Knowing the identity of the group behind the attack would help shed light on their possible goals, but several observers said the length of time the attackers spent in Codecov’s network and the focus on credentials indicate that they were more interested in getting access to customers’ code than the company itself.
Anticipated for months, the Biden administration unveiled a sweeping set of sanctions and other actions against the Russian government, as well as private individuals and a number of Russian tech and defense companies. While applauded in cyber circles, some remain skeptical that the efforts will deter Moscow’s cyberespionage efforts.
2020 brought with it record levels of investment, with a combined $7.8 billion poured into cybersecurity startups. 2021 is shaping up even better, with some predicting $15 billion in investments by year end.
A technique known as radio frequency (RF) fingerprinting could be leveraged to give unique ID to the billions of rogue IoT devices lurking within home and business networks.
An alleged plot to blow up an AWS datacenter in Virginia would have caused damage, but standard backup and recovery practices of tier one cloud providers would have prevented “70% of the internet” getting shutdown as intended.
Activists launched a campaign to pressure Spotify to abandon plans for an AI-powered system that listens to your conversations in order to recommend music choices. The controversy spotlights a challenge faced by some of the most tech savvy companies: how to walk the line between innovation that serves the innate desires of consumers, and violation of their rights for information security and privacy.
It’s a sign that software security – and open-source security in particular – is increasingly top of mind for investors as industry and governments respond to a series of damaging software-based hacks carried out by nation state actors over the past year.
It’s use in Trickbot and BazarLoader campaigns puts EtterSilent at the front end of attack chains for two of the most popular ransomware precursors in the world.
The push and pull between the military and security researchers is indicative of more widespread tensions that needs to be surmounted if the Pentagon wants to secure its contracting base.
In a detailed update posted on the Qualys website April 2, CISO Ben Carr said that an independent, third-party forensic firm has verified the company’s initial determination that the attack did not jump from Accellion’s file transfer appliance server to Qualys’ larger corporate network.
