond to high-profile vulnerabilities and support internal talent gaps.

By CIO Dive staff

First remote cyberattack on US grid found, regulator says

A March cyberattack resulted in a denial of service condition at a "low-impact" control center and multiple remote generation sites, according to newly released analysis.

By HJ Mai • Sept. 9, 2019

Cybercriminals rake in billions using email compromise, fraudulent tech support

Total losses from internet cybercrimes reached nearly $3 billion 2018, according to the FBI.

By Samantha Schwartz • Sept. 9, 2019

Banks have more to lose from data breaches than other companies

Differences in notification urgency highlights data sensitivity. Exposed email addresses are far less sensitive than banking information or social security numbers.

By Dan Ennis • Sept. 6, 2019

Report: Google lobbyists push to add loopholes to California's privacy law

As lobbyists make last-minute effort to exclude digital advertising from the California Consumer Privacy Act, other states watch closely.

By Roberto Torres • Sept. 4, 2019

Faith in cloud security strengthens, but concerns persist

For a time, CISOs held off cloud adoption because of a lingering belief the cloud was less secure, a Nominet survey found.

By Samantha Schwartz • Sept. 3, 2019

Insurers do the math and instruct cities to pay the ransom, ProPublica reports

The cyberattack market exists, and while insurers didn't create it, their actions could help sustain it.

By Samantha Schwartz • Aug. 29, 2019

Encryption 101 and the trap of leaving data unprotected

Encryption protects data from unauthorized eyes if it is ever lost, stolen or breached. Without it, data lays bare and vulnerable.

By Samantha Schwartz • Aug. 22, 2019

Data breaches up 54% YOY, 2019 set to be 'worst year on record'

Eight breaches exposed more than 3.2 billion records, accounting for nearly 80% of the compromised records so far this year, RiskBased Security research found.

By Samantha Schwartz • Aug. 21, 2019

Texas officials 'unaware' of any ransom payments after widespread attack

More than half of the 23 organizations impacted are "back to operations as usual" after the August attack, according to the Texas Department of Information Resources. 

By Samantha Schwartz • Updated Sept. 9, 2019

DDoS attacks take 'slow-bleed' approach to curtail detection, research finds

A sudden service blackout is too noticeable, so hackers deploy smaller, more frequents attacks that are subtle enough to bypass DDoS detection tools. 

By Samantha Schwartz • Aug. 19, 2019

Capital One's hacker breached more than 30 organizations, prosecutors say

The servers found in Paige Thompson's bedroom held data from the bank and other entities, though the data is not personally identifiable information.

By Samantha Schwartz • Aug. 15, 2019

Broadcom banks on software-defined future with Symantec buy

Broadcom will weave Symantec's enterprise business into its expansive portfolio, as it makes the transition from a hardware- to a software-focused provider.

By Naomi Eide • Aug. 13, 2019

One way hackers breach a network: Out-of-date office printers

Researchers caught a range of vulnerabilities in enterprise printing systems from six top manufacturers.

By Roberto Torres • Aug. 13, 2019

Federal 'hack back' bill back on table, but critics wary of blind spots

The latest iteration of the bipartisan bill challenges private entities' response to cyberattacks. Critics argue it lacks guidelines of when or why a company should hack back.

By Samantha Schwartz • Aug. 12, 2019

Broadcom to buy Symantec's enterprise business for $10.7B

Symantec is coming off a year of leadership changes and a lagging enterprise division as businesses rethink cybersecurity solutions providers. 

By Naomi Eide , Samantha Schwartz • Aug. 8, 2019

Why the type of data doesn't determine privacy penalties

"The harm to the consumers who had their personal information exposed should be the measuring stick for damages and compensation," said Jerry Ray, COO of SecureAge. 

By Samantha Schwartz • Aug. 7, 2019

Azure bug bounty reaches $40K, Microsoft encourages participants to 'do their worst'

The Azure Security Lab isolates research so individuals can look for vulnerabilities and exploit them.

By Samantha Schwartz • Aug. 6, 2019

From Equifax to Capital One: The problem with web application security

Flaws in web applications are abundant and easy to manipulate, making them a target for bad actors.

By Samantha Schwartz • Aug. 5, 2019

Capital One breach raises questions about security and cloud-first strategies

If a breach hits a company with technology maturity, how vulnerable are less mature organizations?

By Naomi Eide • Aug. 2, 2019

Web application vulnerabilities top reported flaw by bug bounty hunters

Major data breaches often come from "nascent" flaws, according to Bugcrowd. 

By Samantha Schwartz • Aug. 1, 2019

5 things to know about Capital One's breach

Even with a detailed disclosure and a swift arrest, a dark cloud lingers over the bank.

By Samantha Schwartz • Updated Aug. 1, 2019

Capital One's data breach hits 106M customers

The company expects incremental costs between $100 million and $150 million in 2019 because of the incident. 

By Samantha Schwartz • July 30, 2019

A call to end 'warrant-proof' encryption, but where does privacy protection fit in?

Despite the complexities of technology, it doesn't bar law enforcement from taking the necessary actions it would in physical pursuits of evidence.

By Samantha Schwartz • July 26, 2019