Latest news with #CybersecurityDive
Yahoo
6 days ago
- Yahoo
Microsoft to make Windows more resilient following 2024 IT outage
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Microsoft plans to roll out key platform upgrades in July in an effort to build greater operational resilience into the Windows platform, following the 2024 global IT outage linked to a faulty software update from CrowdStrike. The changes — including quick machine recovery and other features letting Microsoft 365 users continue accessing the cloud in a protected environment — are part of a Windows overhaul that Microsoft announced in November to build a more secure environment that would prevent software updates from causing widespread operational disruptions for enterprise customers. In September, the company met with major security firms to discuss how such an overhaul would work. 'We recognize our shared responsibility to enhance resiliency by openly sharing information about how our products function, handle updates and manage disruptions,' David Weston, corporate vice president of enterprise and OS security at Microsoft, said in a blog post released Thursday. Microsoft's partners welcomed the changes and said they would create a more secure environment for customers. 'The Microsoft Windows endpoint security program encourages a collaborative, transparent environment that will strengthen cyber resilience for all customers,' Jim Treinen, senior vice president of engineering at Trellix, told Cybersecurity Dive via email. The July 2024 outage caused approximately 8.5 million Windows systems to malfunction, resulting in major disruptions across a wide variety of critical infrastructure providers. Emergency services providers, major hospitals, airlines and banks all reported significant problems. After an internal investigation, CrowdStrike said the problem resulted from a botched software update on its Falcon platform. The disruptions caused billions of dollars in losses for companies that faced lost productivity and other challenges.
Yahoo
14-06-2025
- Business
- Yahoo
CISA warns of supply chain risks as ransomware attacks exploit SimpleHelp flaws
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Ransomware gangs have exploited a vulnerability in the SimpleHelp remote support program to breach customers of a utility billing software vendor, the Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday. The government advisory follows an earlier warning from CISA and the FBI that hackers associated with the Play ransomware gang had been targeting critical infrastructure organizations using the flaw in SimpleHelp's remote management software. The new CISA alert highlights the risks of vendors not verifying the security of their software before providing it to customers. The complexities of software supply chains have been a boon for hackers. Companies that supply programs to other firms sometimes unwittingly pass on vulnerabilities to those firms, opening the door for malicious actors. In this case, the vulnerable software, SimpleHelp, provides remote support and management functions for businesses. SimpleHelp versions 5.5.7 and earlier contain multiple vulnerabilities, including one — CVE-2024-57727 — that CISA said hackers likely used 'to access downstream customers' unpatched SimpleHelp [software] for disruption of services in double extortion compromises.' SimpleHelp disclosed this flaw and two others in mid-January, and within weeks, hackers were chaining them together in attacks on unpatched systems. In late May, Sophos researchers said hackers had breached a managed service provider and its customers using these vulnerabilities. In its Thursday alert, CISA said the breach of the utility payment vendor reflected a 'broader pattern' of such attacks. The agency urged 'software vendors, downstream customers, and end users to immediately implement the Mitigations listed in this advisory based on confirmed compromise or risk of compromise.' Vendors should isolate vulnerable SimpleHelp instances, update the software and warn customers, according to CISA, while customers should determine whether they are running the SimpleHelp endpoint service, isolate and update those systems and follow SimpleHelp's additional guidance. CISA encouraged victims to share certain incident information with the FBI, including which foreign IP addresses connected to their systems, what the ransom note said, what the attackers told them and other details. Recommended Reading Supply chain attack against 3CX communications app could impact thousands Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Business Wire
03-06-2025
- Business
- Business Wire
Informa TechTarget Wins 52 Prestigious Online Editorial Awards
