SecurityWeek

The SolarWinds hacking campaign blamed on Russian spies and the “grave threat” it poses to U.S. national security are widely known. A very different — and no less alarming — coordinated series of intrusions also detected in December has gotten considerably less public attention.

The Williams team presented its new Formula One car on Friday — after hackers foiled plans for an “augmented reality” launch — revealing a livery inspired by its “all-conquering cars of the 1980s and 1990s.”The British team enters its first full season under the ownership of US-based investment firm Dorilton Capital.

Microsoft on Friday released alternative mitigation measures for organizations who have not been able to immediately apply emergency out-of-band patches released earlier this week that address vulnerabilities being exploited to siphon e-mail data from corporate Microsoft Exchange servers.

The creator of McAfee computer security software faces charges he cashed in on a "pump-and-dump" scheme, promoting cryptocurrencies on Twitter to drive up their value.

Thousands of mobile applications expose user data through insecurely implemented cloud containers, according to a new report from security vendor Zimperium.

The recent disruption of Emotet, conducted by a worldwide coalition of law enforcement agencies, has huge significance. There are the obvious cybersecurity implications of disrupting what’s been called the “most dangerous malware in the world,” but it’s also a strong reminder of the importance of public and private collaboration in fighting cybercrime.

SITA, a multinational company that specializes in air transport communications and IT, this week confirmed falling victim to a cyberattack that appears to have impacted multiple airlines around the world.

The U.S. National Security Agency and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) this week published joint guidance on Protective DNS (PDNS).Designed to translate domain names into IP addresses, the Domain Name System (DNS) is a key component of Internet and network communications.

Hacker groups linked to Russian intelligence conducted cyber-attacks against top Lithuanian officials and decision-makers last year and used the Baltic nation’s technology infrastructure as a base to hit targets elsewhere, a report by Lithuania’s intelligence service said Thursday.

Server and storage technology giant Supermicro and secure access solutions provider Pulse Secure have issued advisories to inform users that some of their products are vulnerable to the Trickbot malware’s ability to target firmware.

Microsoft and cybersecurity firm FireEye on Thursday published blog posts detailing several new pieces of malware that they believe are linked to the hackers behind the supply chain attack targeting Texas-based IT management solutions provider SolarWinds.

South Africa's information regulator has protested WhatsApp's plans to share user data with Facebook, vowing to engage directly with the popular messaging app to ensure its compliance to national privacy laws.

Since the beginning of this year, an unknown threat actor has been hacking cybercrime forums and leaking user data publicly or offering it for sale.

A total of five vulnerabilities that could lead to local privilege escalation were recently identified and fixed in the Linux kernel.Identified by Positive Technologies security researcher Alexander Popov, the high severity bugs resided in the virtual socket implementation of the Linux kernel.

Managed services provider CompuCom was recently targeted in a cyberattack that led to some disruption to customer services and internal operations.

Security researchers with threat intelligence firm Gemini Advisory say they have observed dark web activities related to bypassing 3D Secure (3DS), which is designed to improve the security of online credit and debit card transactions.

A mysterious cybercrime group apparently driven by profit has been targeting industrial organizations in Europe, Asia and North America as part of an information theft campaign.

Germany security officials are proposing that Internet companies should link a user’s real-world identity to all of their instant messages, emails and other online communication, prompting criticism from digital rights activists.

Cisco informed customers on Wednesday that several of its products are exposed to denial-of-service (DoS) attacks due to a vulnerability in the Snort detection engine.

Security researchers warn that multiple cyber-espionage groups are targeting the recently addressed zero-day vulnerabilities in Microsoft Exchange Server and say that more than 300 web shells have been identified on the compromised servers.