Incident Response
Microsoft, Intel and Goldman Sachs will lead a new work group focusing on supply chain security at the Trusted Computing Group (TCG).
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.
Supply Chain Security
Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.
Malware & Threats
A new APT group called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong.
Application Security
Google sprinkles magic of generative-AI into its open source fuzz testing infrastructure and finds immediate success with code coverage.
Government
The US government's cybersecurity agency describes UEFI as "critical attack surface" that requires urgent security attention.
Funding/M&A
Endor Labs has closed a massive $70 million Series A round of financing to fuel ambitious plans to build a dependency lifecycle management platform.
Application Security
At SecurityWeek's 2021 CISO Forum, a high-powered panel of experts discussed specific ways an SBOM can improve supply chain security and where expectations may be overblown. ...
Malware & Threats
Security researchers at Kaspersky have spotted signs of the notorious FinSpy surveillance spyware hijacking -- and replacing -- the Windows UEFI bootloader to perform...
Cybercrime
Ransomware attack on U.S. farm incurred $9 million in losses
Cybercrime
Supply chain cyberattack could have wide blast radius through compromised MSPs
Supply Chain Security
The U.S. government’s push for mandatory SBOMs has sent cybersecurity buyers and sellers scrambling to understand the ramifications and prepare for downstream side-effects.
Cloud Security
Research finds that adversaries could detect a new misconfigured container within an average of five hours
Application Security
Google wants to bring “salsa” to drive enforcement at the software supply chain security party.
Application Security
Following a major software supply chain compromise that exposed data for several major companies, developer tools startup CodeCov plans to kill off the Bash...
Incident Response
Rapid7 says unauthorized third-party accessed source code, customer data during Codecov supply chain breach
Application Security
The massive blast radius from the Codecov supply chain attack remains shrouded in mystery as security teams continue to assess the fallout from the...
Incident Response
In a joint document published this week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST)...
CISO Strategy
CISO churn is a hidden cybersecurity threat. Major security initiatives or implementations can take longer than the residency of a single CISO, and constant...
Funding/M&A
Cybersecurity Funding
Endpoint Security
Microsoft announced that the latest Windows 11 update (23H2) will bring more support for passkeys and several new security features.
