Security News

The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned...

The research lab says in breach notification letters filed with the Maine Attorney General's Office this week that the attackers exfiltrated the data of 45,047 current and former employees, as well as their dependents and spouses. "The event did not impact INL's own network, or other networks or databases used by employees, lab customers or other contractors. The breach only impacted the cloud-based Oracle HCM test environment that resides off-site."INL said.

The North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors...

INL is a nuclear research center run by the U.S. Department of Energy that employs 5,700 specialists in atomic energy, integrated energy, and national security. The INL complex extends over an 890-square-mile area, encompassing 50 experimental nuclear reactors, including the first ones in history to produce usable amounts of electricity and the first power plant designed for nuclear submarines.

Ransomware crooks claim they've stolen data from a firm that helps other organizations run medical trials after one of its executives had their cellphone number and accounts hijacked. The Register understands one or more people close to or affiliated with the notorious Alphv, aka BlackCat, extortion gang managed to get into a work account of an exec at Advarra and may have copied out at least some information from the business.

Sonatype's 9th annual State of the Software Supply Chain also covers regulations and how AI could help developers protect organizations from security risks. Attacks on software supply chains increased dramatically in 2023, with an increase of 200% compared to 2022, according to Sonatype's new report.

Cephalopods such as octopuses and squid could soon receive the same legal protection as mice and monkeys do when they are used in research. On 7 September, the US National Institutes of Health asked for feedback on proposed guidelines that, for the first time in the United States, would require research projects involving cephalopods to be approved by an ethics board before receiving federal funding.

What does optimal software security analysis look like?In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security. Apple offers security researchers specialized iPhones to tinker withApple is inviting security researchers to apply for its Security Research Device Program again, to discover vulnerabilities and earn bug bounties.

Adversary-sponsored research contests on cybercriminal forums focus on new methods of attack and evasion, according to Sophos. The contests mirror legitimate security conference 'Call For Papers' and provide the winners considerable financial rewards and recognition from peers and also potential jobs.

Apple announced today that iOS security researchers can now apply for a Security Research Device by the end of October. The company added that iPhones provided through the Security Research Device Program should only be used by authorized people and never leave the premises of the security research facility.