Wednesday, April 21, 2021
SC Magazine

With details sparse, vendors scramble to make sense of Biden 100-day grid security plan

The Biden administration launched what it called a “bold” 100-day sprint to improve the cybersecurity of electric utilities on Tuesday. The plan was not released in full to the public, or to many vendors who might be instrumental in...
SC Magazine

Hackers exploit unpatched vulnerabilities, zero day to attack governments and contractors

While the cybersecurity community pumps out a seemingly unending list of newly discovered software and hardware vulnerabilities each day, many organizations are far more likely to be compromised in part or in whole by older flaws that have yet...
SC Magazine

Foreign threat actors used fake LinkedIn profiles to lure 10,000 UK nationals

Some 10,000 U.K. nationals have been lured on LinkedIn over the past five years by fake profiles tied to hostile nation-state threat actors The story was first reported by BBC, which attributed the news to MI5, the British spy agency...
SC Magazine

Grip Security grabs more cash to lead ‘gold rush’ to cloud security development

Cloud application security startup Grip Security emerged from stealth today with $6 million in seed funding, underscoring how modern software development and the cloud are becoming increasingly entwined. The company, started by three Israeli citizens who met while serving in...
SC Magazine

‘Every day is game day:’ Sports psychology expert applies his skills to cybersecurity

Baseball can be a game of heart-stopping pressure. One that requires patience, perseverance, stamina and resilience. One could say the same for cybersecurity – only the stakes are higher. After all, that shiny “trophy” your cyber opponents are after consists...
SC Magazine

White House closes SolarWinds, Microsoft Exchange focus groups, signaling return to normalcy

Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger announced Monday morning that the White House would be closing its coordinating groups for the SolarWinds and Exchange hacking campaigns. It’s a move that may signal a return...
SC Magazine

Chinese threat actors extract big data and sell it on the dark web

Researchers on Monday reported that cybercriminals are taking advantage of China’s push to become a leader in big data by extracting legitimate big data sources and selling the stolen data on the Chinese-language dark web. The stolen data ranges...
SC Magazine

Will the CodeCov breach become the next big software supply chain hack?

It’s always good to have your radar up on April Fool’s Day, constantly on the lookout for potential pranks or tomfoolery. For one company, what they discovered on April 1 was far from a joke. Yesterday, software company Codecov, which...
SC Magazine

Google won’t reveal technical details on patches for 30 days if vendors hit deadlines

Google’s Project Zero on Thursday said it won’t share technical details of a vulnerability for 30 days if a vendor patches it before the 90-day or 7-day deadline set by Google. In a public post, Project Zero said the 30-day...
SC Magazine

Cyber nonprofits ask billionaire philanthropists to show them some love

A contingent of leading cybersecurity organizations and nonprofits published an open letter on Friday, calling for large philanthropic foundations and internet billionaires to consider donating to their causes, citing a paucity of available grants and funds. Posted at CyberPhilanthrophy.org, the letter links...
SC Magazine

Hack The Box looks to expand in America, add new functions to ‘hacking experiences’ suite

Following its announcement of $10.6 million in Series A funding earlier this week, U.K.-based Hack The Box has ambitious plans for the future – and opening a new office in the United States tops the list. Hack The Box claims...
SC Magazine

What to do when a bug bounty request sounds more like extortion

Not all vulnerability hunters play by the rules. There are some who are more concerned about scoring a big payday than ensuring a bug is responsibly disclosed and fixed before malicious actors can take advantage. But there are tactics...
SC Magazine

Research details how cybersecurity’s reputation rose in the pandemic’s first months

The early phases of the COVID-19 pandemic had a positive impact on the cybersecurity profession, raising the profile of chief information security officers and others within their organizations, and giving them a new sense that their work and expertise were appreciated.  “The overall...
SC Magazine

Should NSA monitor your networks? Director Nakasone says no, ‘I’m not seeking legal authorities’

At a pair of hearings on Wednesday and Thursday that dissected the U.S. intelligence community’s annual Worldwide Threats Report, National Security Agency and U.S. Cyber Command Director Paul Nakasone again pushed back against a brewing Senate plan for the...
SC Magazine

US takes sweeping action against Russia for years of hacking and election interference

Anticipated for months, the Biden administration unveiled a sweeping set of sanctions and other actions against the Russian government, as well as private individuals and a number of Russian tech and defense companies, that U.S. authorities claim assisted Russian...
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…

Tool links email addresses to Facebook accounts at scale

Enlarge (credit: Getty Images) Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...
SC Magazine

With details sparse, vendors scramble to make sense of Biden 100-day grid security plan

The Biden administration launched what it called a “bold” 100-day sprint to improve the cybersecurity of electric utilities on Tuesday. The plan was not released in full to the public, or to many vendors who might be instrumental in...
The Register

China broke into govt, defense, finance networks via zero-day in Pulse Secure VPN gateways? No way

Crucial flaw won't be fixed until next month Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised via vulnerabilities in their Pulse Connect Secure VPN appliances – including a zero-day...