Lenovo establishes Cybersecurity Innovation Center in Israel

Lenovo has established the Lenovo Cybersecurity Innovation Center (LCIC) in cooperation with Ben-Gurion University of the Negev, an Israel-based cybersecurity research institution.

GoDaddy: Hackers stole source code, installed malware in multi-year breach — Bleeping Computer

Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment, writes Sergiu...

Reddit says hackers accessed employee data following phishing attack — TC

Reddit has confirmed hackers accessed internal documents and source code following a “highly-targeted” phishing attack, writes Carly Page. Here is the link: 

Intel, UC San Diego join DARPA program to develop cryptographical solutions for security

Intel and UC San Diego have been selected to join DARPA's Hardening Development Toolchains Against Emergent Execution Engines (HARDEN) program.  

Hackers take down EU Parliament site in apparent DDoS attack —

Russian hackers have attacked the website of the European Union’s Parliament and managed to take it offline for several hours, writes Sead Fadilpašić. Here is the link:

CGI awarded $17.4M Nuclear Regulatory Commission cybersecurity contract

CGI has been awarded a cybersecurity contract to prepare the Nuclear Regulatory Commission (NRC) for emerging cyber threats under its Global Infrastructure and Development Acquisition (GLINDA) Blanket Purchase Agreement.

OpenSSL warns of critical security vulnerability with upcoming patch — ZDNet

This new hole only affects OpenSSL versions 3.0.0 through 3.0.6. So, older operating systems and devices are likely to avoid these problems, writes Steven Vaughan-Nichols. Here's the link:

Apple releases security updates for multiple products (Update right now!)

Apple has released security updates to address vulnerabilities in Safari 16.1, iOS 16.1 and iPadOS 16, macOS Big Sur 11.7.1, macOS Monterey 12.6.1, macOS Ventura 13, tvOS 16.1, watchOS 9.1. Find the Apple update links here.

Intel confirms leaked Alder Lake BIOS Source Code is authentic — Bleeping Computer

Intel has confirmed that a source code leak for the UEFI BIOS of Alder Lake CPUs is authentic, raising cybersecurity concerns, writes Lawrence Abrams. Here is the link:

Facebook warns 1 million users whose logins were stolen by scam mobile apps —...

Meta is warning Facebook users about hundreds of apps on Apple and Google’s app stores that were specifically designed to steal login credentials to the social network app, writes Mitchell Clark. Here...

Optus cyber-attack: company opposed changes to privacy laws to give customers more rights over...

Optus has repeatedly opposed a proposed change to privacy laws that would give customers the right to request their data be destroyed, writes Josh Taylor. Here is the link:

Uber blames Lapsus$ hacking group for security breach — The Verge

Uber said that a hacker associated with the Lapsus$ hacking group was to blame for a breach of its internal systems last week, writes Andrew J. Hawkins. Here is the link:

Uber reels from ‘security incident’ in which cloud systems seemingly hijacked — The Register

The food delivery and ride sharing disruptor has admitted that something is up, saying it is investigating the matter with the Feds, writes Simon Sharwood. Here is the link:

NSA releases future quantum-resistant (QR) algorithm requirements

The National Security Agency (NSA) has released the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) Cybersecurity Advisory (CSA).

SandboxAQ acquires Cryptosense

SandboxAQ has acquired Cryptosense, a cybersecurity and encryption analysis software company. 

T-Mobile to pay $500M for one of the largest data breaches in US history...

T-Mobile has admitted no guilt but has agreed to pay a $500 million settlement (pending a judge’s approval), out of which $350 million will go to the settlement fund, writes Ashley...

January 6 panel examines whether erased Secret Service texts can be revived — The...

The House committee investigating the Capitol attack is examining whether Secret Service text messages from 5 and 6 January 2021 that were erased around the time of an internal review can be reconstructed, writes Hugo Lowell. 

Hacker claims they stole police data on a billion Chinese citizens — Engadget

A hacker (or group of hackers) claims to have stolen data on a billion Chinese citizens from a Shanghai police database, writes K. Holt. Here is the link:

Google warns of new spyware targeting iOS and Android users — Wired

Google's Threat Analysis Group and Project Zero vulnerability analysis team published findings about the iOS version of a spyware product attributed to the Italian developer RCS Labs, writes Lily Hay Newman. Here is...

Peraton wins $562.9M DoD cyber crime TABO task order

Peraton subsidiary Perspecta Enterprise Services has been awarded the Department of Defense (DoD) Cyber Crime Center (DC3) Technical, Analytical, and Business Operations Services (TABO) task order, worth up to $562.9 million.

IBM to acquire Randori

IBM says it plans to acquire Boston-based cybersecurity provider Randori, a company working on attack surface management (ASM).

OMIGOD: Cloud providers still using secret middleware — The Register

The agents are middleware that bridge customer VMs and the provider's other managed services, writes Brandon Vigliarolo. Here is the link:

AppOmni raises $70M

San Francisco, Calif.-based SaaS security comapny AppOmni has raised $70 million in a Series C funding round.

SpiceJet: Passengers stranded as India airline hit by ransomware attack — BBC

India's SpiceJet airline said its systems faced an "attempted ransomware attack" on Tuesday, delaying flights and leaving many stranded at airports, according to the report. Here is the link:

‘Predator’ spyware let government hackers break into Chrome and Android, Google says — Gizmodo

A shady private surveillance company sold access to nearly half a dozen powerful security flaws in Chrome and Android last year to government-affiliated hackers, Google revealed Monday, writes Lucas Ropek. Here is...

