Security News

Such attacks often occur when employees work remotely and use a mixture of personal and business devices to access cloud services. Organizations with remote workers who use cloud-based services are being warned of several recent successful cyberattacks against those services.

VComply announced the close of a preemptive $6 million Series A in funding from Counterpart Ventures and Accel, which will help further fuel the company's go to market operations in the US. Since its founding in early 2019, VComply has built an acclaimed governance, risk and compliance platform that streamlines operations in this historically opaque sector of corporate operations, where complexity is increasing due to new privacy regulations and more businesses operating in the cloud on a global scale. "Harshvardhan Kariwala, founder and CEO of VComply, said:"Our team has been heads down on product development for the past year, continuing to develop our next-gen solution to a long-time problem of managing GRC. "While we still have lion's share of our seed round proceeds, this opportunistic round came together quickly, and will allow us to step on the accelerator to bring out solutions to a wider market."

"I think the stars are better aligned than ever in the past," Keith Enright, Google's chief data privacy office, told a discussion Tuesday on trust and privacy. The European Union's General Data Protection Regulation, which has applied since May 2018, has largely contributed to making consumers aware of the issues related to the data that they submit to large digital platforms on a daily basis.

I was floored on Wednesday when, glued to my television, I saw police in some areas of the U.S. Capitol using little more than those same mobile gates I had the ones that look like bike racks that can hook together to try to keep the crowds away from sensitive areas and, later, push back people intent on accessing the grounds. That's the same equipment and approximately the same amount of force I was able to use when a group of fans got a little feisty and tried to get backstage at a Vanilla Ice show.

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company's software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. According to SolarWinds and a technical analysis from CrowdStrike, the intruders were trying to work out whether their "Sunspot" malware - designed specifically for use in undermining SolarWinds' software development process - could successfully insert their malicious "Sunburst" backdoor into Orion products without tripping any alarms or alerting Orion developers.

Some states have enacted privacy laws, and the federal government has enacted industry-specific laws - HIPAA, Gramm-Leach-Bliley Act and FCRA - but there is no single, homogeneous enforceable set of data privacy guidelines that all US companies are required to follow. With the emergence of stronger privacy laws abroad, the absence of national data privacy regulation in the US is making it harder for US companies to compete for global partners.

Director of National Intelligence John Ratcliffe announced that the US Space Force is the ninth Department of Defense component to join the US Intelligence Community. "Today, we took action to elevate space intelligence missions, tradecraft, and collaboration to ensure the success of the Space Force, the Intelligence Community, and ultimately our National Security," Chief of Space Operations Gen. John W. Raymond said.

The SolarWinds hack exposed sealed US court documents - which could have a serious effect on Western sanctions against state-backed hackers. Infosec journalist Brian Krebs reported a US Courts Administrative Office statement about the impact of the Russian-backed SolarWinds hack, quoting an anonymous source as saying that the agency was "Hit hard".

The Administrative Office of the U.S. Courts is investigating a potential compromise of the federal courts' case management and electronic case files system which stores millions of highly sensitive and confidential judiciary records. US Judiciary is also working on immediately adding extra safeguards and security procedures to protect the highly sensitive court documents filed with the courts.

The United States has pinned the blame on Russia for a devastating cyberattack campaign that has hit government agencies and corporations across the country. In a joint statement, the agencies said that the work "Indicates that an Advanced Persistent Threat actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks." Further, the group said it believes the incident was designed as an intelligence gathering effort, which means a surveillance operation aimed at finding confidential and sensitive information.