NEWTON, Mass.--(BUSINESS WIRE)--TechTarget, Inc. ("Informa TechTarget") (Nasdaq: TTGT), global growth accelerator and leading provider of media, intent data & insights to the B2B technology sector, today announced that it won 52 online editorial awards across the American Society of Business Publication Editors (ASBPE)'s annual Regional & National Azbee Awards and SIIA's Jesse H. Neal Awards honoring excellence in B2B journalism. Informa TechTarget was one of the top overall winners at the award announcement ceremonies for both programs. These are the latest awards for Informa TechTarget's world-class global team of journalists and editors, Following is the extensive list of awards: 2025 Azbee Awards (43) National (13) Stephen M. Barr Award for Feature Writing Brett Dworski, C-Store Dive TM Gold BioPharma Dive TM – Breaking News Coverage C-Store Dive – Impact/Investigative Cybersecurity Dive TM – Web Feature Article K-12 Dive TM – Web Feature Series SearchCIO TM – Government Coverage SearchDataBackup TM – Web Microsite/Special Section Silver Data Center Knowledge TM –Event Coverage Trucking Dive TM – Individual Profile Waste Dive TM – Sustainability Article Xtelligent Healthtech Security TM – Breaking News Coverage SearchCIO – Innovation Article Bronze SearchCIO – Original Research Article Regional (30) Gold BioPharma Dive – Breaking News Coverage C-Store Dive – Impact/Investigative Cybersecurity Dive – Web Feature Article Data Center Knowledge – Event Coverage K-12 Dive – Web Feature Series SearchCIO – Government Coverage SearchCIO – Innovation Article SearchCIO – Original Research Article SearchDataBackup – Web Microsite/Special Section (Non-Trade Show/Conference) SearchSecurity TM – Impact/Investigative SearchSecurity – Event Coverage SearchEnterprise AI TM – Podcast SearchITOperations TM – Case Study Xtelligent Healthtech Security – Breaking News Coverage Trucking Dive – Individual Profile Trucking Dive – Innovation Article Silver Dark Reading TM – Event Coverage SearchCIO – Case Study SearchEnterprise AI – How-To Article SearchEnterprise AI – Video SearchNetworking ™ – Web Feature Article SearchSecurity – Podcast Waste Dive – Sustainability Article Bronze HR Dive TM – Online State of the Industry SearchEnterprise AI – Enterprise News Story SearchEnterprise AI – Single Topic Coverage SearchITOperations TM – Breaking News Coverage TechTarget Sustainability & ESG ™ – Sustainability Article Utility Dive TM – Online State of the Industry Xtelligent Virtual Healthcare ™ – Breaking News Coverage 2025 Stephen H. Neal Awards (9) McAllister Fellowship, Gwendolyn Wu, BioPharma Dive Best Range of Work by a Single Author, Daphne Howland, Retail Dive TM BioPharma Dive – Best Series BioPharma Dive – Best Industry Coverage Food Dive TM – Best Profile (Article) Grocery Dive TM – Best Commentary Healthcare Dive TM – Best Editorial Use of Data K-12 Dive – Best Single Article Packaging Dive TM – Best Technical Scientific Content Informa TechTarget's team of over 330 editors and thousands of contributors worldwide is led by Chief Content Officer Kelley Damore, a 2024 Top 25 Women Chief Content Officers honoree. Informa TechTarget's very clear editorial mission is to help executives navigate new technologies, regulations and market dynamics across a wide range of industries to make wiser business decisions. We accomplish this using a wide variety of media formats across a network of 220+ sites featuring a rich mix of news analysis, tutorials, how-tos, tips, in-depth features and vendor product comparisons that is unmatched in the industry. 'This recognition from these prestigious institutions is a tremendous honor, and reflective of the strength and expertise of our world-class editorial team,' said Rebecca Kitchens, President, Informa TechTarget. 'Informa TechTarget is committed to covering and shaping the markets we serve with the highest quality original editorial and research-backed content in the industry, earning trust from the enterprise buying audiences that rely on us to stay ahead of the market and help them make better, more informed decisions. As the industry evolves in the age of AI, the role of quality, trusted content is pivotal in building and retaining qualified audiences. Ultimately, this trusted relationship serves as the key differentiator in Informa TechTarget's ability to help the sell-side of the industry achieve their business growth outcomes.' Informa TechTarget delivers actionable insights unduplicated anywhere else in the market, providing B2B vendors an extraordinarily accurate proprietary lens into the behaviors of its audience of 50+ million opt-in technical and business decision-makers across a network of 220+ enterprise technology and vertical industry websites. Together, the data and the capabilities enable GTM teams to better engage target accounts, verify, prioritize and convert existing buyers' journeys to accelerate opportunities and revenue. To learn more about the award-winning editorial that drives Informa TechTarget's powerful audiences and market-leading insights, click here. About TechTarget TechTarget, Inc. (Nasdaq: TTGT), which also refers to itself as Informa TechTarget, informs, influences and connects the world's technology buyers and sellers, helping accelerate growth from R&D to ROI. With a vast reach of over 220 highly targeted technology-specific websites and over 50 million permissioned first-party audience members, Informa TechTarget has a unique understanding of and insight into the technology market. Underpinned by those audiences and their data, we offer expert-led, data-driven, and digitally enabled services that have the potential to deliver significant impact and measurable outcomes to our clients: Trusted information that shapes the industry and informs investment Intelligence and advice that guides and influences strategy Advertising that grows reputation and establishes thought leadership Custom content that engages and prompts action Intent and demand generation that more precisely targets and converts Informa TechTarget is headquartered in Boston, MA and has offices in 19 global locations. For more information, visit and follow us on LinkedIn.
