SolarWinds

SEC accuses SolarWinds CISO of misleading investors before Russian cyberattack

The U.S. Securities and Exchange Commission has charged SolarWinds and its top cybersecurity executive Timothy Brown with fraud and internal control failures for allegedly misleading investors about t

Software supply chain security is broader than SolarWinds and Log4J

Here's a comprehensive look at some of the lesser-known, but no less serious, types of software supply chain attacks.

SolarWinds says it’s facing SEC ‘enforcement action’ over 2020 hack

The long hangover from a 2020 state-sponsored compromise still isn’t over for SolarWinds, as the software giant targeted by Russian government hackers has to pony up $26 million to shareholders

Russian hackers behind SolarWinds are now hiding malware in Google Drive

The Russia-linked hacking group behind the infamous SolarWinds espionage campaign is now using Google Drive to stealthily deliver malware to its latest victims. That’s according to researchers a

Secureframe secures $56M for a platform that automates an enterprise’s compliance with standards like HIPAA and SOC 2

Meeting compliance standards like HIPAA and SOC 2 can be a critical — and often mandatory — part of the matrix of boxes that need to be ticked when securing an organization, but it’s

Vicarius raises $24M to build out its vulnerability remediation platform

Vicarius, a New York-based startup that has developed an autonomous vulnerability remediation platform, has raised $24 million in Series A funding to protect organizations from the next major supply-c

Homeland Security establishes the Cyber Safety Review Board to learn the mistakes from past cyber incidents

The U.S. Department of Homeland Security has assembled a review board that will be tasked with investigating major national cybersecurity incidents in an effort to “meaningfully improve”

A CISO’s playbook for responding to zero-day exploits

We keep calling every new zero-day exploit a “wake up call,” but all we have been doing is collectively hitting the snooze button.

Chainguard lands $5M to help companies secure their software supply chains

By late last year, the alarm bells were just starting to ring. Researchers discovered that Russian spies had months earlier burrowed deep into the networks of several U.S. federal networks. The spies,

Cycode raises $56M Series B to help secure software supply chains

Cycode, a startup that helps businesses secure their DevOps pipelines and software supply chains, today announced that it has raised a $56 million Series B funding round led by Insight Partners. YL Ve

US government bans sale of hacking tools to China and Russia

The U.S. Department of Commerce has announced that it will ban the export of hacking tools to authoritarian governments in an effort to curb violations of human rights and other malicious cyber activi

DOJ will sue federal contractors that hide cyberattacks and breaches

The U.S. Department of Justice has said it will launch civil legal action against federal contractors if they fail to report cyberattacks or data breaches. The Civil Cyber-Fraud Initiative, introduced

Stairwell secures $20M Series A to help organizations outsmart attackers

Back when Stairwell emerged from stealth in 2020, the startup was shrouded in secrecy. Now with $20 million in Series A funding, its founder and CEO Mike Wiacek — who previously served as chief secu

The stars are aligning for federal IT open source software adoption

While the government has made a number of moves in a more open direction in recent years, the story of open source in federal IT has often seemed more about potential than reality.

To prevent cyberattacks, the government should limit the scope of a software bill of materials

There is no reason to disdain the concept of SBOM outright. Indeed, it’s heartening to see the federal government take cybersecurity so seriously.

Checkmarx acquires open-source supply chain security startup Dustico

Checkmarx, an Israeli provider of static application security testing (AST), has acquired open-source supply chain security startup Dustico for an undisclosed sum.  Founded in 2020, Dustico provides

Passwordstate customers complain of silence and secrecy after cyberattack

It has been over three months since Click Studios, the Australian software house behind the enterprise password manager Passwordstate, warned its customers to “commence resetting all passwords.&

Cybereason raises $275M at Series F, adds Steven Mnuchin to board

Cybereason, a U.S.-Israeli late-stage cybersecurity startup that provides extended detection and response (XDR) services, has secured $275 million in Series F funding.  The investment was led by Libe

Microsoft confirms it’s buying cybersecurity startup RiskIQ

Microsoft has confirmed it’s buying RiskIQ, a San Francisco-based cybersecurity company that provides threat intelligence and cloud-based software as a service for organizations. Terms of the de

Zero trust unicorn Illumio closes $225M Series F led by Thoma Bravo

Illumio, a self-styled zero trust unicorn, has closed a $225 million Series F funding round at a $2.75 billion valuation.  The round was led by Thoma Bravo, which recently bought cybersecurity vendor
Load More