3 Min Read SAN FRANCISCO/WASHINGTON (Reuters) - A planned Biden administration executive order will require many software vendors to notify their federal government customers when the companies have a
Looking for our research? We've moved it to a dedicated page Matt Atkinson |31 July 2020 at 15:49 UTC DevSecOps Secure Development It's been 8 years now since Neil MacDonald coined the term "DevSecOps
Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here’s a brief timeline of what we know leading up to la
Preparing for Retaliation Against Russia, U.S. Confronts Hacking by China The proliferation of cyberattacks by rivals is presenting a challenge to the Biden administration as it seeks to deter intrusi
BOSTON (AP) — The SolarWinds hacking campaign blamed on Russian spies and the “grave threat” it poses to U.S. national security are widely known. A very different — and no less alarming — coordinated
Published 6 March 2021 Share page About sharing Image source, Reuters Image caption, Microsoft has blamed a "state-sponsored threat actor" based in China dubbed Hafnium The US is expressing growing co
At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusual
SAN FRANCISCO--( BUSINESS WIRE )--Okta, Inc. (NASDAQ:OKTA), the leading independent identity provider, today announced it has entered into a definitive agreement to acquire Auth0, a leading identity p
YOUR ORDER HISTORY. Your credit card information. Even your intimate health data. Amazon is amassing an empire of data as the online retailer ventures into ever more areas of our lives. But the compan
An Oxford lab that’s been researching Covid-19 and potential vaccine candidates has been hacked and biochemical preparation machines compromised. Danny Lawson/PA Images via Getty Images One of the wor
Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there's no evidence that they abused its internal systems to
Ben Dickson 17 February 2021 at 13:14 UTC Updated: 17 June 2021 at 14:32 UTC Open Source Software Supply Chain Attacks Secure Development WhatsApp Facebook Reddit LinkedIn Email Tackling vulnerability
The recent SolarWinds incident has managed to grab headlines outside of our security ecosystem. The many (many) headlines and columns inches dedicated to the event are testament to the security worrie
In what's a novel supply chain attack, a security researcher managed to breach over 35 major companies' internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and
PINELLAS COUNTY, Fla. (WWSB) - Authorities in Pinellas County are investigating after an unknown individual attempted to hack the City of Oldsmar’s water treatment plant system. During a press confere
Water utilities often have few cybersecurity resources and are subject to few regulations. A failed Stuxnet-like attack on Israel's water supply shows how dangerous that could be. Credit: Tuachanwatth
Credit... Illustrations by Guillem Casasus How the United States Lost to Hackers America’s biggest vulnerability in cyberwarfare is hubris. Credit... Illustrations by Guillem Casasus By Published Feb.
Image: Will Dormann A British security researcher has discovered today that a recent security flaw in the Sudo app also impacts the MacOS operating system, and not just Linux and BSD, as initially bel
I have been following the bug bounty and security creator/influencer scenes since they started. And as someone in security who also creates content, I feel very close to it all. What I’ve seen in the
Image: Malwarebytes US cyber-security firm Malwarebytes today said it was hacked by the same group which breached IT software company SolarWinds last year. Malwarebytes said its intrusion is not relat
The number of federal agencies confirmed to have been breached in a suspected Russian espionage campaign will likely increase as the investigation continues, the head of the U.S Cybersecurity and Infr
Users of far-right social media platform Parler included people who posted from inside U.S. military facilities and bases, according to a Motherboard analysis of GPS locations scraped from Parler. The
Cyber-security firm CrowdStrike, one of the companies directly involved in investigating the SolarWinds supply chain attack, said today it identified a third malware strain directly involved in the re
HBR Staff/Unsplash In 2020, the world seemingly entered a new era of cyberattacks. Although there have been decades of viruses, breaches, and other forms of attack, last year saw increased bad actor s
In December 2020, the industry was rocked by the disclosure of a complex supply chain attack against SolarWinds, Inc., a leading provider of network performance monitoring tools used by organizations
4 Min Read (Reuters) - The FBI is investigating a mysterious postcard sent to the home of cybersecurity firm FireEye’s chief executive days after it found initial evidence of a suspected Russian hacki
The Parler App popular with right-wing supporters has been suspended by Amazon store over continued postings by users that incite violence. Photo: Hollie Adams (Getty Images) In the wake of the violen
The US Cybersecurity and Infrastructure Security Agency (CISA) said today that the threat actor behind the SolarWinds hack also used password guessing and password spraying attacks to breach targets a
Widely Used Software Company May Be Entry Point for Huge U.S. Hacking Russian hackers may have piggybacked on a tool developed by JetBrains, which is based in the Czech Republic, to gain access to fed
As Understanding of Russian Hacking Grows, So Does Alarm Those behind the widespread intrusion into government and corporate networks exploited seams in U.S. defenses and gave away nothing to American
RSA has provided more information on the high-profile attack against systems behind the EMC division's flagship SecurID two factor authentication product. The security firm, criticised for its refusal
Microsoft Says Russian Hackers Viewed Some of Its Source Code The hackers gained more access than the company previously understood, though they were unable to modify code or get into its products and
A lot of people are surprised when I tell them that computer security isn’t really a priority in most companies, or for our society in general. I captured this in my piece Why Software Remains Insecur
5 Min Read WASHINGTON (Reuters) - The suspected Russian hackers behind the worst U.S. cyber attack in years leveraged reseller access to Microsoft Corp services to penetrate targets that had no compro
The hacking campaign that infected numerous government agencies and tech companies with malicious SolarWinds software has also infected more than a dozen critical infrastructure companies in the elect
Russians Are Believed to Have Used Microsoft Resellers in Cyberattacks Evidence from the security firm CrowdStrike suggests that companies that sell software on behalf of Microsoft were used to break
2 Min Read WASHINGTON (Reuters) - The U.S. cybersecurity agency said on Wednesday that a sprawling cyber espionage campaign made public earlier this month is affecting state and local governments, alt
As forensic evidence is slowly being unearthed in the aftermath of the SolarWinds supply chain attack, security researchers have discovered a second threat actor that has exploited the SolarWinds soft
Published 18 December 2020 Share page About sharing Image source, Reuters Image caption, The FBI is among those investigating the hacking campaign The US energy department is the latest agency to conf
Image via Mohammad Rezaie Microsoft said it identified more than 40 of its customers that installed trojanized versions of the SolarWinds Orion platform and where hackers escalated intrusions with add
Keith Hoodlet