The infamous North Korean Lazarus hacking group is the prime suspect in the $100 million hack of Harmony’s Horizon Bridge, according to new data and research from blockchain analytics firm Elliptic.The multi-million compromise, confirmed by Harmony earlier this month, led to the theft of ETH, BNB, USDT, USDC and Dai from the Horizon cross-chain bridge and no

Chicago-based Infrastructure-as-Code (IaC) startup oak9 has attracted new interest from venture capitalists with Cisco Investments and Morgan Stanley’s Next Level Fund joining a new $8 million funding round.The latest financing, led by existing investor Menlo Ventures, brings the total raised by oak9 to $14 million following a $5.9 million seed round the com

Cyolo, an Israeli startup building technology for zero trust networking, on Monday announced a new $60 million investment led by the venture investing arm of National Grid.In addition to National Grid Partners, Cyolo said it scored investments from Glilot Capital Partners, Flint Capital, Differential Ventures, and Merlin Ventures. The Series B financing

Bay Area startup Normalyze on Monday announced a $22 million in Series A funding as venture capital investors rush to place bets on the newly coined Data Security Posture Management (DSPM) space.Normalyze, based in San Francisco, said the funding round was co-led by Lightspeed Venture Partners and Battery Ventures and brings the total raised to $26.6 million

The National Institute of Standards and Technology (NIST) has published the final version of its guidance on securing macOS endpoints and assessing their security.The guidance is derived from the macOS Security Compliance Project (mSCP), an open source effort aimed at creating customized security baselines to meet the cybersecurity needs of various organizat

Security researchers at CrowdStrike have stumbled upon ransomware actors deploying zero-day exploits against Mitel VOIP appliances sitting on the network perimeter.The discovery is added confirmation that ransomware criminals are increasingly investing in zero-day exploits for use in data-extortion attacks and that poorly configured network devices present a

The US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Cyber Security Centres in New Zealand (NZ NCSC) and the United Kingdom (NCSC-UK) have issued joint guidance on the proper configuration and monitoring of PowerShell to eliminate the risk of abuse.A scripting language and command line utility i

Cryptographers at Swiss university ETH Zurich have found at least five exploitable security flaws in the privacy-themed MEGA cloud storage service and warned that the issues could lead to “devastating attacks on the confidentiality and integrity of user data in the MEGA cloud.”The ETH Zurich team documented the security defects in a research paper 

Adobe Acrobat Reader blocks certain antimalware solutions from injecting their DLLs into its processes, essentially denying them visibility and creating security risks, ransomware prevention company Minerva Labs reports.The behavior, which is similar to that of suspicious or malicious applications, is related to Acrobat Reader’s use of the Chromium Embedded

Cloud security startup Aqua Security has partnered with the Center for Internet Security (CIS) to create guidelines for software supply chain security and followed up by shipping an open-source auditing tool to ensure compliance with the new benchmark.The open-source tool, called Chain-Bench, is described an open source tool for auditing an organization’s so

RevealSecurity, an Israeli data security startup building technology to thwart malicious insider threats, on Tuesday announced the closing of a $23 million funding round led by SYN Ventures.In addition to SYN Ventures, Hanaco Ventures, SilverTech Ventures and World Trade Ventures also joined as RevealSecurity investors.The Series A financing provides capital

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors and launch man-in-the-middle attacks.The Sophos firewall vulnerability -- tracked as CVE-2022-1040 -- was patched in March this year but only after Volexity intercepted a sophisticated zero-day

Researchers at F5 Labs have nabbed a new Android malware family capable of exfiltrating financial and personal information after taking control of infected devices.Dubbed MaliBot, the malware poses as a cryptocurrency mining application, but may also pretend to be a Chrome browser or another app. On nfected devices, the threat focuses on harvesting financial

Jit, an Israeli startup promising technology to help developers simplify security when deploying cloud apps, has banked an eye-opening $38.5 million in seed-stage funding.The funding round was Boldstart Ventures. Venture capital outfit Insight Partners and Tiger Global Management also invested.The $38.5 million round is abnormally high for seed-stage funding

GreyNoise Intelligence, a startup competing in the crowded threat-intelligence space, has deposited $15 million in a new round of venture capital funding led by Radian Capital.The $15 million Series A, which was led by Radian Capital, comes less than a year after GreyNoise banked a $5 million seed round to expand its data collection capabilities.In addition