News

The United States on Friday blacklisted six Chinese entities it said were linked to Beijing’s aerospace programs as part of its retaliation over an alleged Chinese spy balloon that traversed U.S. airspace. The economic restrictions followed the Biden administration’s pledge to consider broader efforts to address Chinese surveillance activities and will make it more difficult for the five companies and one research institute to obtain American technology exports. The move is likely to further escalate…

Read More

Organizations worldwide have been warned of an increase in the number of attacks abusing Microsoft OneNote documents for malware delivery. Part of the Office suite, OneNote is typically used within organizations for note taking and task management, among other operations. What makes OneNote documents an attractive target for threat actors includes the fact that they do not benefit from the Mark-of-the-Web (MOTW) protection, along with the fact that files can be attached to OneNote notebooks…

Read More

The number of vulnerabilities discovered in industrial control systems (ICS) continues to increase, and many of them have a ‘critical’ or ‘high’ severity rating, according to a new report from industrial cybersecurity firm SynSaber.  The report compares the number of ICS and ICS medical advisories published by CISA between 2020 and 2022. While the number of advisories was roughly the same in 2021 and 2022, at 350, the number of vulnerabilities discovered last year reached…

Read More

VulnCheck, a Massachusetts startup with ambitious plans in the vulnerability intelligence space, has attracted $3.2 million in seed-stage funding from several prominent investors. The early-stage financing round was led by Sorensen Ventures and included equity stakes for In-Q-Tel, Lux Capital, and Aviso Ventures. Based in Lexington, Mass., VulnCheck is building technology that promises exploit intelligence for vulnerability prioritization and an early-warning system for in-the-wild software exploitation activity. Founded in 2021, VulnCheck is the brainchild of…

Read More

Skybox Security, a late-stage California startup in the security analytics space, has closed a $50 million financing round and hired a new chief executive. The San Jose company announced Wednesday that former Digital Guardian CEO Mordecai (Mo) Rosen will take the reins at Skybox and manage the company through a new financing round that brings the total raised to $335 million. The private equity-backed Skybox said investors in the latest round include CVC Growth Funds,…

Read More

Software supply chain security startup Lineaje today announced that it has raised $7 million in a seed funding round led by Tenable Ventures. Dreamit Ventures and Veear Capital also participated in the investment round, along with various angel investors. Founded in 2021, the Saratoga, California-based company helps organizations secure their software supply chain, regardless of whether they are the developers, suppliers, or users of software. Lineaje’s SB0M360 software supply chain management solution can identify all…

Read More

Telco and media conglomerate Comcast has jumped headfirst into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace. The Philadelphia technology giant has created a new cybersecurity business unit led by former Zscaler executive Nicole Bucala to develop and sell what Comcast is describing as a “security data fabric platform. In a note announcing the new business unit, Comcast said the long-term plan is to…

Read More

Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam. It is not new. What is new is that apps perpetrating the scam can be downloaded from the official Apple and Android app stores – giving them greater apparent validity to targets. The scam is a version of romance scam, where targets are befriended, lured in, persuaded to download a disguised malicious app, drawn into false cryptocurrency…

Read More

The Pentagon said at midday Friday that a Chinese spy balloon had moved eastward and was over the central United States, and that the U.S. rejected China’s claims that it was not being used for surveillance. Brig. Gen. Pat Ryder, Pentagon press secretary, refused to provide details on exactly where the balloon was or whether there was any new consideration of shooting it down. The military had ruled that option out, officials had said, due…

Read More

Former Ubiquiti employee Nickolas Sharp has admitted in court to abusing company-provided credentials to steal data and then attempting to extort the company, the Department of Justice announced. Sharp, 37, of Portland, Oregon, worked at the New York City-based IoT device maker between August 2018 and April 2021, as a senior developer who had access credentials for Ubiquiti’s AWS and GitHub servers. In December 2020, he abused his administrative credentials to download confidential data using…

Read More