Microsoft has traced the signing key theft back to a "crash dump" error. A breach of a Microsoft engineer's work account by the Chinese hackers then yielded access to the crash dump and the embedded signing key.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
For SMBs, one breach that compromises the larger entities of their supply chain is enough to jeopardize business-critical revenue streams. With supply chain attacks an ongoing reality, now is the time for SMBs to think proactively about how to maximize the value of their security stack.
Security Service Edge (SSE) converges multiple cybersecurity capabilities within a single, cloud-native software stack, and is designed to protect all enterprise edges – sites, users and applications, including the IoT-connected points — even as the contours of those edges shift.
The UK Met Police is on high alert after a massive data breach exposed the identities and photographs of officers, including undercover cops and counter-terrorism agents.
UK military contractor confirmed that some information about military bases was stolen in the data breach, but insists that none of it was confidential or highly sensitive. Attackers apparently compromised a computer running manufacturing machine software that was still outfitted with Windows 7.
Forever 21 has confirmed a data breach that impacted over 500,000 current and former employees. The company has however assured victims that hackers have deleted the stolen personal information, which included Social Security Numbers.
Barracuda ESG zero-day attacks by Chinese state-sponsored threat actors compromised multiple U.S. state, local, and tribal government email servers. Over 200,000 private and government organizations worldwide depend on Barracuda email security gateway (ESG) appliances.
Report shows cyber insurance coverage continues to become harder to obtain even as demand and prices continue to increase. For some small businesses, even a meaningful level of partial coverage might be out of reach at this point.
A long-term breach of Japan's national cyber security agency may be the work of state-backed Chinese hackers. The security breach occurred in October 2022 and was disclosed in August of this year.
The SEC has been clear that proper risk management and timely cyber incident disclosures protect investors and other stakeholders. The regulators may make an example out of SolarWinds and its leadership at the time of the Orion incident to set the tone for the importance of software supply chain security.










