Security News

Fortune 500 integrated services firm R.R.Donnelley & Sons is the latest victim of the hacking collective known as the Conti Group. RRD didn't name the perpetrator of the attack in the filing.

A Russian national working for a cybersecurity company has been extradited to the U.S. where he is being charged for hacking into computer networks of two U.S.-based filing agents used by multiple companies to file quarterly and annual earnings through the Securities and Exchange Commissions system. The defendants used compromised employee credentials to access the networks of the targeted filing agent and view or download data related to earnings of multiple companies, including SEC filings and press releases.

In this Help Net Security interview, Cindy Blake, Senior Security Evangelist at GitLab, talks about the importance of integrating security in DevSecOps and how to overcome the complexity of such integration. The good news is many organizations have shifted security left, or at least started on their journey, in an effort to improve development velocity while also managing security risks - in fact, the survey also found that 35.9% develop software using DevSecOps, as compared to only 27% in 2020.

The Securities and Exchange Commission has warned US investors of scammers impersonating SEC officials in government impersonator schemes via phone calls, voicemails, emails, and letters. The alert comes from SEC's Office of Investor Education and Advocacy, which regularly issues warnings to inform investors about the latest developments in investment frauds and scams.

The US Securities and Exchange Commission has warned investors to be "Extremely wary" of potential investment scams related to Hurricane Ida's aftermath. This alert comes from SEC's Office of Investor Education and Advocacy, which regularly issues investor alerts to warn investors about the latest investment frauds and scams.

US markets watchdog the Securities and Exchanges Commission has begun a probe into last year's SolarWinds cyberattack, in a bid to find out who else might have been compromised. The news agency also said the SEC is keen to know whether "Public companies that had been victims had experienced a lapse of internal controls, and related information on insider trading", which could also involve issues around data protection.

Phishers tricking users via fake LinkedIn Private Shared DocumentPhishers are trying to trick users into opening a "LinkedIn Private Shared Document" and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warns. Apple details major security, privacy enhancements in its devicesApple has released on Thursday a newer version of its Platform Security Guide, outlining the security and privacy innovations and improvements its users will be able to take advantage of.

"In my experience, this is due to the 'I'm from Security and I'm here to save you' mentality that continues to pervade the security industry, and the only way to overcome this is with a big bucket of humility," he noted. "Security has not actually spent the last 20 years doing a good job of 'security things' and we do not have a strong position to say that we have all of the answers. I know that it sounds relatively simplistic, but it really is a case of taking the path of the beginner's mind and working with developers, operators, and DevOps staff to learn their perspective and then apply domain-specific security knowledge."

The US State Department and Secret Service offered $2 million in reward money Wednesday for help capturing two Ukrainians charged with hacking and selling valuable insider corporate information from the Securities and Exchange Commission. The agencies offered a bounty of $1 million each for information leading to the arrest and/or conviction of Artem Viacheslavovich Radchenko and Oleksandr Vitalyevich Ieremenko on charges of international cybercrime.

The United States Securities and Exchange Commission last week announced that it reached a settlement with two of the traders charged last year over their roles in a scheme that involved hacking the organization's EDGAR electronic filing system. The SEC revealed in September 2017 that a breach of its EDGAR system detected in 2016 had allowed hackers to obtain non-public information that was used by some traders to make a profit.