Security News

Axonius launched a new business unit focused on innovation and growth avenues beyond the existing core solution already used by hundreds of companies worldwide. After doubling its staff during the pandemic and achieving triple-digit annual recurring revenue growth in 2020, Axonius continues its rapid-growth trajectory, expanding globally and maintaining its commitment to product innovation.

Code hosting platform GitHub says it has updated its policies regarding vulnerability research, malware, and exploits, to permit dual-use security research. Previously, the policies could be considered hostile toward projects with dual-use content, but the updated guidelines aim to make it clear that GitHub "Enables, welcomes, and encourages" dual-use security research - i.e. research that can be used for both good and bad purposes.

Google has announced a new experimental Abuse Research Grants Program for abuse-related tactics and product issues outside the scope of existing Vulnerability Research Grants and the Vulnerability Reward Program. Grant amounts for the new Abuse Research Grants Program will vary from $500 up to $3,133.

Group-IB has officially announced the opening of its Middle East & Africa Threat Intelligence & Research Center in Dubai. Group-IB's leadership views the opening of its MEA Threat Intelligence & Research Center as a critical milestone toward achieving the strategic goal of building the first ever decentralized global cybersecurity company with fully operational R&D centers in the key financial hubs.

Alexandra Elbakyan, the creator of controversial research trove Sci-Hub, has claimed that Apple informed her it has handed over information about her account to the FBI. Elbakyan made the allegation in a week-old tweet that went unremarked-upon for longer than you'd imagine, given that Apple and the FBI have a history of conflict over whether the bureau should be allowed to peer into Apple customers' devices. At first I thought it was a spam and was about to delete the email, but it turned out to be about FBI requesting my data from Apple pic.

While it's true that threat hunting, incident response, and threat research all have their foundations in science, throughout my entire career I have found it is also fundamentally true that the most successful threat hunters, incident responders, and threat researchers are far more artist than scientist. When you write reports about your threat research that will be released publicly, do not simply annotate the threat you documented.

Chinese web giant Tencent's Blade Team, a security research group, showed they could circumvent payment schemes used at electric vehicle charging stations. Their exploits also changed the charging voltage and current, an act that could damage the EV. "The construction of charging stations is accelerating all over the world, but there is little research on the security of electric vehicle infrastructure," said TenCent Blade Team senior security researcher Wu HuiYu.

In an effort to support this cybersecurity strategy, ENISA releases a report intended to look into digital strategic autonomy in the EU and suggests future research directions. Digital strategic autonomy can be defined as the ability of Europe to source products and services designed to meet the EU's specific needs and values, while avoiding being subject to the influence of the outside world.

Most recently a consulting Practice Manager and Executive Security Strategist at NTT Ltd., Ireland is a technology leader with management experience in security services, consulting, financial services, healthcare, manufacturing, law enforcement and emergency services and three decades of technical experience in information security, IT systems, networks and enterprise operations. "We are so pleased to have Matt Ireland on board," said NTT Research President and CEO, Kazuhiro Gomi.

As a simple illustration, if you want to examine some opportunistic attackers, one useful technique is to search for a hot topic and add phrases like "Free download" to the search. The bigger point here is that finding examples like this did not require any sophistication beyond doing 15 minutes of creative searching from my research laptop while sitting in bed.