The Department of Homeland Security is warning U.S. companies about data theft risks associated with the use of Chinese technology and digital services, citing a new law in China giving the government the right to access data.
In the wake of the SolarWinds breach, NIST's Ron Ross has turned his attention to systems security engineering - and the reality that the adversaries are exploiting it to their advantage better than the defenders are. This disparity, Ross says, has to change.
An investigation at the U.S. Treasury Department has found that it suffered a "significant" breach as a result of the SolarWinds Orion supply chain attack, a top Democrat on the Senate Finance Committee reports. Meanwhile President-elect Joe Biden said of the attack: "I promise you, there will be a response."
Several tech giants, including Microsoft, Google, Cisco and VMware, have filed a brief backing Facebook's lawsuit against Israel-based spyware firm NSO Group, which has been accused of hacking into Facebook-owned WhatsApp's instant messaging app to enable spying by the company's clients.
Europol, the EU's law enforcement intelligence agency, and the European Commission are launching a new decryption platform to help law enforcement agencies decrypt data that has been obtained as part of a criminal investigation, a move seen as an alternative to weakening encryption.
In light of calls from some quarters for the U.S. to launch online attacks in reprisal for the SolarWinds supply chain campaign - allegedly carried out by Russia's foreign intelligence service - it's time to pause and remember: Spies are going to spy.
Intel and Cisco are among the thousands of SolarWinds Orion customers that were running a Trojanized version of the security software. FireEye, together with Microsoft and GoDaddy, have devised a "kill switch" to disrupt attackers' ability to access the malware on at least some infected systems.
Point-of-sale device manufacturers Verifone and Ingenico have released fixes for flaws in some of their devices after researchers found the vulnerabilities could have enabled attackers to steal payment card data, clone cards or install malware.
Following the discovery that attackers Trojanized SolarWinds' Orion software, expect the list of organizations that were running the backdoored network-monitoring tool to keep increasing. But with this being a suspected cyberespionage operation, attackers likely focused on only the juiciest targets.
In light of the widespread apparent impact of the hack of SolarWinds' network management tools, it's time for a frank assessment of the lack of cybersecurity progress in recent years. Consider a "60 Minutes" report from 2015 - and where we're at today.
Hackers are targeting thousands of vulnerable MySQL servers around the world, using ransomware to exfiltrate data from organizations and then demanding payment, according to Guardicore Labs. The attackers are also selling access to over 250,000 stolen databases.
Because 2020 wasn't already exciting enough, now we have to worry about being hunted by adversaries wielding FireEye's penetration testing tools, thanks to the company having suffered a big, bad breach. Here's a list of targeted flaws that every organization should ensure they've patched.
Government leaders are increasingly calling on cybersecurity researchers to better inform policymakers and are urging businesses to pay more attention to their in-house security teams, according to presenters at this week's Black Hat Europe virtual conference.
A hacking group behind an Android spyware variant has recently added fresh capabilities that include the ability to snoop on private chats on Skype, Instagram and WhatsApp, according to ReversingLabs. This APT group, believed to be tied to Iran, has recently been sanctioned by the U.S. Treasury Department.