All the latest blog posts from the most relevant cyber security companies in the business.

In 2022, we saw broad support behind federal privacy legislation in the US Congress. While the American Data Privacy Protection Act (ADPPA) did not see the president’s pen prior to the midterms, the fact that such a bill saw a committee vote in the House — approved 53–2, with bipartisan support — and both industry…

Researchers analyzing data associated with a recently disclosed zero-day vulnerability in Fortinet’s FortiOS SSL-VPN technology have identified a sophisticated new backdoor specifically designed to run on Fortinet’s FortiGate firewalls. The malware appears to be the work of a China-based threat actor engaged in cyber-espionage operations targeting government organizations and those working with these organizations. It…

What’s the term for when a ransomware group blames a geopolitically awkward attack it appears to have carried out on someone – anyone – else, just not them? Let’s call it getting “Colonial Pipelined,” after the DarkSide group’s disastrous hit on that oil pipeline system led the crime group to kill its brand. Is the…

Fraudsters are getting more sophisticated about how they set up and make adjustments to brand impersonation scam sites — not just for phishing, but for all kinds of consumer fraud. A recent analysis by security researchers at Allure Security illustrates how brand impersonation sites are born, how they progress, and the evolutionary steps that fraudsters…

The US Cybersecurity and Infrastructure Security Agency (CISA) plans to open an office focused on helping the public and private sectors protect their software and IT supply chains. The new office will help organizations implement recently issued CISA policies and guidance related to managing cybersecurity supply chain risk, including issues stemming from malicious functionality, counterfeit…

The Dutch National Cyber Security Centre (NCSC) reported that the websites of several hospital in the Netherlands and Europe were hit by DDoS attacks carried out by pro-Russia hacking group Killnet. The group of hackers launched the offensive against the hospitals in the European countries due to their support for Ukraine. “Hospitals in Europe, including…

Attackers this week locked up the business of London-based ION Cleared Derivatives, a software firm that supports derivatives trading, forcing major European banks to process trades manually and prompting a major futures exchange to delay the settlement of trades for two hours. ION Cleared Derivatives, part of ION Group which offers software designed to automate…

What’s not to love about an international law enforcement operation wreaking disruption on Hive, the ransomware-wielding crime syndicate? But with no suspects in jail, it’s unclear how long this takedown will stick before the bad guys get back their sting. There’s still plenty to celebrate since Hive, one of the world’s most active ransomware groups,…

The nearly $200 million it raised in December will allow Snyk to consolidate the developer security market through organic investment and acquisitions, says CEO Peter McKay. Snyk has focused on giving clients a 360-degree view of applications by integrating open-source security, container security, infrastructure-as-code security and cloud security together, he says. The company’s buy of…

Late last year, a group of threat actors managed to obtain “verified publisher” status through the Microsoft Cloud Partner Program (MCPP). This allowed them to surpass levels of brand impersonation ordinarily seen in phishing campaigns, as they distributed malicious applications bolstered by a verified blue badge only ever given to trusted vendors and service providers…

A recent spate of cyberattacks against small to midsize businesses (SMBs) across Northern Europe was initially believed to be the handiwork of LockBit, but following further investigation, it turns out that a copycat group is using leaked LockBit malware for campaigns of its own. According reports from Belgium’s Computerland publication, the “wannabes,” while not as…