News

In this session from SecurityWeek’s 2022 ICS Cybersecurity Conference, Mark Plemmons, Sr. Director for Threat Intelligence at Dragos, dives deep into the technical details and real-world impact on the modular ICS attack framework known as PIPEDREAM/Incontroller that can be used to disrupt and/or destruct devices in industrial environments. In April 2022, a joint advisory from the Department of Energy, CISA, NSA and the FBI warned that unidentified APT actors have created this suite of specialized…

Defense management startup Interpres Security on Thursday announced that it has emerged from stealth mode with $8.5 million in a seed funding round led by Ten Eleven Ventures and a solution designed to help companies optimize security performance. The Charleston-based firm proposes a new approach to managing the defense surface, offering a continuous, customized analysis of detection and mitigation capabilities, to help organizations improve their security posture. The company provides tailored mitigation, data collection, and…

Implementation of security automation can be overwhelming, and has remained a barrier to adoption Previously, I wrote about balancing security automation and the human element to accelerate security automation initiatives. Equally important to address are the implementation aspects of security automation, which are holding many organizations back. In fact, a recent survey (PDF) found that while trust in security automation is rising, technology is the top barrier to adoption. And in Twitter poll, Allie Mellen,…

TikTok was hit Wednesday with a pair of lawsuits from the US state of Indiana, which accused it of making false claims about the Chinese-owned app’s safety for children. The legal salvo came as problems are mounting for TikTok in the United States, with multiple accusations that the extremely popular app is a national security threat and a conduit for spying by China. “The TikTok app is a malicious and menacing threat unleashed on unsuspecting…

Created and maintained by MITRE, MITRE D3FEND is a framework that provides a library of defensive cybersecurity countermeasures and technical components to help organizations improve their defensive cybersecurity posture. MITRE D3FEND is complementary to the MITRE ATT&CK framework, which is a library of cybercriminal tactics, techniques, and procedures (TTP). D3FEND maps relationships between ATT&CK’s TTP and defensive countermeasures for developing strategies to known attacker behavior. Using D3FEND To Bolster Defensive Readiness D3FEND gives organizations a…

Apple presents itself as a white knight on the subject of privacy, but critics say its own advertising ambitions are built on anti-competitive practices.  Two developers going by the name ‘Mysk’ claimed last month that Apple was tracking users’ every tap on the App Store, with no way of disabling the function.  A class action lawsuit was subsequently filed in California, claiming that Apple’s “promises regarding privacy are utterly false”.  The company has not commented…

FBI Director Chris Wray is raising national security concerns about TikTok, warning Friday that control of the popular video sharing app is in the hands of a Chinese government “that doesn’t share our values.” Wray said the FBI was concerned that the Chinese had the ability to control the app’s recommendation algorithm, “which allows them to manipulate content, and if they want to, to use it for influence operations.” He also asserted that China could…

New York City-based passwordless authentication solutions provider Hypr announced on Thursday that it has raised $25 million in a Series C1 funding round. The previous funding round, the Series C, was announced in April 2021, when the company raised $35 million. The latest investment, which brings the total to $97 million, was led by Advent International, with participation from .406 Ventures, RRE Ventures, Top Tier Capital, and Comcast Ventures. The money will be used to…