Patch your VMware gear now – or yank it out, Uncle Sam tells federal...

Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, writes Simon Sharwood. Here is the link: Find the advisories from VMware here:...

NASA awards $622.5M cybersecurity contract to Booz Allen Hamilton

NASA has awarded the Cybersecurity and Privacy Enterprise Solutions and Services (CyPrESS) contract to Booz Allen Hamilton of McLean, Virginia.

Nokia to open 5G network security and testing lab in Dallas

Nokia announced the launch of its Advanced Security Testing and Research (ASTaR) lab, located in Dallas, Texas.

NPM bug allowed attackers to distribute malware as legitimate packages — The Hacker News

A "logical flaw" has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate, writes Ravie...

Google to acquire Mandiant for $4.5B

Google has signed a definitive agreement to acquire Mandiant for roughly $5.4 billion. Upon the close of the acquisition, Mandiant will join Google Cloud.

Ukrainian man charged with ransomware attack that affected 1,500 U.S. businesses — NBC

Yaroslav Vasinskyi, 22, was arrested last month at the request of the U.S. government while trying to enter Poland from Ukraine, writes Pete Williams. Here is the link:

Robinhood discloses breach that exposed information of millions of customers — CNN

The trading platform said in a statement that the November 3 attack allowed the unauthorized party to obtain a list of email addresses for about 5 million people, writes Matt Egan. Here...

‘Sideloading is a cyber criminal’s best friend,’ according to Apple’s software chief — The...

“Sideloading is a cyber criminal’s best friend and requiring that on iPhone would be a gold rush for the malware industry,” according to Apple senior vice president Craig Federighi, writes Chaim...

Malware found in npm package with millions of weekly downloads — The Record

A massively popular JavaScript library (npm package) was hacked, and modified with malicious code that downloaded and installed a password stealer and cryptocurrency miner, writes Catalin Cimpanu. Here is the link:  

Twitch blames data breach on server configuration error — CNET

Twitch on Wednesday confirmed what appears to be a large data breach, pointing to an "error in a Twitch server configuration change" that exposed some data to the internet, writes Carrie Mihalcik. Here...

As Google sets burial date for legacy Chrome Extensions, fears for ad-blockers grow —...

Google this month said Chrome browser extensions written under its Manifest V2 specification will stop working in January 2023, writes Thomas Claburn. Here is the link:

Snyk raises $350M

Developer security company Snyk has raised $530 million in a Series F investment round.

Hackers, remote workers spur record PE investment in cybersecurity — PitchBook

Private equity buyouts in cybersecurity are hitting new records as a fast-growing industry responds to a surge in remote working and increasingly sophisticated cyberattacks, writes Ryan Prete. Here is the link:

Juniper breach mystery starts to clear with new details on hackers and U.S. role...

Juniper’s breach remains important — and the subject of continued questions from Congress — because it highlights the perils of governments inserting backdoors in technology products, writes Jordan Robertson. Here is the...

Microsoft Azure cloud vulnerability is the ‘worst you can imagine’ — The Verge

A flaw in Microsoft’s Azure Cosmos DB database product left more than 3,300 Azure customers open to complete unrestricted access by attackers, writes Thomas Ricker. Here is the link: You can find...

Pegasus spyware found on journalists’ phones, French intelligence confirms — The Guardian

French intelligence investigators have confirmed that Pegasus spyware has been found on the phones of three journalists, writes Kim Willsher. 

Rootly raises $3.2M

Technical incident management platform company Rootly has closed $3.2 million in seed funding.

Biden announces investigation into international ransomware attack — The Guardian

Joe Biden said on Saturday he had directed US intelligence agencies to investigate a sophisticated ransomware attack, according to the report. Here is the link:

Wipro to acquire Ampion

Wipro has signed an agreement to acquire Ampion, an Australia-based provider of cyber security, DevOps and quality engineering services.

Armorblox raises $30M

Sunnyvale, Calif.-based email security company Armorblox has raised $30 million in a Series B funding round. The investment was led by Next47, with participation from Polaris Partners and Unusual Ventures, as well...

NSA urges system administrators to replace obsolete TLS protocols — ZDNet

The US National Security Agency has issued a security advisory this month urging system administrators in federal agencies and beyond to stop using old and obsolete TLS protocols, writes Catalin...

Akamai acquires Dublin-based Asavie

Akamai Technologies has acquired Dublin-based mobile communications and internet of things (IoT) company Asavie, for an undisclosed sum.

Raytheon sells off Forcepoint cybersecurity solutions portfolio

Global investment firm Francisco Partners has signed a definitive agreement to acquire Forcepoint, a cybersecurity solutions company, and a subsidiary of Raytheon. 

General Dynamics awarded $761 million GSA contract for U.S. Southern Command cyber modernization

General Dynamics Information Technology (GDIT), a business unit of General Dynamics, has been awarded the Southern Command's (SOUTHCOM) Cyber Information Technology Enterprise Services (SCITES) contract.

US charges Russian hackers behind NotPetya, KillDisk, OlympicDestroyer attacks — ZDNet

The US Department of Justice has unsealed charges against six GRU officers believed to be members of Sandworm, writes Catalin Timpanu. Here is the link: