Information

12 Jun

History revisited: US DOJ unseals Mt. Gox cybercrime charges

Information

by Naked Security writer Remember Mt. Gox? Originally, it was a card-trading site called MTGOX, short for Magic The Gathering Online Exchange (there was no sense of “Mountain” in the name at all), but the domain changed hands and purpose in the early days of cryptocurrency. Operated out of Japan by French expatriate Mark Karpelès, Mt. Gox rapidly became the biggest online Bitcoin exchange, but imploded in 2014 when the company was forced to admit…

Read More
12 Jun

US Government Provides Guidance on Software Security Guarantee Requirements

Information, News

The US Office of Management and Budget (OMB) has issued new guidance on when and how federal agencies should collect security guarantees from software vendors. Building on the cybersecurity executive order that President Joe Biden signed in May 2021, the OMB last year published a memorandum (M-22-18) requiring federal agencies to obtain from software vendors guarantees that the software they provide is secure. Per M-22-18, federal agencies are required to obtain attestation for all software…

Read More
10 Jun

Mixing cybercrime and cyberespionage – Week in security with Tony Anscombe

Information

A crimeware group that usually targets individuals and SMBs in North America and Europe adds cyberespionage to its activities It’s rather rare to find a cybercrime group that ventures into cyberespionage, which alone makes new ESET research all the more interesting. According to ESET experts, a cybercrime group known as Asylum Ambuscade – which usually targets individuals, SMBs, bank customers, and cryptocurrency traders in North America and Europe – has added cyberespionage to its activities.…

Read More
10 Jun

More MOVEit mitigations: new patches published for further protection

Information

by Paul Ducklin Even if you’re not a MOVEit customer, and even if you’d never heard of the MOVEit file sharing software before the end of last month… …we suspect you’ve heard of it now. That’s because the MOVEit brand name has been all over the IT and mainstream media for the last week or so, due to an unfortunate security hole dubbed CVE-2023-34362, which turned out to be what’s known in the jargon as…

Read More
09 Jun

Asylum Ambuscade: crimeware or cyberespionage?

Information

A curious case of a threat actor at the border between crimeware and cyberespionage Asylum Ambuscade is a cybercrime group that has been performing cyberespionage operations on the side. They were first publicly outed in March 2022 by Proofpoint researchers after the group targeted European government staff involved in helping Ukrainian refugees, just a few weeks after the start of the Russia-Ukraine war. In this blogpost, we provide details about the early 2022 espionage campaign…

Read More
09 Jun

Thoughts on scheduled password changes (don’t call them rotations!)

Information

by Paul Ducklin We’re all still using passwords on many, perhaps most, of our accounts, because we’re all still using plenty of online services that don’t offer any other sort of login system. Just today, for instance, I paid membership fees to a cycling-related group that asked for my postal address so it could send me my membership card, which I thought was a delightfully simple and old-school way of letting me retrieve my membership…

Read More
09 Jun

In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption

Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless crucial for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
09 Jun

Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats

Information, News

Cybersecurity company Blackpoint Cyber this week announced that it has raised $190 million in a growth funding round led by Bain Capital Tech Opportunities. Accel also participated in Blackpoint’s third investment round, which has brought the total raised by the company to just over $200 million. Founded in 2014, Blackpoint provides an advanced security suite via managed service providers (MSPs), helping them keep customers safe. According to Blackpoint, its Managed Detection and Response (MDR) technology…

Read More
09 Jun

Google Introduces SAIF, a Framework for Secure AI Development and Use

Information, News

The Google SAIF (Secure AI Framework) is designed to provide a security framework or ecosystem for the development, use and protection of AI systems. All new technologies bring new opportunities, threats, and risks. As business concentrates on harnessing opportunities, threats and risks can be overlooked. With AI, this could be disastrous for business, business customers, and people in general. SAIF offers six core elements to ensure maximum security in AI. Expand strong security foundations to…

Read More
08 Jun

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Information, Insights

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no…

Read More