The Biden administration issued new guidance on software supply chain security for federal agencies, which includes requirements for self-attestations and SBOMs.
APT29, the threat actor linked to the SolarWinds hack, is abusing various Azure features in recent attacks against organizations that influence the foreign policy of NATO countries.
Researchers have linked a malware loader, called CeeLoader, to the threat group behind the SolarWinds supply-chain attack.
Microsoft said that the threat group has used phishing and password-spraying attacks to compromise at least 14 IT service providers this year.
The Nobelium attackers, who are responsible for the SolarWinds intrusion, have been deploying a new backdoor called FoggyWeb in targeted attacks.