SecurityWeek

Email security company Mimecast on Tuesday revealed that a sophisticated threat actor had obtained a certificate provided to certain customers.

A watchdog agency for the U.S. Census Bureau says that proper information-technology security safeguards weren’t in place leading up to the start of the 2020 census last year, but the statistical agency disputes some of the findings and says no data was compromised.

German software maker SAP has published 10 advisories to document flaws and fixes for a range of serious security vulnerabilities.

Microsoft on Tuesday released the first batch of security patches for 2021 with fixes for 83 documented security vulnerabilities, including a "critical" bug in the Defender security product that's being actively exploited.

Data protection and compliance solutions provider HITRUST has announced the release of new Shared Responsibility Matrices for Amazon Web Services (AWS) and Microsoft Azure.

Microsoft on Monday announced that Microsoft Defender for Endpoint on Linux now provides endpoint detection and response (EDR) capabilities to all users.

Adobe on Tuesday released its first round of security updates for 2021, just as the company starts blocking Flash content.

At the virtual Consumer Electronics Show (CES) on Monday, chipmaker Intel announced CPU-based ransomware detection capabilities have been fitted directly into the Intel vPro platform.  

IT and OT Teams in Critical Infrastructure and Manufacturing Companies Must be Able to Proactively Manage Risk

A German-led police operation has taken down the "world's largest" darknet marketplace, whose Australian alleged operator used it to facilitate the sale of drugs, stolen credit card data and malware, prosecutors said Tuesday.

One researcher said he earned $30,000 from Facebook for finding a vulnerability that could have been exploited to create invisible posts on any page. The same amount was paid out to a different researcher for an account hijacking flaw.

American technology company Ubiquiti this week revealed that one of its third-party cloud providers suffered a data breach.

CrowdStrike, one of the cybersecurity companies called in by IT management firm SolarWinds to investigate the recently disclosed supply chain attack, on Monday shared details about a piece of malware used by the attackers to insert a backdoor into SolarWinds’ Orion product.

The United States National Security Agency (NSA) has released its 2020 Cybersecurity Year in Review report, which summarizes the NSA Cybersecurity Directorate's first full year of operation.

Bitdefender on Monday announced the availability of a free tool that organizations can use to recover files encrypted by DarkSide, a piece of ransomware that cybercriminals claim helped them make millions.

It's a done deal. Investment firm Francisco Partners said on Monday that has completed the previously announced acquisition of Forcepoint from Raytheon Technologies.

Security researchers with Sakura Samurai identified exposed GitHub credentials on a United Nations Environment Programme (UNEP) subdomain, which allowed them to access a trove of data, including more than 100,000 employee records.

Similarities Found Between Malware Used in SolarWinds Attack and Backdoor Linked to Turla Cyberspies

Researchers have found a way to clone Google’s Titan Security Keys through a side-channel attack, but conducting an attack requires physical access to a device for several hours, as well as technical skills, custom software, and relatively expensive equipment.