For years, Russian advanced persistent threat (APT) actors have been observed launching various cyberattacks against Ukrainian targets, with some of these groups believed to be part of or under the direct supervision of Moscow’s secret service. Over the past months, at least two Russian state-sponsored groups have been observed launching cyberattacks against Ukraine, namely Gamaredon,…

Active since at least 2009, Lazarus is the most active North Korean state-sponsored hacking group, with numerous factions operating under its umbrella. Believed to have orchestrated various high-profile cyberattacks, the group stole $400 million worth of crypto-assets last year. Two different macro-enabled decoy documents masquerading as job opportunities at American global security and aerospace giant…

The company’s researchers have analyzed the roughly 2,600 data leaks that resulted from ransomware attacks in 2021 and determined that approximately 1,300 of them impacted critical infrastructure and industrial organizations. An investigation of 70 of these leaks showed that ten of them contained technically sensitive OT information. Mandiant’s analysis included manually browsing through file listings…

This is a result of basic mechanics: “When one object exerts a force on a second object, the second one exerts a force on the first that is equal in magnitude and opposite in direction.” In cyber, it means that when defenses get stronger, attackers get more sophisticated; and when attackers get more sophisticated, defenses…

Security today relies on cryptography, an information-protection technology that uses algorithms to transform messages into a form that is difficult for a third party to decipher. For decades, computers and networks have relied on cryptography to provide confidentiality and integrity, and for common tasks like authentication. Arguably, it has become the backbone of modern cybersecurity…

Led by Tiger Global and Alkeon, the latest funding round values the company at $1.5 billion. Veriff says that its video-first technology leverages more than 1,000 data points and an AI-powered decision engine that can analyze more than 10,000 variations of government-issued IDs from over 190 countries in 40 different languages. The company claims that…

California-based engineer and entrepreneur Lou Montulli said the original “cookie” he created decades ago was intended to make life online easier by letting websites remember visitors. Yet the technology has become a lightning rod, attacked for helping tech companies collect data on consumers’ habits key to the targeted web ad business that makes many billions…

If there existed a prize for the most pervasive, critical, and least-known middleware technology, the Data Distribution Service (DDS) standard would certainly win it. When we first presented the results of this research at the Black Hat Europe Briefings, the audience appeared to be completely unaware (embarrassed, even) that the DDS drives railways, autonomous cars,…

DevOps security firm JFrog released three open source security tools in response to recent issues with software registry npm to help JavaScript developers detect and prevent the installation of problematic packages. Software supply chain attacks are becoming a big problem in the open source software ecosystem, with attackers sneaking information stealers, keyloggers, and other types…