Cybersecurity Dive

Fortune 500 companies designate specialist roles to bolster security operations teams Four in 10 companies have created deputy CISO roles as regulatory concerns require greater board engagement.

Fortune 500 companies designate specialist roles to bolster security operations teams: www.cybersecuritydive.com/news/fortune... (by David Jones)

F5 supply-chain hack endangers more than 600,000 internet-connected devices The enterprise device vendor has patched several vulnerabilities that hackers discovered after breaching its networks.

F5 supply-chain hack endangers more than 600,000 internet-connected devices: www.cybersecuritydive.com/news/f5-supp... (by @ericjgeller.com)

Auto sector faces historic cyber threats to business continuity A catastrophic cyberattack at Jaguar Land Rover is forcing governments and industrial leaders to address urgent demands for business resilience and accountability.

Auto sector faces historic cyber threats to business continuity: www.cybersecuritydive.com/news/auto-se... (by David Jones)

Many IT leaders click phishing links, and some don’t report them A new survey shines light on the security practices and AI fears of IT leaders and their subordinates.

Many IT leaders click phishing links, and some don’t report them: www.cybersecuritydive.com/news/phishin... (by @ericjgeller.com)

Nation-state hackers breached sensitive F5 systems, stole customer data The federal government is scrambling to determine if any agencies have been hacked.

Nation-state hackers breached sensitive F5 systems, stole customer data: www.cybersecuritydive.com/news/f5-supp... (by @ericjgeller.com)

Fortune 100 firms accelerate disclosures linked to AI, cybersecurity risk Companies are concerned about deepfakes and unauthorized AI tools, and board committees are increasing their oversight responsibilities.

Fortune 100 firms accelerate disclosures linked to AI, cybersecurity risk: www.cybersecuritydive.com/news/fortune... (by David Jones)

CISA’s latest cuts reignite concerns among Democratic lawmakers A congressman on a key subcommittee suggests that shrinking CISA leaves Americans exposed to mounting cyber threats.

CISA’s latest cuts reignite concerns among Democratic lawmakers: www.cybersecuritydive.com/news/cisa-wo... (by @ericjgeller.com)

Layoffs, reassignments further deplete CISA Some CISA staffers have been pushed out, while others are being told to move across the country for jobs outside their skill sets.

Layoffs, reassignments further deplete CISA www.cybersecuritydive.com/news/cisa-la... (by @ericjgeller.com)

SonicWall SSLVPN devices compromised using valid credentials More than 100 SonicWall SSLVPN accounts have been impacted, according to Huntress.

SonicWall SSLVPN devices compromised using valid credentials: www.cybersecuritydive.com/news/sonicwa... (by David Jones)

Hackers are using AI to improve their phishing lures, but AI isn't yet replacing their malware toolkits, according to a new report from Intel 471: www.cybersecuritydive.com/news/ai-phis...

OpenAI's latest threat report found a similar phenomenon: cyberscoop.com/openai-threa...

AI fuels social engineering but isn’t yet revolutionizing hacking AI tools are still too computationally intense for cybercriminals to rely on, according to a new report.

AI fuels social engineering but isn’t yet revolutionizing hacking: www.cybersecuritydive.com/news/ai-phis... (by @ericjgeller.com)

Public disclosures of AI risk surge among S&P 500 companies A report by The Conference Board shows companies are flagging concerns about reputational and cyber-risk as they increase deployment.

Public disclosures of AI risk surge among S&P 500 companies: www.cybersecuritydive.com/news/public-... (by David Jones)

Businesses fear AI is exposing them to more attacks More than half of companies have already faced AI-powered phishing attacks, a new survey finds.

Businesses fear AI is exposing them to more attacks: www.cybersecuritydive.com/news/it-lead... (by @ericjgeller.com)

Extortion campaign targeting Oracle E-Business Suite customers linked to zero-day Mandiant researchers said Clop ransomware is indeed linked to a series of emails threatening to release stolen data.

Extortion campaign targeting Oracle E-Business Suite customers linked to zero-day: www.cybersecuritydive.com/news/extorti... (by David Jones)

Hackers steal sensitive Red Hat customer data after breaching GitLab repository Walmart, American Express and HSBC are among the companies whose sensitive data has been exposed.

Hackers steal sensitive Red Hat customer data after breaching GitLab repository: www.cybersecuritydive.com/news/red-hat... (by @ericjgeller.com)

Canadian airline WestJet says some customer data stolen in June cyberattack The attack occurred during the same period when Scattered Spider had begun to pivot toward the aviation sector.

