6 things in cybersecurity we didn’t know last year

The past twelve months in cybersecurity have been a rough ride. In cybersecurity, everything is broken — it’s just a matter of finding it — and this year felt like everything broke at once, especially towards the end of the year. But for better or worse, we end the year knowing more than we did […]

ZeroFox goes public in $1.4B SPAC deal

ZeroFox, an enterprise threat intelligence cybersecurity startup that helps companies detect risks found on social media, has announced plans to become a publicly traded company via a merger with blank-check company L&F Acquisition. As part of the transaction, Maryland-based ZeroFox — which has raised more than $154 million in funding since it was founded in […]

Apple iCloud, Twitter and Minecraft vulnerable to ‘ubiquitous’ zero-day exploit

A number of popular services, including Apple iCloud, Twitter, Cloudflare, Minecraft and Steam, are reportedly vulnerable to a zero-day exploit affecting a popular Java logging library. The vulnerability, dubbed “Log4Shell” by researchers at LunaSec and credited to Chen Zhaojun of Alibaba, has been found in Apache Log4j, an open source logging utility that’s used in […]

Microsoft seizes control of websites used by China-backed hackers

Microsoft has seized control of a number of websites that were being used by a Chinese government-backed hacking group to target organizations in 29 countries, including the U.S. Microsoft’s Digital Crimes Unit (DCI) said on Monday that a federal court in Virginia had granted an order allowing the company to take control of the websites […]

Is the UK government’s new IoT cybersecurity bill fit for purpose?

Internet of Things (IoT) devices — essentially, electronics like fitness trackers and smart lightbulbs that connect to the internet — are now part of everyday life for most. However, cybersecurity remains a problem, and according to Kaspersky, it’s only getting worse: there were 1.5 billion breaches of IoT devices during the first six months of […]

US banks must soon report significant cybersecurity incidents within 36 hours

U.S. financial regulators have approved a new rule that requires banking organizations to report any “significant” cybersecurity incident within 36 hours of discovery.  Under the rule, banks must inform their primary federal regulator about incidents that have — or are reasonably likely to materially affect — the viability of their operations, their ability to deliver […]

Cloudflare blocked a massive 2 Tbps DDoS attack

Cloudflare says it has blocked a distributed denial-of-service (DDoS) attack that peaked at just under 2 Tbps, making it one of the largest ever recorded. The internet company said in a blog post that the attack was launched from approximately 15,000 bots running a variant of the original Mirai code on exploited Internet of Things […]

Google to give security keys to ‘high risk’ users targeted by government hackers

Google has said it will provide 10,000 “high-risk” users with free hardware security keys, days after the company warned thousands of Gmail users that they were targeted by state-sponsored hackers. The warning, sent by Google’s Threat Analysis Group (TAG), alerted more than 14,000 Gmail users that they had been targeted in a state-sponsored phishing campaign […]