Knowing the identity of the group behind the attack would help shed light on their possible goals, but several observers said the length of time the attackers spent in Codecov’s network and the focus on credentials indicate that they were more interested in getting access to customers’ code than the company itself.
Today’s columnists, Pascal Geenens and Daniel Smith of Radware, say that while the SolarWinds case brought supply-chain attacks into the limelight, they are not new and security teams must finally manage them more effectively.
Hackers hacking hackers: User data of the Swarmshop card shop – which trades in stolen personal and payment records – was leaked online on March 17 and posted on a different underground forum.
Some researchers argue that the situation showcases why Facebook must revisit how it handles and secures personal information.
Coral Glades High School, part of Broward County Public Schools. The $40 million ransomware attack on the district was one of a wave of cases targeting educational institutions over the last couple of weeks. (Formulanone, Public domain, via Wikimedia Commons) The Conti ransomware gang encrypted the systems at Broward County Public Schools several weeks ago and threatened to…
In a detailed update posted on the Qualys website April 2, CISO Ben Carr said that an independent, third-party forensic firm has verified the company’s initial determination that the attack did not jump from Accellion’s file transfer appliance server to Qualys’ larger corporate network.
While not great news for SolarWinds, it’s also not surprising, say researchers, considering that the software has been under the spotlight for months.
U.K.-clothing retailer FatFace has egg on its face after a botched disclosure letter customers and security professionals consider too late, too secretive and too hard to confirm.
In the words of one expert: “The theft of customer policies is the Sword of Damocles that has been hanging over the cyber insurance industry since its inception.”
The company earned kudos from security researchers for transparency and swift response, with one saying “I would have hoped to see more companies to be this responsive and forthcoming.”
