News

power plant utilities energy innovation industrial iot american public power association unsplash
security threats and vulnerabilities

FBI Flag

FBI cleans web shells from hacked Exchange servers in rare active defense move

The FBI has been deleting backdoors placed by cyberespionage group Hafnium on Microsoft Exchange servers. The court order allowing them to do so signals a more active defense approach.

Russian hammer and sickle / binary code

US sanctions Russian government, security firms for SolarWinds breach, election interference

The Biden administration places economic sanctions on Russian government organizations, individuals, and companies including several security firms.

Unitd States cybersecurity   >   U.S. flag with a digital network of locks instead of stars

Experts fear that Biden’s cybersecurity executive order will repeat mistakes of the past

President Biden is expected to issue an executive order soon in response to the SolarWinds and Exchange Server attacks. Leaked details suggest it might not focus on the most effective actions.

hacker linkedin scam romance scam on social media phishing heart

Top cybercrime gangs use targeted fake job offers to deploy stealthy backdoor

The Golden Chickens cybercriminal gang is believed to sell its more_eggs backdoor for spear phishing campaigns executed using information gleaned from victims' LinkedIn profiles.

Conceptual image of a network of executives / silhouettes of executives in motion.

New US CISO appointments, March 2021

Keep up with news of CSO, CISO and other senior security executive appointments.

backdoor / abstract security circuits, locks and data blocks

PHP backdoor attempt shows need for better code authenticity verification

Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure.

A gavel rests on open law book. [law / regulation / compliance / legal liability]

States enact safe harbor laws against cyberattacks, but demand adoption of cybersecurity frameworks

Connecticut might soon follow Ohio and Utah by enacting a law that offers liability protection against ransomware and other cyberattacks, but only if victims follow security best practices.

cloud security expert casb binary cloud computing cloud security by metamorworks getty

Cloudflare wants to be your corporate network backbone with centralized management and security

Magic WAN and Magic Firewall aim to simplify linking sites and datacenters while allowing organizations to better enforce security policies.

succession brain sharing intellectual knowledge sharing

US government calls for better information sharing in wake of SolarWinds, Exchange attacks

The Biden administration seeks ways to better gather and share security intelligence from the private sector, but experts see barriers to success.

binary cyberattack cybersecurity hacked protected

Why the Microsoft Exchange Server attack isn’t going away soon

For some victims, patching and proper forensics will be difficult, plus new threat actors are now exploiting the same Exchange Server vulnerabilities.

Check mark certificate in a binary tunnel / standards / quality control / certification / certifi

New free software signing service aims to strengthen open-source ecosystem

The Linux Foundation's sigstore code-signing software, developed with Google, Red Hat and Purdue University, will help prevent attacks on the software supply chain.

A circuit board with CPU / chip displaying glowing binary code.

Intel, Microsoft join DARPA effort to accelerate fully homomorphic encryption

The partnership aims to improve performance and accuracy of FHE to make it practical for business and government to better protect confidential data in the cloud.

Lady Justice statue with scales, law books. [regulation / compliance / legal liability / fairness]

Virginia data protection bill signed into law

The state is the second in the nation to enact a consumer data protection law along the lines of the EU's GDPR. Here's what businesses need to know about Virginia's CDPA.

A broken link in a digital chaing / weakness / vulnerability

Chinese cyberespionage group hacks US organizations with Exchange zero-day flaws

Microsoft believes Chinese APT group Hafnium is using a set of previously unknown Exchange Server vulnerabilities to access mailbox contents and perform remote code execution.

cso security malware breach hack alert gettyimages 1144604134 by solarseven 2400x1600px

Gootkit malware creators expand their distribution platform

Its Gootloader component infects computers by hijacking Google search results to send victims to legitimate but compromised websites where malware lurks behind links.

United States Capitol building / United States Congress / abstract security concept

Cyber Diplomacy Act aims to elevate America's global cybersecurity standing

The new bill has bipartisan support to improve the US's ability to prevent and respond to cyberattacks and correct missteps of the Trump administration.

CSO > cyber insurance / umbrella hub connected to connected devices and online activities

New York issues cyber insurance framework as ransomware, SolarWinds costs mount

The state looks to protect one of its core industries, which is threatened by mounting and potentially "unsustainable" losses due to the SolarWinds and ransomware attacks.

Load More