SecurityWeek

The U.S. National Security Agency (NSA) has published guidance on how security professionals can secure enterprise networks and sensitive data by adopting a Zero Trust security model.

State and local governments will be required to spend a portion of nearly $1.9 billion in annual federal public safety grants on the fight against domestic extremism and improved cybersecurity, the Department of Homeland Security said Thursday.

Many cybersecurity-related mergers and acquisitions were announced in February 2021, including by Akamai, Proofpoint, SentinelOne, Tenable, CrowdStrike and Palo Alto Networks.

A critical vulnerability discovered in a firewall appliance made by Germany-based cybersecurity company Genua could be useful to threat actors once they’ve gained access to an organization’s network, according to Austrian cybersecurity consultancy SEC Consult.

IT asset management company Axonius has raised $100 million in Series D funding, the company told SecurityWeek Sunday. Led by private equity firm Stripes, the latest funding round brings the total amount raised by the New York based company to $195 million at more than $1 billion valuation.

A federal judge on Friday approved a $650 million settlement of a privacy lawsuit against Facebook for allegedly using photo face-tagging and other biometric data without the permission of its users.

HYAS, a Victoria, Canada-based provider of threat intelligence based on adversary infrastructure, announced this week that it has closed a $16 million Series B round of funding led by S3 Ventures. 

Having trouble scoring a COVID-19 vaccine appointment? You’re not alone. To cope, some people are turning to bots that scan overwhelmed websites and send alerts on social media when slots open up.

In early 2021, a Chinese threat actor tracked as TA413 attempted to hack into the Gmail accounts of Tibetan organizations using a malicious browser extension, researchers with cybersecurity firm Proofpoint have discovered.

An analysis of 40 COVID-19 contact tracing applications for Android has led to the discovery of numerous security and privacy issues, according to a new research paper.Contact tracing applications have been created to help authorities automate the process of identifying those who have been in close contact with infected individuals.

Microsoft on Thursday announced the open source availability of CodeQL queries that it used during its investigation into the SolarWinds attack.

Industrial organizations have been warned this week that a critical authentication bypass vulnerability can allow hackers to remotely compromise programmable logic controllers (PLCs) made by industrial automation giant Rockwell Automation.

TikTok’s Chinese parent company ByteDance has agreed to pay $92 million in a settlement to U.S. users who are part of a class-action lawsuit alleging that the video-sharing app failed to get their consent to collect data in violation of a strict Illinois privacy law.

During an attack on the defense industry, the North Korea-linked threat group known as Lazarus was able to exfiltrate data from a restricted network segment by taking control of a router and setting it up as a proxy server.

Cisco this week released patches for over a dozen vulnerabilities affecting multiple products, including three critical bugs impacting its ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software.

Ukraine’s National Security and Defense Council (NSDC) this week published two press releases describing cyberattacks aimed at the country.

Security Teams Need the Ability to Launch a Coordinated and Consistent Response to Threats Using a Variety of Tools

Silicon Valley-based venture capital giant Sequoia Capital said the recently disclosed data breach was apparently the result of a business email compromise (BEC) attack attempt.

Google and the Linux Foundation this week announced the prioritizing of funds to allow long-time Linux kernel maintainers Gustavo Silva and Nathan Chancellor to focus on improving the security of the platform.