link.cybersecuritydive.comCybersecurity News and Analysis | Cybersecurity Dive

CONTINUE TO SITE ➞ Don’t miss tomorrow’s Cybersecurity industry news Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox. By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy . You can unsubscribe at anytime. Deep Dive Library Events Press Releases Topics Sign up Search Sign up Search Strategy Breaches Vulnerability Cyberattacks Threats Leadership & Careers Policy & Regulation Jeenah Moon via Getty Images Officials see a real change in Microsoft’s security plans: financial accountability CISA Director Jen Easterly pointed to Microsoft’s decision to link security to executive compensation as a meaningful signal of its priorities. Read more ➔ Top stories White House wants to hold the software sector accountable for security Some Ascension hospitals diverting emergency care after cybersecurity incident CISA explains why it doesn’t call out tech vendors by name 68 tech, security vendors commit to secure-by-design practices Ascension hit by cybersecurity incident disrupting clinical operations The Latest Permission granted by Information Technology Industry Council The US really wants to improve critical infrastructure cyber resilience A report from the Office of the National Cyber Director highlights persistent threats targeting healthcare and water, echoing warnings from cyber officials earlier this year. Strategy dem10 via Getty Images Generative AI is a looming cybersecurity threat Researchers have not identified any AI-engineered cyberattack campaigns, yet, but they say it’s only a matter of time before an AI system is dominant enough in the market to draw attention. Vulnerability Matt Kapko/Cybersecurity Dive China-linked attackers are successfully targeting network security devices, worrying officials Espionage groups linked to China are heavily exploiting zero days, focusing on devices that lack endpoint detection and response capabilities, one expert said. Vulnerability ipopba via Getty Images CISA, FBI urge software companies to eliminate directory traversal vulnerabilities The software defects are linked to recent exploitation campaigns against critical infrastructure providers, including healthcare and schools. Vulnerability Kent Nishimura/Getty Images via Getty Images Change Healthcare cyberattack: 5 technical takeaways from UnitedHealth CEO’s testimony Change Healthcare was running on legacy technology, which magnified the ransomware attack’s impact and hampered recovery efforts, Andrew Witty said. Cyberattacks BalanceFormcreative via Getty Images Tech skills gaps put pressure on existing IT staff Technologists surveyed by Pluralsight said skills gaps are adding to their workloads, especially across cybersecurity, cloud and software development jobs. Leadership & Careers jeenah Moon via Getty Images Microsoft restructures security governance, aligning deputy CISOs and engineering teams The company will enhance management roles under the CISO and partially tie compensation to security performance. Strategy Kevin Winter / Staff via Getty Images Amazon CEO touts AWS cloud security as AI risk concerns mount Andy Jassy urged enterprises not to overlook the security and operational performance” of cloud-based generative AI services. It’s less sexy, but critically important.” Strategy Kent Nishimura/Getty Images via Getty Images Congress grills UnitedHealth CEO over Change cyberattack Legislators slammed Andrew Witty over the company’s lack of cybersecurity practices and the impact of the breach, which may have compromised the data of a third of Americans. Breaches Justin Sullivan via Getty Images Clorox lowers sales outlook as recovery from 2023 cyberattack continues The cleaning products maker is still working to fully restore distribution capabilities after the attack. Strategy aogreatkim via Getty Images Every Dropbox Sign user, account holders or not, stung in cyberattack An attacker intruded the electronic signature platform’s production environment and accessed a trove of user data, including OAuth tokens. Breaches Getty Plus via Getty Images CISA warned 1,750 organizations of ransomware vulnerabilities last year. Only half took action. More than half of CISA’s ransomware vulnerability warning pilot alerts were sent to government facilities, healthcare and public health organizations. Vulnerability Cinefootage Visuals via Getty Images Hacktivists exploiting poor cyber hygiene at critical infrastructure providers CISA, the FBI and international partner agencies want water, energy, agriculture and other sectors to immediately reset passwords and apply multifactor authentication. Threats Chainarong Prasertthai via Getty Images CVE exploitation nearly tripled in 2023, Verizon finds Threat actors are going after critical security flaws in widely used applications, but human error is still at the root of business security woes. Breaches Ethan Miller via Getty Images Deep Dive At Microsoft, years of security debt come crashing down Critics say negligence, misguided investments and hubris have left the enterprise giant on its back foot. Strategy Ruben Sprich/Reuters Change Healthcare, compromised by stolen credentials, did not have MFA turned on AlphV deployed ransomware nine days after it used access to a Citrix portal on Change’s network to move laterally within systems, CEO Andrew Witty said in testimony prepared for a House subcommittee hearing set for Wednesday. Breaches DKosig via Getty Images Cactus ransomware targets a handful of Qlik Sense CVEs Security researchers warn the threat group is ramping up exploitation of previously disclosed flaws in the cloud platform. Vulnerability mphillips007 via Getty Images FTC broadens health breach notification rule Regulators have been pursuing more enforcement actions against health applications sharing consumers’ data. Friday’s final rule should give those actions more heft. Policy & Regulation Wirestock via Getty Images Kaiser exposed up to 13.4M plan member records to third parties The largest data breach reported to the HHS’ Office for Civil Rights so far this year comes as regulators reconsider healthcare’s use of tracking technologies. Breaches Stephen Brashear / Stringer via Getty Images Microsoft CEO says security is its No. 1 priority The comments from Satya Nadella come weeks after a withering report from the federal Cyber Safety Review Board scrutinized how the company prioritized speed to market over security. Strategy Philipp Tur/Getty Images Plus via Getty Images What is success in cybersecurity? Failing less. Defenders aren’t measured by pure wins or losses. Intrusions will happen, and their job is to keep a bad situation from getting worse. Strategy dem10 via Getty Images Cisco devices again targeted by state-linked threat campaign The campaign, dubbed ArcaneDoor, dates back to late 2023 and is targeting perimeter network devices from Cisco — and potentially other companies. Vulnerability Matt Kapko/Cybersecurity Dive CISA director pushes for vendor accountability and less emphasis on victims’ errors Stakeholders need to address why vendors are delivering products with common vulnerabilities, which account for the majority of attacks, Jen Easterly said. Strategy Simonkr via Getty Images Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg State-linked actors are using a custom tool for post exploitation activity of a vulnerability in Windows Print Spooler, which could result in credential theft and backdoor installs. Vulnerability D3Damon via Getty Images Zero-day exploits hit CrushFTP, researchers expect rapid exploitation CrushFTP CEO Ben Spink said the company isn’t aware of any data theft thus far, but researchers see echoes of MOVEit exploits and other high-profile file-transfer vulnerabilities. Vulnerability More stories Get the free newsletter Subscribe to Cybersecurity Dive for top news, trends & analysis Email: Select user consent: By signing up to receive our newsletter, you agree...