Security News

Microsoft plans to boot security vendors out of the Windows kernel
2024-11-19 18:43

Microsoft has announced the Windows Resiliency Initiative, aimed at avoiding a repeat of the prolonged worldwide IT outage caused by a buggy CrowdStrike update that took down millions of Windows...

1 in 10 orgs dumping their security vendors after CrowdStrike outage
2024-09-19 16:13

Many left reeling from July's IT meltdown, but not to worry, it was all unavoidable Germany's Federal Office for Information Security (BSI) says one in ten organizations in the country affected by...

Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors
2024-08-29 13:04

The Russian state-sponsored APT29 hacking group has been observed using the same iOS and Android exploits created by commercial spyware vendors in a series of cyberattacks between November 2023...

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they?
2024-08-14 05:00

In a potentially groundbreaking dispute, Delta Air Lines is threatening to sue CrowdStrike, a leading cybersecurity firm, for alleged negligence and breach of contract. This case brings to the...

Sports venues must vet their vendors to maintain security
2024-08-07 04:30

The sports and entertainment sectors are distinct from other industries and continue to face numerous threats and challenges. In our highly connected world, the rise of digital twins and collaboration across various platforms is transforming the sports landscape into an interconnected business network.

Secure Boot useless on hundreds of PCs from major vendors after key leak
2024-07-29 01:58

Infosec in brief Protecting computers' BIOS and the boot process is essential for modern security - but knowing it's important isn't the same as actually taking steps to do it. Take the research published last week by security boffins at firmware security vendor Binarily.

Third-party vendors pose serious cybersecurity threat to national security
2024-06-04 04:00

In this Help Net Security video, Paul Prudhomme, Principal Security Analyst at SecurityScorecard, discusses the findings of the 2024 Redefining Resilience: Concentrated Cyber Risk in a Global...

Google: Spyware vendors behind 50% of zero-days exploited in 2023
2024-03-27 13:00

Google's Threat Analysis Group and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients. Among these, the FIN11 threat group exploited three separate zero-day vulnerabilities, while at least four ransomware groups exploited another four zero-days.

Google says spyware vendors behind most zero-days it discovers
2024-02-06 17:27

Commercial spyware vendors were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group discovered in 2023 and used to spy on devices worldwide. Google's TAG has been following the activities of 40 commercial spyware vendors to detect exploitation attempts, protect users of its products, and help safeguard the broader community by reporting key findings to the appropriate parties.

CISA: Vendors must secure SOHO routers against Volt Typhoon attacks
2024-01-31 16:14

CISA has urged manufacturers of small office/home office routers to ensure their devices' security against ongoing attacks attempting to hijack them, especially those coordinated by Chinese state-backed hacking group Volt Typhoon. Threat actors are compromising many such devices, taking advantage of the sheer numbers of SOHO routers used by Americans and using them as launchpads in attacks targeting U.S. critical infrastructure organizations.