News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless crucial for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More

The US Justice Department on Thursday announced charges against a third Russian national allegedly involved in deploying the LockBit ransomware. The man, Ruslan Magomedovich Astamirov, 20, of Chechen Republic, Russia, who was arrested in Arizona, allegedly owned, controlled, and used multiple IP addresses, email addresses, and other online accounts to deploy the LockBit ransomware and communicate with victims. According to court documents, in at least one instance, authorities were able to trace a victim’s payment…

Read More

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have published new guidance to help organizations harden baseboard management controllers (BMCs). Typically part of a motherboard, a BMC is a specialized service processor used for monitoring the physical state of a system, server, or other device, collecting information such as temperature, voltage, humidity, and fan speeds. Operating separately from the operating system and the system’s firmware (such as BIOS and UEFI),…

Read More

Security researchers at Microsoft are publicly outing a new APT group linked to Russia’s General Staff Main Intelligence Directorate (GRU), warning that the threat actor has worked on destructive wiper malware attacks that hit organizations in Ukraine. A new report from Redmond’s threat intelligence team tagged the group as ‘Cadet Blizzard’ and documented signs and evidence that adds clarity to the scope and usage of malware in a wartime environment. “[The] emergence of a novel…

Read More

Microsoft’s security response team on Tuesday rolled out a massive batch of software updates to address major security gaps in its flagship Windows operating system and software components. Redmond’s monthly Patch Tuesday updates cover at least 70 documented vulnerabilities affecting the Windows ecosystem, including six critical issues that expose users to dangerous code execution attacks. According to Microsoft, none of the vulnerabilities have been publicly discussed or exploited in the wild. Windows network administrators are…

Read More

The US Office of Management and Budget (OMB) has issued new guidance on when and how federal agencies should collect security guarantees from software vendors. Building on the cybersecurity executive order that President Joe Biden signed in May 2021, the OMB last year published a memorandum (M-22-18) requiring federal agencies to obtain from software vendors guarantees that the software they provide is secure. Per M-22-18, federal agencies are required to obtain attestation for all software…

Read More

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless crucial for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More

Cybersecurity company Blackpoint Cyber this week announced that it has raised $190 million in a growth funding round led by Bain Capital Tech Opportunities. Accel also participated in Blackpoint’s third investment round, which has brought the total raised by the company to just over $200 million. Founded in 2014, Blackpoint provides an advanced security suite via managed service providers (MSPs), helping them keep customers safe. According to Blackpoint, its Managed Detection and Response (MDR) technology…

Read More

The Google SAIF (Secure AI Framework) is designed to provide a security framework or ecosystem for the development, use and protection of AI systems. All new technologies bring new opportunities, threats, and risks. As business concentrates on harnessing opportunities, threats and risks can be overlooked. With AI, this could be disastrous for business, business customers, and people in general. SAIF offers six core elements to ensure maximum security in AI. Expand strong security foundations to…

Read More

Organizations everywhere are evolving in new ways, whether it’s embracing remote work or developing new digital business initiatives. Although these changes can be crucial to business growth and employee retention, they often expand the attack surface, which leads to greater day-to-day operational complexity for Security Operations Center (SOC) teams. At the same time the attack surface is increasing, threats are also on the upswing. Cyberattacks are becoming more sophisticated and organizations of all sizes across…

Read More