SecurityWeek

The Pentagon is reconsidering how to make a massive shift to cloud computing, officials said Monday, suggesting it could scrap the so-called JEDI contract potentially worth $10 billion that was awarded to Microsoft Corp. but is mired in legal challenges.

Google has released a new open-source tool called cosign to make it easier to manage the process of signing and verifying container images.

After a ransomware attack forced Colonial Pipeline Company to proactively shut down operations of the largest refined products pipeline in the United States, the company is scrambling to get systems back to normal operating capacity.

Police Chief Will Cunningham came to work four years ago to find that his six-officer department was the victim of a crime.Hackers had taken advantage of a weak password to break in and encrypt the files of the department in Roxana, a small town in Illinois near St. Louis, and were demanding $6,000 of bitcoin.

Researchers at anti-malware vendor Kaspersky are documenting a previously unknown Windows rootkit being used in the toolkit of an APT actor currently targeting diplomatic entities in Asia and Africa.

Four individuals from Eastern Europe have pleaded guilty in a United States court to their roles in a RICO conspiracy. Between 2008 and 2015, the four individuals provided “bulletproof hosting” services that threat actors employed for cyberattacks on entities in the United States.

A total of 16 cybersecurity-related acquisitions were announced in the first part of May 2021 (May 1-9).

The pandemic, among other variables, has greatly accelerated cloud adoption for many organizations in 2021.

The massive blast radius from the Codecov supply chain attack remains shrouded in mystery as security teams continue to assess the fallout from the breach but a handful of victims are starting to publicly acknowledge possible exposure of sensitive developer secrets.

Facebook-owned messaging colossus WhatsApp on Friday retreated again from its plan to force users to accept new terms which critics said could expand data collection from its two billion users around the world.

The city of Chicago on Friday said that employee emails were compromised in a Jones Day data breach involving Accellion’s FTA file sharing service.

Texas-based IT management company SolarWinds on Friday shared more information on the impact of the significant breach disclosed late last year, and claimed that less than 100 of its customers were actually hacked.

The cyberextortion attempt that has forced the shutdown of a vital U.S. pipeline was carried out by a criminal gang known as DarkSide that cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, two people close to the investigation said Sunday.

Operators of the Colonial Pipeline are struggling to get fuel flowing at normal capacity after a cyberattack forced a shutdown of distribution system, the largest refined products pipeline in the United States.

Colonial Pipeline halts all fuel pipeline operations in response to ransomware attack

Agencies in the United States and the United Kingdom on Friday published a joint report providing more details on the activities of the Russian cyberspy group that is believed to be behind the attack on IT management company SolarWinds. The report reveals that the hackers started using the open-source adversary simulation framework Sliver after some of their operations were exposed.

A major survey that like all surveys needs to be examined carefully rather than accepted blindly.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the FiveHands ransomware, roughly one week after FireEye’s Mandiant security researchers reported seeing the malware in recent attacks.

Google this week announced that it is introducing a new policy for the Google Play app store, requiring all developers to provide information on their data collection practices.

Some DNS resolvers are affected by a vulnerability that can be exploited to launch distributed denial-of-service (DDoS) attacks against authoritative DNS servers, a group of researchers warned this week.