Japan Links Chinese Hacker MirrorFace to Dozens of Cyberattacks Targeting Security and Tech Data
Japan on Wednesday linked more than 200 cyberattacks over the past five years targeting the country’s national security and high technology data to a Chinese hacking group, MirrorFace, detailing their tactics and calling on government agencies and businesses to reinforce preventive measures. The National Police Agency said its analysis on the targets, methods and infrastructure […]
Read More
Rationalizing the Stack: The Case for Security Vendor Consolidation
In recent years, tighter security budgets and macroeconomic headwinds have created a need to optimize security spend. In this fiscal environment, security teams find themselves being asked to identify areas in which spend can be optimized. In other words, where can the same or improved ends be achieved through reduced means? One important part of this endeavor […]
Read More
Thousands Impacted by Casio Data Breach
Japanese electronics giant Casio has completed its investigation into the data breach caused by a recent ransomware attack and found that thousands of individuals are impacted. The company revealed in early October 2024 that some systems had failed and some services had been disrupted as a result of unauthorized access to its network. A few […]
Read More
Cybersecurity Funding Reached $9.5 Billion in 2024: Report
Funding raised by cybersecurity firms increased to $9.5 billion last year amid a decrease in funding volume, a new report from cybersecurity recruitment firm Pinpoint Search Group shows. The company tracked 304 funding rounds in 2024, 16% fewer compared to the 346 tracked during the previous year, but the raised amount went up 9% year-over-year, […]
Read More
Insider Threat: Tackling the Complex Challenges of the Enemy Within
The insider threat is a simple term for a mammoth and complex problem. It ranges from national security through theft of corporate intellectual property to malicious harm and accidental incompetence. Here we concentrate on the malicious insider threat. This involves foreign agents, legitimate but malcontent staff, criminally-bribed employees, and more. Just as these threats are […]
Read More
New Labels Will Help People Pick Devices Less at Risk of Hacking
The federal government is rolling out a consumer labeling system designed to help Americans pick smart devices that are less vulnerable to hacking. Under the voluntary program, called the US Cyber Trust Mark Initiative, manufacturers can affix the label on their products if they meet federal cybersecurity standards. The types of devices that can seek […]
Read More
CISA Warns of Mitel MiCollab Vulnerabilities Exploited in Attacks
The US cybersecurity agency CISA on Tuesday warned that two recently disclosed vulnerabilities affecting the Mitel MiCollab enterprise collaboration platform have been exploited in attacks. The two security defects, tracked as CVE-2024-41713 and CVE-2024-55550, are described as path traversal issues that impact versions 9.8 SP1 FP2 (9.8.1.201) and earlier of Mitel MiCollab. CVE-2024-41713 (CVSS score […]
Read More
Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities
Google and Mozilla on Tuesday announced the release of fresh security updates that patch several high-severity vulnerabilities in their popular browsers. Google has released a Chrome 131 update that resolves four security defects, including a high-severity type confusion flaw in the V8 JavaScript engine reported by an external researcher. Tracked as CVE-2025-0291, the externally reported […]
Read More
First Android Update of 2025 Patches Critical Code Execution Vulnerabilities
Google on Monday announced the first set of Android security updates for 2025, which include patches for 36 vulnerabilities, including five critical-severity bugs in the System component. As usual, the update is divided into two parts, with the first arriving on devices as the 2025-01-01 security patch level and containing fixes for 24 vulnerabilities in […]
Read More
Veracode Targets Malicious Code Threats With Phylum Acquisition
Software code analysis firm Veracode on Tuesday announced the acquisition of key assets from Phylum, an early stage startup in the software supply chain space. Financial terms of the transaction were not released. The Burlington, Mass.-based Veracode said the deal included certain Phylum assets, including its malicious package analysis, detection, and mitigation technology. Phylum, based in […]
Read More