Yahoo
03-06-2025
- Business
- Yahoo
Microsoft, CrowdStrike, other cyber firms collaborate on threat actor taxonomy
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Microsoft and CrowdStrike will lead a cooperative effort to map out the overlapping web of hacker groups that their researchers have disclosed and named, the companies said on Monday. Palo Alto Networks and Google and its Mandiant unit have also agreed to join the collaborative effort on streamlining threat group taxonomy. For years, the companies' different naming conventions for various criminal and state-linked threat groups have created unnecessary confusion and delays in the sharing of threat intelligence. Microsoft and CrowdStrike released an initial version of their threat actor matrix on Monday, listing the groups they track and each one's corresponding aliases from other researchers. Palo Alto Networks and Google and its Mandiant unit are joining the collaborative effort on streamlining threat group taxonomy. Vasu Jakkal, corporate vice president of Microsoft Security, said that even delays of a few seconds can make a difference in whether an attack is thwarted or successful. 'One major cause of delayed response is understanding threat actor attribution, which is often slowed by inaccurate or incomplete data as well as inconsistencies in naming across platforms,' Jakkal said in a blog post. Microsoft and CrowdStrike have collaborated on more than 80 adversaries so far, according to Adam Meyers, senior vice president for counter adversary operations at CrowdStrike. "Aligning on naming conventions isn't just a nice-to-have but a game-changer for defenders trying to act fast,' Michael Sikorski, CTO and head of threat intelligence at Palo Alto Networks' Unit 42, told Cybersecurity Dive. 'A shared baseline for threat actor names means faster attribution, improved cyberattack response, and fewer blind spots.' Microsoft, for example, tracks the criminal threat group known widely as Scattered Spider as Octo Tempest, while Palo Alto Networks tracks it as Muddled Libra. Microsoft and CrowdStrike are also working on a plan to create a small, focused group of contributors who will help define a process of updating and maintaining attribution mappings, Meyers said in a blog post. Meyers said there will be no change in how the companies name and identify threat actors, as each company will retain its own methods, telemetry and naming system. Naming conventions in the cybersecurity space have long been a source of controversy, not only because different firms track the same groups slightly differently but also because of how companies sometimes mythologize the capabilities of threat actors. Jen Easterly, former director of the Cybersecurity and Infrastructure Security Agency, criticized some of the naming conventions during a 2024 speech at Black Hat, saying companies have almost made it seem like hacker groups have immortal superpowers.
Yahoo
02-06-2025
- Business
- Yahoo
SentinelOne analysis links service disruption to software flaw
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. SentinelOne said on Saturday that a global service disruption a few days earlier was the result of a software flaw in the company's infrastructure control system that led to a widespread loss of network connectivity. In a root-cause analysis report, the company said Thursday's major connectivity loss — which crippled its services worldwide — was not the result of a cyberattack. Instead, critical network routes and DNS resolver rules were deleted due to a software flaw in an automated process. SentinelOne is in the process of transitioning its production system to a new cloud-based architecture built on the principles of infrastructure as code. The company said a control system that will soon be deprecated was triggered by the creation of a new account. A software flaw in that control system's configuration comparison function misidentified discrepancies and applied what it believed to be the correct configuration state, overwriting prior network settings. The Mountain View, Calif.-based company said customer endpoints continued to operate but security teams were unable to access management consoles and other related services. This loss of access 'significantly impacted their ability to manage their security operations and access important data,' the company said. SentinelOne assured enterprise customers that their endpoints were protected and that no SentinelOne security data was lost during the outage. 'A core design principle of the SentinelOne architecture is to ensure protection and prevention capabilities continue uninterrupted without constant cloud connectivity or human dependency for detection and response — even in the case of service interruptions, of any kind, including events like this one,' the company said. The incident did not impact SentinelOne's federal customers, including those using GovCloud, according to the company, which said that it nonetheless alerted federal customers for situational-awareness and transparency purposes. The company provided a detailed timeline of the outage, showing that it began at 9:37 a.m. ET and was declared resolved by 4:05 p.m. ET. Analysts said the outage raised immediate concerns about transparency on the status of their respective security environments. 'Vendors must communicate quickly and transparently with customers during outages so they can appropriately prepare, plan, and communicate with executives about it,' Allie Mellen, principal analyst for security and risk at Forrester, told Cybersecurity Dive via email. 'Further, it's crucial that vendors have some out-of-band communication methods (for example, an independent, public status page) for updates on outages like these.' The outage comes at a time when software integrity and business continuity have become ongoing concerns in the cybersecurity and broader software industry. A flawed software update from CrowdStrike, a major SentinelOne competitor, crippled more than 8.5 million Microsoft Windows computers. In a July 2024 conference call, SentinelOne boasted about how it was fielding new customer inquiries in the aftermath of the CrowdStrike outage. CEO Tomer Weingarten said the concerns raised by that outage would 'play out for years' as companies addressed the liabilities and risk issues linked to the incident.
