Court Awards Merck $1.4B Insurance Claim Over NotPetya Cyberattack
New Jersey court delivers summary judgment against insurance company’s refusal to pay based on war exclusion clause
read more
Microsoft Restricts Excel 4.0 Macros by Default
Microsoft has announced improved security for the users of its flagship Office productivity suite, courtesy of Excel 4.0 (XLM) macros now being restricted by default.
read more
Facebook Trumpets Massive New Supercomputer
Facebook's parent company Meta announced on Monday it was launching one of the world's most powerful supercomputers to boost its capacity to process data, despite persistent disputes over privacy and disinformation.
read more
CWP Flaws That Expose Servers to Remote Attacks Possibly Exploited in the Wild
Researchers discovered that the Control Web Panel (CWP) web hosting panel is affected by two serious vulnerabilities that can allow attackers to remotely hack servers, and it’s possible that they may have already been exploited in the wild.
read more
Hacked AccessPress Site Served Backdoored WordPress Plugins, Themes
Unknown threat actors implanted backdoor code into multiple WordPress themes and plugins after compromising the website of their developer, Automattic’s Jatpack security research team reports.
read more
GDPR Fines Surged Sevenfold to $1.25 Billion in 2021: Study
Fines issued for GDPR non-compliance increased sevenfold from 2020 to 2021, analysis shows
read more
Assange Wins First Stage in Effort to Appeal US Extradition
WikiLeaks founder Julian Assange on Monday won the first stage of his effort to overturn a U.K. ruling that opened the door for his extradition to U.S. to stand trial on espionage charges.
read more
Ukraine Attack: Hackers Had Access for Months Before Causing Damage
In the recent attack aimed at the Ukrainian government, the attackers likely had access to the targeted network for months before causing damage, according to Cisco’s Talos threat intelligence and research unit.
read more
Russian Authorities Arrest Head of International Cybercrime Group
Four individuals believed to be members of the international cyber theft ring known as the “Infraud Organization” were arrested in Russia, news agency TASS reports.
read more
Cloud Security Provider Anitian Raises $55 Million
Cloud security and compliance automation startup Anitian this week closed a $55 million Series B funding round led by Sageview Capital.
The new investment brings the total raised by Anitian $71 million and provides fresh capital to fuel ambitious expansion...
CISA Releases Final IPv6 Security Guidance for Federal Agencies
The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released the final version of its IPv6 security guidance for federal agencies.
read more
DoH Makes It Difficult to Track Botnets: Spamhaus
The use of DNS over HTTPS (DoH) for command and control communications is making it more difficult to track botnets, according to anti-spam nonprofit Spamhaus.
read more
F5 Patches Two Dozen Vulnerabilities in BIG-IP
Cloud security and application delivery solutions provider F5 this week announced patches for 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products.
A total of 23 security flaws were addressed in the BIG-IP application delivery controller (ADC), including 13 high-severity...
Industry Reactions to Biden Cybersecurity Memo: Feedback Friday
U.S. President Joe Biden this week signed a memorandum on boosting the cybersecurity of National Security, Department of Defense, and Intelligence Community Systems.
read more
High-Severity Vulnerabilities Patched in McAfee Enterprise Product
Two high-severity vulnerabilities that can be exploited for privilege escalation have been patched in a McAfee enterprise product component.
read more
Dark Web Chatter: What Other Russian Hackers Are Saying About the REvil Arrests
The takedown of the REvil ransomware gang by the Russian FSB on January 14, 2022, took the world by surprise. Before this, the unwritten rule was that hackers would be safe in Russia provided they did not attack Russia.
read...
FBI Warns Organizations of Diavol Ransomware Attacks
The Federal Bureau of Investigation (FBI) this week shared a series of indicators of compromise (IoCs) associated with the Diavol ransomware family.
read more
Nigerian Authorities Arrest 11 Members of Prolific BEC Fraud Group
Nigerian authorities have arrested 11 individuals believed to be members of the business email compromise (BEC) crime ring tracked as SilverTerrier.
The 11 suspects were arrested as part of a 10-day operation (December 13-22, 2021) in which the Nigerian Police...
Security Scanners Across Europe Tied to China Govt, Military
At some of the world’s most sensitive spots, authorities have installed security screening devices made by a single Chinese company with deep ties to China’s military and the highest levels of the ruling Communist Party.
read more
Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open
New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.
A flaw in Rust Programming language could allow to delete files and directories
The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories from a vulnerable system.
The maintainers of the Rust programming language have released a security update for a high-severity...
MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists
State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.
DHS Sounds Alarm on Potential for Major Russian Cyberattacks on US
Latest bulletin out of DHS advises state and local governments, critical infrastructure operators to be on alert.
The Case for Backing Up Source Code
As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.
