Category: SecurityWeek RSS Feed

Proofpoint warns that APT actors linked to Russia Iran and North Korea are increasingly targeting small- and medium-sized businesses. The post Researchers Spot APTs Targeting Small Business MSPs appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

OAuth vulnerabilities found in the widely used Expo application development platform could have been exploited for account takeovers. The post OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers appeared first on SecurityWeek. This article has been indexed from…

Read more →

Join thousands of attendees as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack. (Login Now) The post Now Live: Threat Detection and Incident Response Virtual Summit appeared first…

Read more →

The AhRat trojan was injected in a screen recording application that had amassed more than 50,000 downloads via Google Play. The post Android App With 50,000 Downloads in Google Play Turned Into Spyware via Update appeared first on SecurityWeek. This…

Read more →

Honeywell announces the launch of Cyber Insights, a solution designed to help organizations identify vulnerabilities and threats in their OT environments. The post New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats appeared first on SecurityWeek. This article has been…

Read more →

The US government has announced sanctions against four entities and one individual engaging in cyber activities on behalf of the North Korean government. The post US Sanctions North Korean University for Training Hackers appeared first on SecurityWeek. This article has…

Read more →

White House announced new efforts to guide federally backed research on artificial intelligence (AI). The post White House Unveils New Efforts to Guide Federal Research of AI appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

Read more →

Join thousands of attendees as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack. (Register Now) The post Virtual Event Today: Threat Detection and Incident Response Summit appeared first…

Read more →

A credential phishing campaign using the legitimate SuperMailer newsletter distribution app has doubled in size each month since January 2023. The post Threat Actor Abuses SuperMailer for Large-scale Phishing Campaign appeared first on SecurityWeek. This article has been indexed from…

Read more →

MikroTik patches a major security defect in its RouterOS product a full five months after it was exploited at Pwn2Own Toronto. The post Mikrotik Belatedly Patches RouterOS Flaw Exploited at Pwn2Own appeared first on SecurityWeek. This article has been indexed…

Read more →

The newly detailed GoldenJackal APT has been targeting government and diplomatic entities in the Middle East and South Asia since 2019. The post New ‘GoldenJackal’ APT Targets Middle East, South Asia Governments appeared first on SecurityWeek. This article has been…

Read more →

Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain. The post Red Hat Pushes New Tools to Secure Software Supply Chain appeared first on SecurityWeek.…

Read more →

Rheinmetall confirms being hit by Black Basta ransomware group, but says its military business is not affected. The post Rheinmetall Says Military Business Not Impacted by Ransomware Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

Google introduces Mobile VRP bug bounty program for vulnerabilities in its mobile applications. The post Google Launches Bug Bounty Program for Mobile Applications appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

Iranian threat actors use a Windows kernel driver called ‘Wintapix’ in attacks against Middle East targets. The post Iranian Hackers Using New Windows Kernel Driver in Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

Read more →

With proactive steps to move toward Zero Trust, technology leaders can leverage an old, yet new, idea that must become the security norm. The post Cutting Through the Noise: What is Zero Trust Security? appeared first on SecurityWeek. This article…

Read more →

Food distributor Sysco Corporation says the personal information of over 126,000 individuals was compromised in a recent cyberattack. The post Food Distributor Sysco Says Cyberattack Exposed 126,000 Individuals appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

GAO report underlines the need for federal agencies to fully implement key cloud security practices. The post GAO Tells Federal Agencies to Fully Implement Key Cloud Security Practices appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

Satellite TV giant Dish Network says the recent ransomware attack impacted nearly 300,000 people and its notification suggests a ransom has been paid. The post Dish Ransomware Attack Impacted Nearly 300,000 People appeared first on SecurityWeek. This article has been…

Read more →

Food distributor Sysco Corporation says the personal information of over 126,000 individuals was compromised in a recent cyberattack. The post Food Distributor Sysco Says Cyberattack Affects 126,000 Individuals appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

China’s government told users of computer equipment deemed sensitive to stop buying products from the biggest U.S. memory chipmaker, Micron. The post China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States appeared first on…

Read more →

The European Union slapped Meta with a record $1.3 billion privacy fine and ordered it to stop transferring user data across the Atlantic. The post Facebook Parent Meta Hit With Record Fine for Transferring European User Data to US appeared…

Read more →

BEC scammers use residential IP addresses in attacks to make them seem locally generated and evade detection. The post Microsoft: BEC Scammers Use Residential IPs to Evade Detection appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor. The post Samsung Smartphone Users Warned of Actively Exploited Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

Security researchers are warning that newly patched vulnerabilities in the Pimcore platform bring code execution risks. The post Pimcore Platform Flaws Exposed Users to Code Execution appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Wisconsin teen Joseph Garrison is charged with launching a credential stuffing attack that affected roughly 60,000 user accounts. The post US Teenager Indicted for Credential Stuffing Attack on Fantasy Sports Website appeared first on SecurityWeek. This article has been indexed…

Read more →

Security researchers have identified the second developer of Golden Chickens, a malware suite used by financially-motivated hacking groups Cobalt Group and FIN6. The post Researchers Identify Second Developer of ‘Golden Chickens’ Malware appeared first on SecurityWeek. This article has been…

