Software vendor SolarWinds did not enable ASLR anti-exploit mitigation that was available since the launch of Windows Vista in 2006, allowing the attackers to launch targeted attacks in July. click here to read full...
The House began debate Wednesday on legislation that would require companies that own or operate parts of the nation’s critical infrastructure to report a cyberattack or breach within 72 hours. click here to read...
Autodesk has confirmed that it was also targeted by the Russian state hackers behind the large-scale SolarWinds Orion supply-chain attack. One of its servers was backdoored with Sunburst malware. click here to read full...
The White House ordered U.S. agencies to improve their logging capabilities to better track when attackers target their networks and data, according to a memo from the Office of Management and Budget. click here...
The Russian hackers who orchestrated the SolarWinds supply chain attack pivoted to the internal network of the US DoJ, from where they gained access to Microsoft Office 365 email accounts belonging to employees at...
SolarWinds has been notified by Microsoft of a critical zero-day vulnerability in its Serv-U product line. The research found a limited number of impacted customers. Organizations are suggested to follow the recommendations provided by security...
Tonight, Microsoft disclosed that the attacks on the US Defense Industrial Base Sector and software companies are attributed with high confidence to a China-based threat group tracked as ‘DEV-0322.’ click here to read full...
SolarWinds is urging customers to patch a Serv-U remote code execution vulnerability that was exploited in the wild by “a single threat actor” in attacks targeting a limited number of customers. click here to...
The Biden Administration imposed sanctions on Russia, ordered new cybersecurity standards for federal contracts with software companies, and chose the nation’s first National Cyber Director. click here to read full Article Read More on...
The network intrusion was revealed by the technology outlet Version2, which obtained official documents from the Danish central bank through a freedom of information request. click here to read full Article Read more on...
The NIST published its definition of what “critical software” means for the U.S. government, as the agency begins working on the requirements laid by the President’s executive order on cybersecurity. click here to read...
CISOs are looking for scalable, long-term strategies that could proactively protect their enterprise environment and prevent cybercriminals from exploiting vulnerabilities during crisis situations. click here to read full Article Read More on latest Security...
Microsoft said on Friday an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers. click here to read full Article Read...
A Senate bill, the International Cybercrime Prevention Act, would increase the criminal penalties for attackers who target U.S. critical infrastructure, such as power plants and hospitals. click here to read full Article Read More...
The SolarWinds hack, one of the largest cybersecurity incidents in U.S. history, may have been deterred or minimized if basic security measures had been put in place, a CISA official acknowledged. click here to...
SolarWinds response team recounts early days of attack click here to read full Article Read More on latest Security Updates
