Incident Response
Microsoft, Intel and Goldman Sachs will lead a new work group focusing on supply chain security at the Trusted Computing Group (TCG).
Hi, what are you looking for?
SecurityWeek
Nation-State
The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.
Cyberwarfare
As Xi Jinping advances his vision for China’s dominance by 2049, cybersecurity experts warn that connected technologies—like EV batteries—may quietly serve as tools of...
Funding/M&A
The cash infusion brings Chainguard’s total funding to about $612 million since launching in 2021 and prices the company at $3.5 billion.
Cybersecurity Funding
The funding round brings the total amount raised by the NetRise to roughly $25 million.
Application Security
At SecurityWeek's 2021 CISO Forum, a high-powered panel of experts discussed specific ways an SBOM can improve supply chain security and where expectations may be overblown. ...
Malware & Threats
Security researchers at Kaspersky have spotted signs of the notorious FinSpy surveillance spyware hijacking -- and replacing -- the Windows UEFI bootloader to perform...
Cybercrime
Ransomware attack on U.S. farm incurred $9 million in losses
Cybercrime
Supply chain cyberattack could have wide blast radius through compromised MSPs
Supply Chain Security
The U.S. government’s push for mandatory SBOMs has sent cybersecurity buyers and sellers scrambling to understand the ramifications and prepare for downstream side-effects.
Cloud Security
Research finds that adversaries could detect a new misconfigured container within an average of five hours
Application Security
Google wants to bring “salsa” to drive enforcement at the software supply chain security party.
Application Security
Following a major software supply chain compromise that exposed data for several major companies, developer tools startup CodeCov plans to kill off the Bash...
Incident Response
Rapid7 says unauthorized third-party accessed source code, customer data during Codecov supply chain breach
Application Security
The massive blast radius from the Codecov supply chain attack remains shrouded in mystery as security teams continue to assess the fallout from the...
Incident Response
In a joint document published this week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST)...
Incident Response
Supply Chain Security
It’s a bigger problem than is immediately apparent, and has the potential for hacks as big as Equifax and as widespread as SolarWinds.
Risk Management
The U.S. government is working to draw attention to supply chain vulnerabilities, an issue that received particular attention late last year after suspected Russian...
Supply Chain Security
Join Intel on Wednesday, March 10, at SecurityWeek’s Supply Chain Security Summit, where industry leaders will examine the current state of supply chain attacks....
Cybercrime
Ukraine’s National Security and Defense Council (NSDC) this week published two press releases describing cyberattacks aimed at the country.
Cyberwarfare
Researchers at cybersecurity firm ESET say they have uncovered an espionage campaign that has targeted online gamers in Asia through a compromised software company.
Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.
RegisterLearn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.
RegisterExpert Insights
In the end, cybersecurity isn’t just about collecting data. It’s about proving that your defenses actually work.
(Torsten George)
Despite massive investment, the explosion of sophisticated malware and deepfake attacks persists because organizations struggle to verify digital identities and establish fundamental trust.
(Stu Sjouwerman)
Trying to block AI tools outright is a losing strategy. SaaS and AI are increasingly inseparable, and AI isn’t limited to tools like ChatGPT or Copilot anymore.
(Alastair Paterson)
CTI, digital brand protection and other cyber risk initiatives shouldn’t only be utilized by security and cyber teams.
(Marc Solomon)
Sightline Security’s founder explains why nonprofits need cybersecurity solutions tailored to their unique missions — and why vendors need to listen.
(Jennifer Leggio)