This year was rife with ransomware. 2021 witnessed the attack on IT software company Kaseya that knocked 1,500 organizations offline, the CD Projekt Red hack that saw threat actors make off with source code for games including Cyberpunk 2077 and The Witcher 3, and several high-profile attacks targeting big-name tech companies, from Olympus to Fujitsu and […]
6 things in cybersecurity we didn’t know last year
The past twelve months in cybersecurity have been a rough ride. In cybersecurity, everything is broken — it’s just a matter of finding it — and this year felt like everything broke at once, especially towards the end of the year. But for better or worse, we end the year knowing more than we did […]
ZeroFox goes public in $1.4B SPAC deal
ZeroFox, an enterprise threat intelligence cybersecurity startup that helps companies detect risks found on social media, has announced plans to become a publicly traded company via a merger with blank-check company L&F Acquisition. As part of the transaction, Maryland-based ZeroFox — which has raised more than $154 million in funding since it was founded in […]
Apple iCloud, Twitter and Minecraft vulnerable to ‘ubiquitous’ zero-day exploit
A number of popular services, including Apple iCloud, Twitter, Cloudflare, Minecraft and Steam, are reportedly vulnerable to a zero-day exploit affecting a popular Java logging library. The vulnerability, dubbed “Log4Shell” by researchers at LunaSec and credited to Chen Zhaojun of Alibaba, has been found in Apache Log4j, an open source logging utility that’s used in […]
Microsoft seizes control of websites used by China-backed hackers
Microsoft has seized control of a number of websites that were being used by a Chinese government-backed hacking group to target organizations in 29 countries, including the U.S. Microsoft’s Digital Crimes Unit (DCI) said on Monday that a federal court in Virginia had granted an order allowing the company to take control of the websites […]
The defensive power of diversity in cybersecurity
In cybersecurity, where success often relies on doing the unexpected, diversity of thought is a valuable weapon.
Is the UK government’s new IoT cybersecurity bill fit for purpose?
Internet of Things (IoT) devices — essentially, electronics like fitness trackers and smart lightbulbs that connect to the internet — are now part of everyday life for most. However, cybersecurity remains a problem, and according to Kaspersky, it’s only getting worse: there were 1.5 billion breaches of IoT devices during the first six months of […]
US education software company exposed personal data of 1.2M students
SmarterSelect, a U.S.-based company that provides software for managing the application process for scholarships, exposed the personal data of thousands of applicants because of a misconfigured Google Cloud Storage bucket. The data spill, discovered by cybersecurity company UpGuard, contained 1.5 terabytes of data collected by a number of programs that offer financial support to students. […]
US banks must soon report significant cybersecurity incidents within 36 hours
U.S. financial regulators have approved a new rule that requires banking organizations to report any “significant” cybersecurity incident within 36 hours of discovery. Under the rule, banks must inform their primary federal regulator about incidents that have — or are reasonably likely to materially affect — the viability of their operations, their ability to deliver […]
US says Iran-backed hackers are now targeting organizations with ransomware
The U.S. government, along with counterparts in Australia and the U.K, have warned that Iranian state-backed hackers are targeting U.S. organizations in critical infrastructure sectors — in some cases with ransomware. The rare warning linking Iran with ransomware landed in a joint advisory Wednesday, issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal […]