Patch your VMware gear now – or yank it out, Uncle Sam tells federal...

Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, writes Simon Sharwood. Here is the link: https://www.theregister.com/2022/05/19/vmware_cisa_security_risks/ Find the advisories from VMware here:...

NASA awards $622.5M cybersecurity contract to Booz Allen Hamilton

NASA has awarded the Cybersecurity and Privacy Enterprise Solutions and Services (CyPrESS) contract to Booz Allen Hamilton of McLean, Virginia.

Material Security raises $100M

Material Security, a company that offers a zero trust security approach to email data, has secured $100 million in Series C funding.

Nokia to open 5G network security and testing lab in Dallas

Nokia announced the launch of its Advanced Security Testing and Research (ASTaR) lab, located in Dallas, Texas.

Abnormal Security raises $200M

AI-based cloud-native email security platform company Abnormal Security has closed a $210 million Series C round of financing.

NPM bug allowed attackers to distribute malware as legitimate packages — The Hacker News

A "logical flaw" has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate, writes Ravie...

Google to acquire Mandiant for $4.5B

Google has signed a definitive agreement to acquire Mandiant for roughly $5.4 billion. Upon the close of the acquisition, Mandiant will join Google Cloud.

Ukrainian man charged with ransomware attack that affected 1,500 U.S. businesses — NBC

Yaroslav Vasinskyi, 22, was arrested last month at the request of the U.S. government while trying to enter Poland from Ukraine, writes Pete Williams. Here is the link: https://www.nbcnews.com/news/us-news/ukranian-man-charged-ransomware-attack-affected-1500-us-businesses-rcna4835

Robinhood discloses breach that exposed information of millions of customers — CNN

The trading platform said in a statement that the November 3 attack allowed the unauthorized party to obtain a list of email addresses for about 5 million people, writes Matt Egan. Here...

‘Sideloading is a cyber criminal’s best friend,’ according to Apple’s software chief — The...

“Sideloading is a cyber criminal’s best friend and requiring that on iPhone would be a gold rush for the malware industry,” according to Apple senior vice president Craig Federighi, writes Chaim...

Malware found in npm package with millions of weekly downloads — The Record

A massively popular JavaScript library (npm package) was hacked, and modified with malicious code that downloaded and installed a password stealer and cryptocurrency miner, writes Catalin Cimpanu. Here is the link: https://therecord.media/malware-found-in-npm-package-with-millions-of-weekly-downloads/  

Twitch blames data breach on server configuration error — CNET

Twitch on Wednesday confirmed what appears to be a large data breach, pointing to an "error in a Twitch server configuration change" that exposed some data to the internet, writes Carrie Mihalcik. Here...

As Google sets burial date for legacy Chrome Extensions, fears for ad-blockers grow —...

Google this month said Chrome browser extensions written under its Manifest V2 specification will stop working in January 2023, writes Thomas Claburn. Here is the link: https://www.theregister.com/2021/09/27/google_chrome_manifest_v2_extensions/

Snyk raises $350M

Developer security company Snyk has raised $530 million in a Series F investment round.

Hackers, remote workers spur record PE investment in cybersecurity — PitchBook

Private equity buyouts in cybersecurity are hitting new records as a fast-growing industry responds to a surge in remote working and increasingly sophisticated cyberattacks, writes Ryan Prete. Here is the link: https://pitchbook.com/news/articles/hackers-remote-workers-private-equity-cybersecurity