The U.S. Department of Defense uncovered almost 350 vulnerabilities in the department's networks as part of its experimental bug bounty program launched on American Independence Day. The week-long bug bounty challenge called "Hack U.S." ran from July 4 to July 11.
North Korean is using weaponized versions of open source utilities to spy on the technology, defense and entertainment sectors worldwide. Microsoft says it spotted fake profiles of supposed job recruiters who really are Pyongyang hackers manipulating victims into downloading Trojans.
Cloudflare has joined forces with 26 venture capital firms to provide up to $1.25 billion in financing to startups building on the company's developer platform. The Workers Launchpad Funding Program will connect developers with investors around the world to scale their startups faster.
A Maryland couple faces federal indictment for an alleged conspiracy to provide the Russian government with military medical records. Anna Gabrielian and U.S. Army Maj. Jamie Lee Henry supplied an undercover FBI agent with medical records of military personnel.
Security firms must increasingly follow U.S. government security requirements even if they don't serve federal agencies themselves, says Avi Shua, Orca Security co-founder and CEO. That's because cloud vendors such as Orca often serve businesses that contract or subcontract with the U.S. government.
In the latest weekly update, ISMG editors discuss how organizations can comply with the new PCI DSS 4.0 requirements, whether other countries should follow the U.S. lead on legislating software bills of materials, and key strategies for CISOs preparing for an economic downturn.
Hackers, possibly Chinese, are exploiting Microsoft Exchange zero-day vulnerabilities to apparently implant backdoors and steal credentials. The computing giant says it doesn't yet have a patch, telling systems administrators to instead implement workarounds.
Atos turned down an unsolicited $4.12 billion offer from rival Onepoint to acquire the French conglomerate's $4.8 billion cybersecurity, big data and digital business. Atos received a letter of intent Tuesday related to the acquisition of its Evidian business by Onepoint and private equity fund ICG.
A watchdog security audit of a south Texas VA center identified a variety of deficiencies related to legacy systems still in use years after no longer being supported with vendor updates. The findings represent the state of security at many organizations across the healthcare sector, experts say.
Zscaler has bought out of stealth a startup established by the founders of Lacework to automate security management and dramatically reduce incident resolution time. ShiftRight will give customers real-time visibility into their security posture and help them manage an influx of risks and incidents.
Hackers may shift malware attacks into technical environments beyond the reach of endpoint detection and response, says Mandiant. The threat intel firm says it uncovered a novel malware family targeting VMware hypervisors and virtual machine appliances.
Cloud migration in multiple environments is now deemed mission-critical, but also comes with unique security risks. How are organizations increasingly targeted - and responding? Daniel Schrader and John McDonough of Fortinet outline the present and future of cloud security.
Over his 23-year career in cybersecurity, Tom Kellermann has focused on policy, endpoints and even strategic investments. Now, in his new role as senior vice president of cyber strategy at Contrast Security, his mission is to protect code security - particularly in the public and financial sectors.
The Department of Treasury and the Cybersecurity and Infrastructure Security Agency are soliciting comments on whether risks to critical infrastructure from a catastrophic cyberattack - and the concurrent potential for ruinous financial exposure by insurers - should lead to a new federal approach.
American Airlines says unauthorized access to its email system is behind a July data breach incident affecting more than 1,700 individuals. Someone synced with an employee's inbox to send out phishing emails that appeared to come from the Texas-based airliner.