SecurityWeek

A cyber-espionage group believed to be sponsored by the Chinese government has been observed targeting military organizations in Southeast Asia in attacks involving previously undocumented malware, Bitdefender reported on Wednesday.

An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed “judiciously” in the future as the Justice Department, aware of privacy concerns, develops a framework for it

Manual penetration testing (pen-testing) is increasingly challenged by automated methods of vulnerability discovery and management. The reasons are not difficult to understand: the cost and coverage of manual testing is too high and too limited.

SecurityWeek discusses what makes a good leader with two CISOs – Jennifer Watson of Raytheon Intelligence & Space and Mary Haigh of BAE Systems.

Google on Wednesday began a legal bid at Britain's highest court to try to block a class action alleging that it illegally tracked millions of iPhone users. The hearing at the Supreme Court will hear arguments for two days before judges decide whether the claim against the internet search giant should proceed.

In a letter to the United States House Committee on Appropriations, two members of the Cyberspace Solarium Commission are asking for an increase in funding for the Cybersecurity and Infrastructure Security Agency (CISA) in fiscal year 2022.

Navy SEAL platoons are beefing up capabilities in cyber and electronic warfare and unmanned systems, honing their skills to collect intelligence

Many organizations assume that once security controls are put in place, they will be effective indefinitely

DevSecOps company Sysdig on Wednesday announced becoming a “unicorn” after raising $188 million in a Series F funding round at a valuation of $1.19 billion.

New service can tell a company which users have a password known to hackers, without having to know the usernames

A widespread disinformation campaign dubbed Ghostwriter is believed to be the work of a state-sponsored cyber-espionage group, cybersecurity firm FireEye reported on Wednesday.

An update released this week by Google for Chrome 90 patches yet another serious vulnerability affecting the V8 JavaScript engine used by the web browser.The flaw, tracked as CVE-2021-21227 and rated high severity, was reported to Google by researcher Gengming Liu from Chinese cybersecurity firm Singular Security Lab.

The FBI and DHS have issued a Joint Cybersecurity Advisory on the threat posed by the Russian Foreign Intelligence Service (SVR) via the cyber actor known as APT 29 (aka the Dukes, Cozy Bear, Yttrium and CozyDuke).

Fraud prevention technology provider Sift is now the 11th cybersecurity company to reach “unicorn” status in 2021, following a new $50 million round of venture capital funding.

Cyber hygiene and patch management company Automox on Tuesday announced raising $110 million in a Series C funding round that brings the total raised by the firm to more than $152 million.

Adobe this week announced the open-source availability of ‘One-Stop Anomaly Shop’ (OSAS), a new tool designed to help security teams discover anomalies in datasets.

Power management solutions provider Eaton has released patches for its Intelligent Power Manager (IPM) software to address several potentially serious vulnerabilities, including ones that researchers say could allow hackers to disrupt power supply.

In a joint document published this week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) provide information on software supply chain attacks, the associated risks, and how organizations can mitigate them.

Apple has patched a serious security bypass vulnerability in macOS that has been exploited in the wild by at least one threat group.