Security News

Microsoft has now confirmed that the Russian cyberspies who broke into its executives' email accounts stole source code and gained access to internal systems. In an updated US Securities and Exchange filing and companion security post, Microsoft provided more details about the breach, which it originally disclosed in January.

Microsoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January...

Python Risk Identification Tool is Microsoft's open-source automation framework that enables security professionals and machine learning engineers to find risks in generative AI systems. It started as a collection of individual scripts used during the team's initial foray into red teaming generative AI systems in 2022.

Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML...

The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The...

The story has been updated to clarify that the Hessen Consumer Center is not part of the government. The Hessen Consumer Center in Germany has been hit with a ransomware attack, causing IT systems to shut down and temporarily disrupting its availability.

The German state of Hessen has been hit with a ransomware attack, causing the government to shut down IT systems and disrupting the availability of its consumer advice center. Hessen is a state in central Germany with over six million people that encompasses Frankfurt, the country's second-largest metropolitan area and a major financial center.

While every organization's specific security needs form a unique and complex blend of interconnected requirements, numerous security fundamentals almost always apply to each of these groups. It stands to reason that cybersecurity pros who effectively identify network and systems risks and who standardize methods of mitigating those vulnerabilities are likely to experience less stress and volatility.

Taking these systems offline to upgrade them with better security can be difficult and very expensive, if it can be done at all. "Ideally this process would start with an accurate inventory of the infrastructure and systems you have, which sounds simple enough," adds Grant Bailey, Solutions Engineer with Claroty.

Prudential Financial, the second largest life insurance company in the US and eight largest worldwide, is dealing with a digital break-in that exposed some internal company and customer records to a criminal group. "Confirmation of the"material cybersecurity incident" was made in an 8K filing [PDF] the corporation deposited with the SEC. "On February 5, 2024, Prudential Financial detected that, beginning February 4, 2024, a threat actor had gained unauthorized access to certain of our systems.