Investigators probing the supply chain attack that hit SolarWinds say attackers successfully hacked the company's Microsoft Visual Studio development tools to add a backdoor into Orion network monitoring security software builds. They warn that other vendors may have been similarly subverted.
Terabytes' worth of posts, images and videos from conservative social media site Parler have been forcibly obtained by security researchers who have archived the material for investigators in the wake of the violent riot at the U.S. Capitol.
A global law enforcement operation has taken down DarkMarket, which Europol describes as the world's largest underground marketplace of illegal goods on the dark web. The market has generated about $170 million in revenue selling drugs, malware, credit cards and more, officials say.
The new year has kicked off with a flurry of data security company acquisition activity; five deals have already been announced. Companies making acquisitions are striving to improve their secure access service edge - or SASE - posture, enter new markets or bolster their technology portfolios.
A vulnerability in a GitHub repository belonging to the United Nations Environment Program exposed over 100,000 employee records, including personally identifiable information, contact details and other sensitive data, according to a group of independent security researchers. The flaw has been patched.
Sentinel Labs researchers have identified an updated version of the cryptominer OSAMiner that targets the macOS operating system to mine for monero. The latest iteration uses new techniques to help prevent detection by security tools.
Many companies claim to be successfully using artificial intelligence for security, but the use cases are still not convincing because the technology is incapable of detecting unknown malware, says Guy Sheppard of SWIFT.
The "Sunburst" backdoor deployed in the breach of SolarWinds' Orion network monitoring tool uses some of the same code found in the "Kazuar" backdoor, which security researchers have previously tied to Russian hackers, the security firm Kaspersky reports.
Information security and privacy professionals responsible for safeguarding personal information have been left in limbo as the U.K. exits the EU. But the transfer of Europeans' data from EU member nations to the U.K. can continue unimpeded for six months until the EU makes a final ruling on the issue.
The Reserve Bank of New Zealand disclosed Sunday that hackers infiltrated its network after compromising its file-sharing system from Accellion. The nation's central bank says the attack may have exposed commercial and consumer information, and other Accellion customers also had systems compromised.
Investigators probing the violent storming of the U.S. Capitol by a mob on Wednesday have been seeking images and help in identifying suspects. The FBI, which is leading the investigation, has a range of investigative tools and technologies to help, including facial recognition software.
Adam Turteltaub, chief engagement and strategy officer at the Society of Corporate Compliance and Ethics, says compliance teams should create a dashboard of data that will help keep track of actions taken by staff members who are working remotely.