Attackers have increasingly targeted the software supply chain by populating package managers such as RubyGems and npm with malicious code.
CISA said the attackers behind the SolarWinds compromise used other infection vectors to access some victims' networks.
Some news for security operations teams investigating their networks for signs that nation-state attackers had deployed the Sunburst malware via the SolarWinds' Orion network monitoring technology: FireEye has identified a killswitch that would stop the malware from executing in infected networks.
Completely recovering from the effects of the breach of SolarWinds could take months for some customers.
Attackers planted a compromised update for the SolarWinds Orion platform, leading to a cyber espionage campaign that hit many companies and government agencies.
Facebook has disrupted attacks on its platform it attributes to APT32, a group based in Vietnam.
Haroon Meer, founder of Thinkst, joins Dennis Fisher to talk about why a lot of security products don't work, the challenges of running a security company from South Africa, and doing well by doing good.
The House of Representatives overwhelmingly passed the National Defense Authorization Act and the Senate is expected to vote on the defense appropriations bill this week.
A flaw in Microsoft Teams allowed remote code execution by sending one message to a victim.
The NSA warned that Russian state attackers are targeting a recent VMware vulnerability, which NSA discovered and disclosed.
Ryan Noon and Abhishek Agrawal, founders of Material Security, join Dennis Fisher to talk about fixing the email security problem and approaching security challenges with diverse mindsets.
The TrickBot trojan now includes a capability to scan for vulnerable UEFI firmware implementations and could soon exploit them.
Ransomware gangs have added data theft to their tactics, bringing another variable into the pay or don't pay equation.
Threat analysis firm Prevasio scanned the entire DockerHub and found that 51 percent of all container images had at least one critical vulnerability and 13 percent had at least one high-severity vulnerability. Researchers also identified 6,433 images that were malicious or potentially harmful.
New variants of the Bandook malware that are digitally signed have been used in a recent wave of attacks on organizations in many industries.