Security News

In general terms, a supply chain refers to the network of people and companies involved in the development of a particular product, not dissimilar to a home construction project that relies on a contractor and a web of subcontractors. The most recent case targeting federal agencies involved Russian government hackers who are believed to have sneaked malicious code into popular software that monitors computer networks of businesses and governments.

The Russian government has issued a security warning to organizations in Russia about possible retaliatory cyberattacks by the USA for the SolarWinds breach. The US government believes that this attack was conducted by a Russian state-sponsored hacking group whose goal was to steal cloud data such as email and files from high profile US corporations and government agencies.

Hidden messages, features or jokes in apps and websites are commonly known in hacker jargon as easter eggs, because they're supposed to be found and enjoyed, but they're not supposed to be immediately obvious. One of the most famous easter eggs in commercial software history - if not the most complex - was the hidden flight simulator in Microsoft Excel 97.

KABN announces that it has entered into an agreement to partner with The Campus Agency to create innovative engagement programs for Liquid Avatar to reach the US college and university student, alumni and family market. KABN NA and The Campus Agency will be working together to engage micro-influencers, develop and launch innovative engagement and Augmented Reality programs to introduce the college and university market to the Liquid Avatar and KABN value programs.

Ransomware attacks took a heavy toll on the United States last year with more than 2,000 victims in government, education and health care, security researchers say in a new report. The study released Monday by the security firm Emsisoft said ransomware attacks - which encrypt and disable computer systems while demanding a ransom - affected 113 federal, state and municipal governments, 560 health facilities and 1,681 schools, colleges and universities last year.

Such attacks often occur when employees work remotely and use a mixture of personal and business devices to access cloud services. Organizations with remote workers who use cloud-based services are being warned of several recent successful cyberattacks against those services.

VComply announced the close of a preemptive $6 million Series A in funding from Counterpart Ventures and Accel, which will help further fuel the company's go to market operations in the US. Since its founding in early 2019, VComply has built an acclaimed governance, risk and compliance platform that streamlines operations in this historically opaque sector of corporate operations, where complexity is increasing due to new privacy regulations and more businesses operating in the cloud on a global scale. "Harshvardhan Kariwala, founder and CEO of VComply, said:"Our team has been heads down on product development for the past year, continuing to develop our next-gen solution to a long-time problem of managing GRC. "While we still have lion's share of our seed round proceeds, this opportunistic round came together quickly, and will allow us to step on the accelerator to bring out solutions to a wider market."

"I think the stars are better aligned than ever in the past," Keith Enright, Google's chief data privacy office, told a discussion Tuesday on trust and privacy. The European Union's General Data Protection Regulation, which has applied since May 2018, has largely contributed to making consumers aware of the issues related to the data that they submit to large digital platforms on a daily basis.

I was floored on Wednesday when, glued to my television, I saw police in some areas of the U.S. Capitol using little more than those same mobile gates I had the ones that look like bike racks that can hook together to try to keep the crowds away from sensitive areas and, later, push back people intent on accessing the grounds. That's the same equipment and approximately the same amount of force I was able to use when a group of fans got a little feisty and tried to get backstage at a Vanilla Ice show.

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company's software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. According to SolarWinds and a technical analysis from CrowdStrike, the intruders were trying to work out whether their "Sunspot" malware - designed specifically for use in undermining SolarWinds' software development process - could successfully insert their malicious "Sunburst" backdoor into Orion products without tripping any alarms or alerting Orion developers.