Organizations in the APAC region are not immune to the impact of the SolarWinds supply chain hack, so it's essential that they reassess their risk management practices and audit their suppliers, two security experts stress.
With ransomware continuing to fuel a massive surge in illicit profits, some experts have been calling on governments to launch offensive hacking teams to target cybercrime cartels. They're also calling for a review of cyber insurance payouts being used to fund ransoms.
Websites advertising pirated and cracked software are being used to deliver an updated version of the DanaBot banking Trojan, which can steal individuals' online banking credentials, according to Proofpoint.
More breach victims are emerging as a result of exploits of an unpatched vulnerability in an aging file transfer application from Accellion. The latest announcement comes from the Australian Securities and Investments Commission, which says recent credit license applications were accessed.
When he co-founded the firm Beyond Identity in 2020, serial entrepreneur Jim Clark said he felt somewhat responsible for the proliferation of passwords. Now he and partner Tom Jermoluk are doing something about it. They are providing access to their passwordless technology for free. Clark explains why.
Email security vendor Mimecast confirmed Tuesday that the hackers responsible for the SolarWinds supply chain hack also breached the security firm's network to compromise a digital certificate that encrypts data that moves between some of the firm's products and Microsoft's servers.
The SolarWinds supply chain compromise has raised questions over how to detect software that has been tainted during the vendor's development and build process. A concept called verified reproducible builds could help, says David Wheeler of the Linux Foundation.
A Russian national who served as the administrator for the now-defunct Deer.io online clearinghouse - which sold stolen credentials, hacked servers and criminal services, such as assistance performing hacking activities - has pleaded guilty to a federal charge.
Security vendor SonicWall is investigating what the company calls a "coordinated attack" against its internal network by threat actors using a zero-day exploit within the company's remote access products. SonicWall is urging customers to apply temporary fixes to secure VPNs and gateways.
Fraudsters are using Google forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to identify targets for a possible follow-up business email compromise attack.
The new Biden administration has pledged to hold Russia accountable for its recent "reckless and adversarial" actions and has ordered a full-scale intelligence review of the SolarWinds hack. The moves signal the importance of cybersecurity to President Biden's national security agenda.