Pulse Secure VPN Flaws Exploited to Target US Defense Sector
China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.
Foreign Spies Target British Nationals With Fake Social Media Profiles
British security agency MI5 has launched a new education campaign to warn potential victims of the attacks.
Attackers Compromised Code-Checking Vendor's Tool for Two Months
A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers.
Dept. of Energy Launches Plan to Protect Electric Grid from Cyberattack
Over the next 100 days, the DoE will work with electric utilities to improve visibility, detection, and response for industrial control systems.
2020 Changed Identity Forever; What's Next?
For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.
7 Old IT Things Every New InfoSec Pro Should Know
Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less. ...
Beware the Bug Bounty
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.
White House Scales Back Response to SolarWinds & Exchange Server Attacks
Lessons learned from the Unified Coordination Groups will be used to inform future response efforts, a government official says.
Attackers Test Weak Passwords in Purple Fox Malware Attacks
Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol.
Lazarus Group Uses New Tactic to Evade Detection
Attackers conceal malicious code within a BMP file to slip past security tools designed to detect embedded objects within images.
SolarWinds: A Catalyst for Change & a Cry for Collaboration
Cybersecurity is more than technology or safeguards like zero trust; mostly, it's about collaboration.
Pandemic Drives Greater Need for Endpoint Security
Endpoint security has changed. Can your security plan keep up?
High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in Prison
Fedir Hladyr pleaded guilty in 2019 to conspiracy to commit wire fraud and conspiracy to commit computer hacking.
Security Gaps in IoT Access Control Threaten Devices and Users
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.
Security Gaps in IoT Access Control Threaten Devices and Users
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.
How the Biden Administration Can Make Digital Identity a Reality
A digital identity framework is the answer to the US government's cybersecurity dilemma.
How the Biden Administration Can Make Digital Identity a Reality
A digital identity framework is the answer to the US government's cybersecurity dilemma.
Software Developer Arrested in Computer Sabotage Case
Officials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer.
Google Brings 37 Security Fixes to Chrome 90
The latest version of Google Chrome also introduces HTTPS as the browser's default protocol.
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks.
Japan accuses Chinese military of cyber-attacks on its space agency
200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
Japan accuses Chinese military of cyber-attacks on its space agency
200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
Tool links email addresses to Facebook accounts at scale
Enlarge (credit: Getty Images)
Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...
With details sparse, vendors scramble to make sense of Biden 100-day grid security plan
The Biden administration launched what it called a “bold” 100-day sprint to improve the cybersecurity of electric utilities on Tuesday. The plan was not released in full to the public, or to many vendors who might be instrumental in...
China broke into govt, defense, finance networks via zero-day in Pulse Secure VPN gateways? No way
Crucial flaw won't be fixed until next month Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised via vulnerabilities in their Pulse Connect Secure VPN appliances – including a zero-day...
