In his first remarks about the massive hacking operation that leveraged a tainted SolarWinds Orion software update, President Donald Trump on Saturday downplayed the seriousness of the incident and contradicted Secretary of State Mike Pompeo, who had pointed a finger at Russia.
The NSA has issued a warning about two hacking techniques that could allow threat actors to access cloud resources by bypassing authentication mechanisms. The alert follows a week's worth of revelations over the SolarWinds breach that has affected government agencies and other organizations.
Lawmakers are pressing government agencies for answers following disclosures this week about an advanced persistent threat group's massive hacking campaign involving compromised SolarWinds Orion network management software. Secretary of State Mike Pompeo said Friday Russians "engaged in this activity."
Microsoft says it has removed malware related to an expansive hacking campaign that has ensnared thousands of organizations and U.S. government agencies. Meanwhile, CISA warns the SolarWinds Orion supply chain compromise may not be the only infection vector.
The FBI is warning of increased activity - including disruption of a police dispatch system - by the operators of DoppelPaymer, a ransomware variant linked to high-profile attacks over the last several months. The cybercriminals also are calling victims to pressure them into paying ransoms.
Assets worth $4 million have been seized by authorities in Singapore from the former CEO of Phantom Secure, a now-defunct encrypted telecommunications services provider that offered services to transnational organized criminal syndicates, according to the U.S. Justice Department.
Researchers at the security firm Avast have found 28 malicious third-party browser extensions used with Google Chrome and Microsoft Edge that have been downloaded about 3 million times. These extensions are capable of spreading malware, stealing information and altering search engine results.
Over the past two months, several Israeli firms have been targeted with a ransomware variant called Pay2Key. Now, security firm ClearSky says the crypto-locking malware is linked to an Iranian threat group called Fox Kitten.
Brand impersonation - it isn't just a marketing or reputational issue. It's an InfoSec problem, says Shashi Prakash, CTO and co-founder of Bolster. He describes the growing problem and why security is best positioned to lead detection and response.
Intel and Cisco are among the thousands of SolarWinds Orion customers that were running a Trojanized version of the security software. FireEye, together with Microsoft and GoDaddy, have devised a "kill switch" to disrupt attackers' ability to access the malware on at least some infected systems.
Following its exposure of personal information on 130,000 individuals in an unsecured cloud database, SkyMed International, a company that provides medical emergency travel services, must revamp its security practices, according to a proposed Federal Trade Commission settlement.
A previously documented cryptomining worm dubbed Gitpaste-12 has returned with a wide-ranging series of attacks targeting web applications and IoT devices that exploit at least 31 vulnerabilities, according to Juniper Threat Labs.
By some estimates, there are more than 3,500 cybersecurity vendors, and the market is growing more crowded, noisy and competitive. How does one be the signal and not the noise? Six Israeli cybersecurity marketing executives share their passionate views.