Ben Dickson 17 February 2021 at 13:14 UTC Updated: 17 June 2021 at 14:32 UTC Open Source Software Supply Chain Attacks Secure Development WhatsApp Facebook Reddit LinkedIn Email Tackling vulnerability

The recent SolarWinds incident has managed to grab headlines outside of our security ecosystem. The many (many) headlines and columns inches dedicated to the event are testament to the security worrie

In what's a novel supply chain attack, a security researcher managed to breach over 35 major companies' internal systems, including that of Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and

PINELLAS COUNTY, Fla. (WWSB) - Authorities in Pinellas County are investigating after an unknown individual attempted to hack the City of Oldsmar’s water treatment plant system. During a press confere

Water utilities often have few cybersecurity resources and are subject to few regulations. A failed Stuxnet-like attack on Israel's water supply shows how dangerous that could be. Credit: Tuachanwatth

Credit... Illustrations by Guillem Casasus How the United States Lost to Hackers America’s biggest vulnerability in cyberwarfare is hubris. Credit... Illustrations by Guillem Casasus By Published Feb.

Image: Will Dormann A British security researcher has discovered today that a recent security flaw in the Sudo app also impacts the MacOS operating system, and not just Linux and BSD, as initially bel

I have been following the bug bounty and security creator/influencer scenes since they started. And as someone in security who also creates content, I feel very close to it all. What I’ve seen in the

Image: Malwarebytes US cyber-security firm Malwarebytes today said it was hacked by the same group which breached IT software company SolarWinds last year. Malwarebytes said its intrusion is not relat

The number of federal agencies confirmed to have been breached in a suspected Russian espionage campaign will likely increase as the investigation continues, the head of the U.S Cybersecurity and Infr

Users of far-right social media platform Parler included people who posted from inside U.S. military facilities and bases, according to a Motherboard analysis of GPS locations scraped from Parler. The

Cyber-security firm CrowdStrike, one of the companies directly involved in investigating the SolarWinds supply chain attack, said today it identified a third malware strain directly involved in the re

HBR Staff/Unsplash In 2020, the world seemingly entered a new era of cyberattacks. Although there have been decades of viruses, breaches, and other forms of attack, last year saw increased bad actor s

In December 2020, the industry was rocked by the disclosure of a complex supply chain attack against SolarWinds, Inc., a leading provider of network performance monitoring tools used by organizations

4 Min Read (Reuters) - The FBI is investigating a mysterious postcard sent to the home of cybersecurity firm FireEye’s chief executive days after it found initial evidence of a suspected Russian hacki

The Parler App popular with right-wing supporters has been suspended by Amazon store over continued postings by users that incite violence. Photo: Hollie Adams (Getty Images) In the wake of the violen

The US Cybersecurity and Infrastructure Security Agency (CISA) said today that the threat actor behind the SolarWinds hack also used password guessing and password spraying attacks to breach targets a

Widely Used Software Company May Be Entry Point for Huge U.S. Hacking Russian hackers may have piggybacked on a tool developed by JetBrains, which is based in the Czech Republic, to gain access to fed

As Understanding of Russian Hacking Grows, So Does Alarm Those behind the widespread intrusion into government and corporate networks exploited seams in U.S. defenses and gave away nothing to American

Microsoft Says Russian Hackers Viewed Some of Its Source Code The hackers gained more access than the company previously understood, though they were unable to modify code or get into its products and

A lot of people are surprised when I tell them that computer security isn’t really a priority in most companies, or for our society in general. I captured this in my piece Why Software Remains Insecur

5 Min Read WASHINGTON (Reuters) - The suspected Russian hackers behind the worst U.S. cyber attack in years leveraged reseller access to Microsoft Corp services to penetrate targets that had no compro

The hacking campaign that infected numerous government agencies and tech companies with malicious SolarWinds software has also infected more than a dozen critical infrastructure companies in the elect

Russians Are Believed to Have Used Microsoft Resellers in Cyberattacks Evidence from the security firm CrowdStrike suggests that companies that sell software on behalf of Microsoft were used to break

2 Min Read WASHINGTON (Reuters) - The U.S. cybersecurity agency said on Wednesday that a sprawling cyber espionage campaign made public earlier this month is affecting state and local governments, alt

As forensic evidence is slowly being unearthed in the aftermath of the SolarWinds supply chain attack, security researchers have discovered a second threat actor that has exploited the SolarWinds soft

Published 18 December 2020 Share page About sharing Image source, Reuters Image caption, The FBI is among those investigating the hacking campaign The US energy department is the latest agency to conf

Image via Mohammad Rezaie Microsoft said it identified more than 40 of its customers that installed trojanized versions of the SolarWinds Orion platform and where hackers escalated intrusions with add

1 Min Read FILE PHOTO: A Microsoft logo is seen in Los Angeles, California U.S. November 7, 2017. REUTERS/Lucy Nicholson WASHINGTON (Reuters) - Microsoft was hacked as part of the suspected Russian ca

Hackers accessed systems at the National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile. The Energy Department and National Nuclear Security Administration have ev

I Was the Homeland Security Adviser to Trump. We’re Being Hacked. The magnitude of this national security breach is hard to overstate. Dec. 16, 2020 By Mr. Bossert was the homeland security adviser to

Scope of Russian Hacking Becomes Clear: Multiple U.S. Agencies Were Hit The Pentagon, intelligence agencies, nuclear labs and Fortune 500 companies use software that was found to have been compromised

By Reuters Staff 1 Min Read FILE PHOTO: U.S. Department of Homeland Security emblem is pictured at the National Cybersecurity & Communications Integration Center (NCCIC) located just outside Washingto

Russian government hackers breached the Treasury and Commerce departments, along with other U.S. government agencies, as part of a global espionage campaign that stretches back months, according to pe

1 Min Read WASHINGTON (Reuters) - IT company SolarWinds said on Sunday that monitoring products it released in March and June of this year may have been surreptitiously tampered with in a “highly-soph

Image: UiPath Tech unicorn UiPath, a startup that makes robotics automation software, is currently emailing users about a security incident that exposed their personal information online. "On December

4 Min Read LONDON (Reuters) - U.S. drugmaker Pfizer and its German partner BioNTech said on Wednesday that documents related to development of their COVID-19 vaccine had been “unlawfully accessed” in

FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State The Silicon Valley company said hackers — almost certainly Russian — made off with tools that could be used to mount new attacks

Enlarge / That's a lot of screen. Samuel Axon Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers r