US Goverment Offers $10 Million Reward for Data on Leaders and Members of DarkSide Ransomware Operation The U.S. government wants to find the people responsible for the Colonial Pipeline ransomware attack and it’s putting up multi-million rewards for data on the operators behind the DarkSide extortion campaign. The Department of State on Thursday offered up ..
Tag : Disaster Recovery
The North Korea-linked state-sponsored hacking group Lazarus has started to target the IT supply chain in recent attacks, according to cybersecurity firm Kaspersky. As part of the observed attacks, the group used an updated DeathNote malware cluster, which includes a slightly modified version of BLINDINGCAN, a piece of malware that the U.S. Cybersecurity and Infrastructure ..
Security responders are scrambling this weekend to assess the damage from crypto-mining malware embedded in an npm package (JavaScript library) that counts close to 8 million downloads per week. The hack, which raised eyebrows because of the software supply chain implications, prompted a “critical severity” warning from GitHub that any computer with the embedded npm ..
Tech giant Microsoft has rolled out new security offering to provide non-profit organizationss with additional security in the event of a nation-state attack. Microsoft said the new program would deliver monitoring and notifications for state-sponsored malware activity, assessment of organizational and infrastructure risks to help improve posture, and provide security training, for both IT employees ..
The Linux Foundation has secured a new $10 million investment that will help expand and support the Open Source Security Foundation (OpenSSF). The funding will help OpenSSF focus on identifying and addressing security vulnerabilities in open source software, thus securing the software supply chain. The foundation is also working on the development of best practices, ..
Technology giants Intel Corp. and VMWare joined the Patch Tuesday parade this week, rolling out fixes for security defects that expose users to malicious hacker attacks. Intel released two advisories to fix privilege escalation and information disclosure vulnerabilities in the SGX software development kit and Hardware Accelerated Execution Manager (HAXM) software products. The more serious ..
The Microsoft Patch Tuesday freight train for October rolled in with fixes for at least 71 security defects in Windows products and components and an urgent warning about a newly discovered zero-day cyberespionage campaign. The Redmond, Wash. software maker confirmed in-the-wild exploitation of one of the patched bugs — CVE-2021-40449 — in an exploit chain ..
At SecurityWeek’s 2021 CISO Forum, a high-powered panel of experts discussed specific ways an SBOM can improve supply chain security and where expectations may be overblown. The conversation covers edge cases that are turning out to be more troublesome than anticipated and what might come next after SBOM and where there are opportunities for innovation (e.g., new ..
A threat group is distributing the little-known Sarwent Trojan via a fake website that impersonates Amnesty International and claims to deliver protection against the Pegasus mobile malware. According to security researchers at Cisco Talos, the attack targets individuals who believe they might have been targeted by the NSO Group’s Pegasus spyware and might be associated with ..
Cloud backup company Rewind has announced raising $65 million in a Series B funding round, which brings the total amount invested in the firm to more than $80 million. The funding round was led by private equity and venture capital firm Insight Partners, with participation from Bessemer Venture Partners, FundFire, Inovia Capital, Ridge Ventures, ScaleUp ..