The National Institute of Standards and Technology (NIST) has issued a Preliminary Draft security guidelines SP 1800-34 for Validating the Integrity of Computing Devices.
Security researchers have discovered malicious software packages from Python’s official third party software package repository PyPl stealing payment card numbers and injecting code.
The DHS CISA cybersecurity team just released a new tool dubbed CHIRP, a forensics collection tool designed to help network defenders scan for indicators of compromise (IOCs) associated with the SolarWinds Orion and Active Directory/M365 compromise and cyberattacks.
The National Security Agency (NSA) has released new guidelines on the Zero Trust Security Model, a coordinated system management strategy that removes implicit trust in any one system or service and assumes breaches will or have already occurred.
Microsoft has open sourced CodeQL queries used to scan for Solorigate malware activity that matches the SolarWinds supply-chain attack.
Cybersecurity experts discovered a new supply chain attack against a certification authority organization in Vietnam.
Microsoft shared new insights into the Solarigate malware, the compromised DLL file behind the SolarWinds software supply chain attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a ‘grave risk’ to critical infrastructure, government and private sector organizations.