Organizations in the APAC region are not immune to the impact of the SolarWinds supply chain hack, so it's essential that they reassess their risk management practices and audit their suppliers, two security experts stress.
A multinational law enforcement operation has disrupted the Emotet botnet's infrastructure by gaining control of hundreds of servers, Europol reports. Some cybersecurity experts, however, expect the botnet operation to rebound.
With ransomware continuing to fuel a massive surge in illicit profits, some experts have been calling on governments to launch offensive hacking teams to target cybercrime cartels. They're also calling for a review of cyber insurance payouts being used to fund ransoms.
North Korean hackers have been "targeting security researchers working on vulnerability research and development at different companies and organizations" to trick them into installing backdoored software that gives attackers remote access to their systems, warns Google's Threat Analysis Group.
When he co-founded the firm Beyond Identity in 2020, serial entrepreneur Jim Clark said he felt somewhat responsible for the proliferation of passwords. Now he and partner Tom Jermoluk are doing something about it. They are providing access to their passwordless technology for free. Clark explains why.
Email security vendor Mimecast confirmed Tuesday that the hackers responsible for the SolarWinds supply chain hack also breached the security firm's network to compromise a digital certificate that encrypts data that moves between some of the firm's products and Microsoft's servers.
The SolarWinds supply chain compromise has raised questions over how to detect software that has been tainted during the vendor's development and build process. A concept called verified reproducible builds could help, says David Wheeler of the Linux Foundation.
Good news on the cybercrime front: "Cryptocurrency-related crime fell significantly in 2020," compared to 2019, reports blockchain analysis firm Chainalysis. Unfortunately, in the same timeframe, ransomware profits surged 311%, stoking calls for a crackdown on ransom payments.
A Russian national who served as the administrator for the now-defunct Deer.io online clearinghouse - which sold stolen credentials, hacked servers and criminal services, such as assistance performing hacking activities - has pleaded guilty to a federal charge.
When deploying automation in their security operations centers, organizations should start with "small and simple things," advises Nat Smith of Gartner, who also offers tips on retaining skilled SOC analysts.
Security vendor SonicWall is investigating what the company calls a "coordinated attack" against its internal network by threat actors using a zero-day exploit within the company's remote access products. SonicWall is urging customers to apply temporary fixes to secure VPNs and gateways.
The new Biden administration has pledged to hold Russia accountable for its recent "reckless and adversarial" actions and has ordered a full-scale intelligence review of the SolarWinds hack. The moves signal the importance of cybersecurity to President Biden's national security agenda.
The threat posed by software supply chain attacks is growing, but organizations can take steps to minimize the risks. Trey Herr of the Atlantic Council outlines ways to gain more insight into supply chain problems.