Cyrebro, a specialist in cloud-based security ops, locks down $40M

Cyrebro, a specialist in cloud-based security ops, locks down $40M

The cloud, and the growing number of assets that are held and used within cloud services, have become a major focus in cybersecurity over the years. Today, a startup that’s leveraging the cloud in a different way — to run a security operations center within it — is announcing a round of funding to expand […]

Read more
North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US energy companies

North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US energy companies

Security researchers have linked a new cyber espionage campaign targeting U.S., Canadian and Japanese energy providers to the North Korean state-sponsored Lazarus hacking group. Threat intelligence company Cisco Talos said Thursday that it has observed Lazarus — also known as APT38 — targeting unnamed energy providers in the United States, Canada and Japan between February […]

Read more
Cymulate snaps up $70M to help cybersecurity teams stress test their networks with attack simulations

Cymulate snaps up $70M to help cybersecurity teams stress test their networks with attack simulations

The cost of cybercrime has been growing at an alarming rate of 15% per year, projected to reach $10.5 trillion by 2025. To cope with the challenges that this poses, organizations are turning to a growing range of AI-powered tools to supplement their existing security software and the work of their security teams. Today, a […]

Read more
UK mobile and broadband carriers face fines of $117K/day, or 10% of sales, if they fail to follow new cybersecurity rules

UK mobile and broadband carriers face fines of $117K/day, or 10% of sales, if they fail to follow new cybersecurity rules

More than three years in the making, the UK government today announced a new, sweeping set of rules it will be imposing on broadband and mobile carriers to tighten up their network security against cyber attacks — aimed at being “among the strongest in the world” when they are rolled out, said the Department for […]

Read more
Twilio says breach also compromised Authy two-factor app users

Twilio says breach also compromised Authy two-factor app users

U.S. messaging giant Twilio has confirmed hackers also compromised the accounts of some Authy users as part of a wider breach of Twilio’s systems. Authy is Twilio’s two-factor authentication (2FA) app it acquired in 2015. Twilio’s breach earlier this month, which saw malicious actors accessing the data of over 100 Twilio customers after successfully phishing […]

Read more
Twilio hackers breached over 130 organizations during months-long hacking spree

Twilio hackers breached over 130 organizations during months-long hacking spree

The hackers that breached Twilio earlier this month also compromised over 130 organizations during their hacking spree that netted the credentials of close to 10,000 employees. Twilio’s recent network intrusion allowed the hackers access the data of 125 Twilio customers and companies — including end-to-end encrypted messaging app Signal — after tricking employees into handing […]

Read more
Ex-security chief accuses Twitter of cybersecurity mismanagement in an explosive whistleblower complaint

Ex-security chief accuses Twitter of cybersecurity mismanagement in an explosive whistleblower complaint

Twitter’s former head of security, Peiter “Mudge” Zatko, has accused his former employer of cybersecurity negligence in an explosive whistleblower complaint first obtained by CNN and The Washington Post. Zatko, a well-known hacker, was recruited by Twitter to head up the company’s security division in late-2020, months after a very public breach saw hackers hijack […]

Read more
LockBit ransomware group downed by DDoS after claiming Entrust breach

LockBit ransomware group downed by DDoS after claiming Entrust breach

The LockBit ransomware gang is claiming responsibility for the July cyberattack against cybersecurity giant Entrust, but with a twist — the group is also accusing its latest victim of a counterattack. Entrust, which describes itself as a global leader in identities, payments and data protection, said in late July that an “unauthorized party” accessed parts […]

Read more
A newly discovered malware hijacks Facebook Business accounts

A newly discovered malware hijacks Facebook Business accounts

An ongoing cybercriminal operation is targeting digital marketing and human resources professionals in an effort to hijack Facebook Business accounts using a newly discovered data-stealing malware. Researchers at WithSecure, the enterprise spin-off of security giant F-Secure, discovered the ongoing campaign they dubbed Ducktail and found evidence to suggest that a Vietnamese threat actor has been […]

Read more
Russian hackers behind SolarWinds are now hiding malware in Google Drive

Russian hackers behind SolarWinds are now hiding malware in Google Drive

The Russia-linked hacking group behind the infamous SolarWinds espionage campaign is now using Google Drive to stealthily deliver malware to its latest victims. That’s according to researchers at Palo Alto Networks’ Unit 42 threat intelligence team, who said on Tuesday that the Russian Foreign Intelligence Service (SVR) hacking unit — tracked as “Cloaked Ursa” by Unit 42 […]

Read more