Latest news with #CybersecurityDive
Yahoo
22-05-2025
- Business
- Yahoo
Palo Alto Networks beats earnings estimates amid consolidation, AI concerns
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Shares of Palo Alto Networks fell Wednesday after the company reported better-than-expected earnings in the third fiscal quarter but disappointed some investors over its margins. The company reported non-GAAP (generally accepted accounting principles) net income of 80 cents a share during the quarter that ended on April 30, up from 66 cents in the same quarter last year. Those earnings beat consensus estimates of 77 cents. Revenue grew 15%, to $2.3 billion, in the quarter, compared with $2 billion in the same period last year. Palo Alto Networks CEO Nikesh Arora said the company is making major inroads with customers consolidating their security spending through the firm's controversial 'platformization' strategy. The company has been offering incentives, including deferred payments, for customers to consolidate their security spending from multiple security vendors onto its own unified platform. The company delivered more than 90 net new consolidations during the third fiscal quarter and now have 1,250 platformization deals among its top 5,000 customers. One global consulting firm signed a $90 million deal to use Cortex for XSIAM, a financial-services firm signed a $46 million deal to replace its prior EDR and SIEM providers and a U.S. financial-services firm signed a $32 million deal. Palo Alto Networks is also seeing major growth from companies speeding up their cloud migration in connection with the often-reluctant embrace of AI. 'To truly capitalize on AI's potential, enterprises need modern, cloud-delivered platforms that can ingest vast amounts of data and operate in real-time at scale,' Arora said during the quarterly earnings call. 'We've seen customers who were previously delaying their cloud migrations are now accelerating their investment.' The company also said it has been transitioning to a contract manufacturing facility in Texas as its main manufacturing and performance center, taking advantage of a foreign trade zone. The company claims to be the only pure-play cybersecurity company to have all of its manufacturing in the U.S. and to therefore be almost fully insulated from the effects of President Donald Trump's tariffs. Palo Alto Networks is now estimating revenue of $9.17 billion to $9.19 billion and non-GAAP net income of $3.26 to $3.28 per share for fiscal year 2025. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
22-05-2025
- Business
- Yahoo
M&S warns April cyberattack will cut $400 million from profits
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. U.K. department store chain Marks & Spencer said Wednesday that the cyberattack it disclosed in April will shave $400 million (300 million British pounds) off of its group operating profits and continue disrupting online transactions through July. The company said the attack affected food sales because of reduced availability. Online sales and trading profits for fashion, home and beauty products have also suffered because of the company's need to temporarily reduce online shopping services. The company said department stores have remained resilient during the recovery process. 'April started strong, continuing the momentum from last year,' M&S CEO Stuart Machin said during a prerecorded presentation as part of the company's fiscal-year earnings report. 'Then, over the Easter break holiday, it became clear we were facing a highly sophisticated and targeted attack.' Machin said the company proactively took down some of its systems, which resulted in short-term disruptions but were necessary to protect its systems, customers and partners. M&S now plans to accelerate a technology improvement plan from a two-year time frame to a six-month time frame in light of the need to prevent another disruption. The company in 2023 outlined plans to improve its technology stack, including investments in infrastructure, network connectivity, store technology and supply-chain systems. The company said the 300-million-pound financial impact from the cyberattack reflected a preliminary tally before cost mitigation, insurance and trading actions. Cybersecurity experts believe the M&S attack was the work of the notorious cybercrime gang Scattered Spider, a group best known for hacking MGM Resort in 2023. The same hackers also breached the famed U.K. department store Harrods and the major U.K. supermarket company Co-op between mid-April and early May. Google threat intelligence researchers have warned that the same group is now targeting U.S. retailers. The financial fallout at M&S highlights the potential impact of ransomware attacks on business operations and finances. 'Time and time again, we see that business disruption is one of the most immediate and devastating effects cyberattacks can have,' Allie Mellen, principal analyst at Forrester, told Cybersecurity Dive via email. 'While no organization is immune to attack,' Mellen said, 'taking fundamental steps ahead of time can help organizations prepare for and recover from this type of attack faster.' Legal experts said the fallout from this attack may affect M&S for years. 'A challenge for any business dealing with a major breach is the opportunity cost created by the distraction from business as usual,' said Jo Joyce, a partner who co-leads the U.K. and Ireland cyber law practice at Taylor Wessing. 'New initiatives and launches will be delayed or canceled, and the business will likely be significantly behind in its plans.' Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
20-05-2025
- Yahoo
Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Hackers have successfully breached a limited number of Ivanti Endpoint Mobile Manager users by chaining together medium and high-severity vulnerabilities in the suite of mobile device management software. The vulnerabilities, tracked as CVE-2025-4427 and CVE-2025-4428, can allow an unauthenticated attacker to achieve remote code execution. Ivanti is urging customers to immediately upgrade to a fixed version of the software. The company also warned that the two vulnerabilities are linked to flaws in open-source libraries that are integrated into EPMM. Security researchers say those third-party flaws could have broader implications. Ivanti said it is working with security partners and with maintainers of the affected libraries to determine whether additional CVEs are warranted. There is some disagreement about the issue, however. Researchers at watchTowr raised questions about whether the issue should be legitimately blamed on a third-party library vulnerability. The researchers claim Ivanti misused a known dangerous function in the hibernate-validator library. Meanwhile, researchers at the Shadowserver Foundation reported 798 instances of CVE-2025-4427 were unpatched and considered vulnerable as of Sunday, down from 940 instances on Thursday. The exploit chain involves linking CVE-2025-4427, an authentication bypass in EPMM that allows an attacker to gain access to protected resources without proper credentials, with CVE-2025-4428, a remote-code-execution flaw that allows an attacker to execute arbitrary code on a target system. The vulnerabilities have CVSS scores of 5.3 (medium severity) and 7.2 (high severity), respectively. When chained together, researchers at Rapid7 said, an unauthenticated attacker could reach a web API endpoint to inject server-side template patterns and exploit the high-severity flaw. Rapid7 has tested proof-of-concept exploits and confirmed they work, but has not yet seen any confirmed exploitation in customer environments, according to security researcher Ryan Emmons. Emmons added that it's unclear which open-source libraries Ivanti is citing as the root cause of the flaw. A spokesperson for Ivanti was not immediately available for comment. The security issues were first reported to Ivanti by CERT-EU, the Cybersecurity Service for the Union Institutions. Sign in to access your portfolio