Canadian airline WestJet says some customer data stolen in June cyberattack: www.cybersecuritydive.com/news/canadia... (by David Jones)

Cisco firewall flaws endanger nearly 50,000 devices worldwide The U.S., the U.K. and Japan lead the list of the most vulnerable countries.

Cisco firewall flaws endanger nearly 50,000 devices worldwide: www.cybersecuritydive.com/news/cisco-f... (by @ericjgeller.com)

CISA to furlough 65% of staff if government shuts down this week Employees are worried about threatened mass firings and the cybersecurity ripple effects of a funding lapse.

CISA to furlough 65% of staff if government shuts down this week: www.cybersecuritydive.com/news/cisa-go... (by @ericjgeller.com)

Jaguar Land Rover to resume some manufacturing within days The U.K. will support a $2 billion loan guarantee to help restore the automaker’s supply chain after a cyberattack disrupted production.

Jaguar Land Rover to resume some manufacturing within days: www.cybersecuritydive.com/news/jaguar-... (by David Jones)

RTX confirms the hack of passenger boarding software involved ransomware The parent company of Collins Aerospace said the attack is not expected to have a material impact on financial results, according to an SEC filing.

RTX confirms the hack of passenger boarding software involved ransomware: www.cybersecuritydive.com/news/rtx-hac... (by David Jones)

Jaguar Land Rover begins phased restoration of services following cyberattack The luxury automaker is working diligently to clear payment backlogs and resume the shipment of parts.

Jaguar Land Rover begins phased restoration of services following cyberattack: www.cybersecuritydive.com/news/jaguar-... (by David Jones)

CISA orders feds to patch Cisco flaws used to hack multiple agencies One U.S. official called the ongoing cyberattack campaign hitting federal agencies and businesses “very sophisticated.”

CISA orders feds to patch Cisco flaws used to hack multiple agencies: www.cybersecuritydive.com/news/cisa-em... (by @ericjgeller.com)

Cyber insurance could greatly reduce losses from diversification, mitigation measures A report by CyberCube shows the global market is heavily concentrated in the U.S. and would benefit from expanding into new segments and improving cyber hygiene.

Cyber insurance could greatly reduce losses from diversification, mitigation measures: www.cybersecuritydive.com/news/cyber-i... (by David Jones)

Critical infrastructure operators putting more insecure industrial equipment on the internet The problem isn’t limited to legacy technology. New devices are coming online with critical vulnerabilities.

Critical infrastructure operators putting more insecure industrial equipment on the internet: www.cybersecuritydive.com/news/industr... (by @ericjgeller.com)

UK authorities arrest man in connection with cyberattack against aviation vendor The attack against Collins Aerospace led to significant flight disruptions at Heathrow and other major European hubs.

UK authorities arrest man in connection with cyberattack against aviation vendor: www.cybersecuritydive.com/news/uk-arre... (by David Jones)

China-linked groups using stealthy malware to hack software suppliers, steal national-security and trade data Google, which disclosed the campaign, said it was one of the most significant supply-chain hacks in recent memory.

China-linked groups using stealthy malware to hack software suppliers, steal national-security and trade data: www.cybersecuritydive.com/news/china-e... (by @ericjgeller.com)

SonicWall customers warned about brute force attacks against cloud backup service Hackers have gained access to key information that could help exploit firewalls.

SonicWall customers warned about brute force attacks against cloud backup service: www.cybersecuritydive.com/news/sonicwa... (by David Jones)

Jaguar Land Rover to extend production pause into October following cyberattack Meanwhile, Stellantis said hackers gained access to some customer information in a third-party data breach.

Jaguar Land Rover to extend production pause into October following cyberattack: www.cybersecuritydive.com/news/jaguar-... (by David Jones)

Flights across Europe delayed after cyberattack targets third-party vendor A suspected ransomware attack targeting a U.S. company that provides check-in technology has led to widespread flight disruptions since Friday.

Flights across Europe delayed after cyberattack targets third-party vendor: www.cybersecuritydive.com/news/flights... (by David Jones)

Social engineering campaigns highlight the ability to exploit human behavior A report by S&P says organizations should consider changes to strengthen cyber governance, training and awareness.

Social engineering campaigns highlight the ability to exploit human behavior: www.cybersecuritydive.com/news/social-... (by David Jones)