An investigation at the U.S. Treasury Department has found that it suffered a "significant" breach as a result of the SolarWinds Orion supply chain attack, a top Democrat on the Senate Finance Committee reports. Meanwhile President-elect Joe Biden said of the attack: "I promise you, there will be a response."
Lawmakers are pressing government agencies for answers following disclosures this week about an advanced persistent threat group's massive hacking campaign involving compromised SolarWinds Orion network management software. Secretary of State Mike Pompeo said Friday Russians "engaged in this activity."
Microsoft says it has removed malware related to an expansive hacking campaign that has ensnared thousands of organizations and U.S. government agencies. Meanwhile, CISA warns the SolarWinds Orion supply chain compromise may not be the only infection vector.
Security teams are investing more time and resources in securing corporate networks than ever. As they plan for business continuity, remote work, and the transition to the next new normal, CISOs and security buyers are asking for significant budget increases in 2021.
But as security professionals work hard to protect...
If FireEye - one of the top cybersecurity firms - can't protect itself, how can clients be sure anything from anyone will keep them safe? The myth of a "secured environment" has been revealed to be exactly that.
IT and Security teams are aware of the need for increased collaboration to avoid working against themselves, but is this a realistic goal? As IT takes on more Security tasks, what challenges do they face?
In this spotlight article, completed in partnership with Forrester, we found that the security team is dealing...
Trickbot malware has been updated with a bootkit module, nicknamed Trickboot, which can search for UEFI/BIOS firmware vulnerabilities, according to a report from the security firms Eclypsium and Advanced Intelligence. These flaws, if exploited, can give an attacker the ability to brick a device.
Until May, all Apple iOS devices were vulnerable to a "zero-click exploit" that would have allowed hackers to remotely gain complete control and view all emails, photos, private messages and more, says Google security researcher Ian Beer. He alerted Apple to multiple vulnerabilities - all now patched.
Check Point Research has identified new variants of the long-dormant Bandook spyware that are being used for espionage campaigns across the world targeting government, financial, energy, food industry, healthcare, education, IT and legal organizations.
Could hackers inject malicious code that compromises the synthetic DNA supply chain and ultimately tricks bioengineers into inadvertently developing dangerous viruses or toxins? A new research report says that's a growing concern and calls for robust security measures.
Ransomware continues to pummel many types of organizations, recently including South Korea's E-Land retail group, French newspaper Paris-Normandie and a Georgia county school system. A ransomware hit against hosting giant Managed.com has resulted in ongoing site outages for numerous others.
U.K. Prime Minister Boris Johnson announced Thursday the creation of a National Cyber Force designed to strengthen Britain's cybersecurity posture and give the country new defensive and offensive capabilities. Some security experts, however, are raising concerns about recruiting enough qualified staff members.
Three state-sponsored advanced persistent threat groups - one Russian, two North Korean - have been targeting companies across the globe involved with COVID-19 vaccine and treatment development, Microsoft says.
The lack of automation and actionable threat intelligence may be preventing enterprises from developing the fully functional Cyber Fusion Centers they envision. Anomali's Mark Alba shares ideas on how to change that.