Yahoo
14-05-2025
- Business
- Yahoo
UK retailer Co-op restoring systems following major cyberattack
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. British food retailer Co-op Group said Wednesday it has reached the recovery phase following a major cyberattack and is restoring its systems in a safe and controlled manner. The company was one of three major British retailers to experience a cyberattack in recent weeks, with the others being the famed Harrods department store and the Marks and Spencer Group. Co-op, which has more than 2,300 stores, said it is working closely with suppliers to restock its shelves and will have improved availability by this weekend. The company's stock-ordering system is back up and running, and normal supply processes have been restored. Co-op is now able to accept multiple forms of payment, including contactless and chip-and-PIN. The company confirmed on May 2 that its attackers had gained access to certain member contact data, but no passwords or card information. Executives warned, however, that the hackers were making sustained attempts to break into their systems. Numerous product shortages were reported at store locations over the past two weeks, particularly in rural areas. A Co-op spokesperson told Cybersecurity Dive that it is increasing deliveries to stores, including additional fresh, chilled and frozen products. 'Some of our stores might not have all their usual products available and we are sorry if this is the case for our members and customers in their local store,' the spokesperson said via email. 'We are working around the clock to reduce disruption and are pleased we have resumed delivery of stock to our shelves." Co-op is one of the world's largest consumer cooperatives. It has more than 6 million member-owners, has 800 funeral homes and includes a wholesale business that provides to more than 6,000 additional outlets. Earlier this week, M&S confirmed that its attackers had gained access to customer data. The three incidents mark one of the most brazen cyberattack sprees in recent years. U.K. authorities earlier this month urged vigilance and said they were working with the respective companies to investigate how the breaches took place and whether there was a wider threat to the retail sector. The attacks have been widely reported to be linked to a notorious criminal group called Scattered Spider, which was behind the 2023 attacks against MGM Resorts in Las Vegas. However, neither government officials nor the targeted companies have formally attributed the attacks. A relatively new ransomware group called DragonForce has made online claims related to the attacks, while some reports speculated about the hackers deploying DragonForce ransomware. Researchers at Silent Push released a blog in early April noting that Scattered Spider was still actively looking for targets and said they discovered a new version of Spectre RAT, which was being used to gain persistent access to compromised systems. Google's Threat Intelligence Group recently released guidance on how to protect against Scattered Spider intrusions. The group has previously used social engineering techniques to get IT help desks to reset their targets' passwords. The U.K.'s National Cyber Security Centre warned organizations to protect against account misuse and to be on the lookout for risky logins within Microsoft Entra ID Protection.
Yahoo
13-05-2025
- Business
- Yahoo
Lee Enterprises spent $2M for ransomware recovery
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Lee Enterprises said it incurred $2 million in restoration costs due to a major cybersecurity attack in February that also impacted second-quarter advertising revenue. The Davenport, Iowa-based newspaper chain suffered major disruptions during the February attack, when hackers encrypted critical applications and stole data. The company operates in 72 markets in 25 U.S. states, publishing major regional papers, including the Omaha World-Herald, the St. Louis Post-Dispatch and the Buffalo News. The attack also affected the company's finances by freezing its ability to bill and collect money from customers and limiting its ability to pay vendors, VP, CFO and treasurer Tim Millage told analysts during a quarterly earnings call last week. 'While technical recovery is complete, there are some lingering impacts on our balance sheet, as we aim to improve working capital by reducing both accounts receivable and outstanding accounts payable throughout the remainder of the fiscal year,' Millage said during the call. The company's sole lender, BH Finance, agreed to waive interest and basic rent payments in March, April and May, according to Millage. The company has $453 million in debt outstanding under its agreement with BH Finance, according to the earnings report. The company said many of the costs are subject to insurance reimbursement and the claims process is ongoing, according to Millage. Lee Enterprises reported $137 million in total operating revenue for the quarter and said digital revenue rose 3% year-over-year, to $73 million, or 4% on a same-store basis. The company reported a net loss of $12 million for the quarter. The company previously warned in a regulatory filing that the attack would likely have a material impact on operations. The Qilin ransomware group previously claimed credit for the attack. The ransomware-as-a-service team claimed to have access to 350 gigabytes of data and threatened to release some of the information, but it is unclear if it did so. A spokesperson for Lee Enterprises previously confirmed they were aware of the claim and were investigating. Qilin has been active in the ransomware space in recent months. Qilin affiliates engaged in phishing attacks targeting an administrator at a managed service provider, Sophos said in an April report. Lee Enterprises has not explained how the hackers gained access to the company's IT network. The financial fallout underscores the potential long-term impacts on business resilience, according to Forrester, as research shows the average breach cost $2.7 million in 2024. 'It's critical to have strong incident response processes in place to manage the fallout from an incident like this, especially against attacks that affect business continuity,' principal analyst Allie Mellen said via email. 'In these scenarios, every minute counts, and ensuring personnel know what they need to do and when they need to do it can save precious time. This is especially true during ransomware incidents.' Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