Read more →

Apple has patched 3 zero-days, two of which are the vulnerabilities patched with the tech giant’s first Rapid Security Response updates. The post Apple Patches 3 Exploited WebKit Zero-Day Vulnerabilities appeared first on SecurityWeek. This article has been indexed from…

Read more →

Cloudflare introduces Secrets Store, a new solution to help developers and organizations securely store and manage secrets. The post Cloudflare Unveils New Secrets Management Solution appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

Manifest raises $6 million in seed funding to help businesses generate, collect, and manage software bill of materials (SBOMs). The post Investors Make $6M Bet on Manifest for SBOM Management Technology appeared first on SecurityWeek. This article has been indexed…

Read more →

A wave of layoffs, coupled with increased recruitment efforts by cybercriminals, could create the perfect conditions for insider threats to flourish The post Triple Threat: Insecure Economy, Cybercrime Recruitment and Insider Threats appeared first on SecurityWeek. This article has been…

Read more →

Secure remote access is essential for industrial organizations, but many are concerned about the associated risks, a new study shows. The post Industrial Secure Remote Access Is Essential, but Firms Concerned About Risks appeared first on SecurityWeek. This article has…

Read more →

Lineaje introduces SBOM360 Hub, an exchange allowing software producers, sellers, and consumers to publish, share and use SBOMs and related compliance artifacts. The post New SBOM Hub Helps All Stakeholders in Software Distribution Chain appeared first on SecurityWeek. This article…

Read more →

Quantinuum claims the most powerful quantum computer currently available –through cloud-based access from Quantinuum, and available through Azure Quantum in June 2023. The post Quantum Decryption Brought Closer by Topological Qubits appeared first on SecurityWeek. This article has been indexed…

Read more →

Google is updating its vulnerability reports rating system to encourage researchers to provide more details on the reported bugs. The post Google Announces New Rating System for Android and Device Vulnerability Reports appeared first on SecurityWeek. This article has been…

Read more →

A threat actor tracked as Lemon Group has control over millions of smartphones distributed worldwide thanks to preinstalled Guerrilla malware. The post Millions of Smartphones Distributed Worldwide With Preinstalled ‘Guerrilla’ Malware appeared first on SecurityWeek. This article has been indexed…

Read more →

Cisco has released patches for critical vulnerabilities in small business switches for which public proof-of-concept (PoC) code exists. The post Cisco Says PoC Exploits Available for Newly Patched Enterprise Switch Vulnerabilities appeared first on SecurityWeek. This article has been indexed…

Read more →

Researcher publishes PoC tool that exploits unpatched KeePass vulnerability to retrieve the master password from memory. The post PoC Tool Exploits Unpatched KeePass Vulnerability to Retrieve Master Passwords appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

Threat actors have been selling access to energy sector organizations, including ICS and other OT systems, according to a new report from Searchlight Cyber. The post Access to Energy Sector ICS/OT Systems Offered on Hacker Forums appeared first on SecurityWeek.…

Read more →

Japan, Ukraine, Ireland and Iceland have joined the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE). The post 4 Countries Join NATO Cyber Defense Center appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

CISA, FBI, and ACSC warn critical infrastructure organizations of the BianLian ransomware group’s attacks. The post Critical Infrastructure Organizations Warned of BianLian Ransomware Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original…

Read more →

Apple says it rejected 1.7 million applications from being published in the App Store in 2022. The post Apple Blocked 1.7 Million Applications From App Store in 2022 appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

Google has released a Chrome 113 update to patch 12 vulnerabilities, including a critical use-after-free flaw. The post Chrome 113 Security Update Patches Critical Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

Seventeen cybersecurity-related M&A deals were announced in the first half of May 2023. The post Cybersecurity M&A Roundup for May 1-15, 2023 appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article: Cybersecurity…

Read more →

Technological equipment supplier Lacroix has closed three production sites after experiencing a ransomware attack. The post Lacroix Closes Production Sites Following Ransomware Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

Israeli startup Entro launches with $6 million in seed-stage funding and a product to help manage secrets sprawl in the enterprise. The post Entro Raises $6M to Tackle Secrets Sprawl appeared first on SecurityWeek. This article has been indexed from…

Read more →

The US is offering a $10 million reward for information on a Russian man accused of launching ransomware attacks on critical infrastructure. The post US Offering $10M Reward for Russian Man Charged With Ransomware Attacks appeared first on SecurityWeek. This…

Read more →

The head of OpenAI, which makes ChatGPT, told Congress that government intervention “will be critical to mitigate the risks of increasingly powerful” AI systems. The post ChatGPT’s Chief Testifies Before Congress, Calls for New Agency to Regulate Artificial Intelligence appeared…

Read more →

Tech giant IBM acquires Polar Security, an early stage startup in the red-hot data security posture management (DSPM) category. The post IBM Snaps up DSPM Startup Polar Security appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

Huntress closes a $60 million Series C financing round led by Sapphire Ventures. The company has now raised $118 million. The post Huntress Closes $60M Series C for MDR Expansion appeared first on SecurityWeek. This article has been indexed from…

Read more →

An emerging ransomware gang called RA Group is targeting organizations in the US and South Korea. The post New Babuk-Based Ransomware Targeting Organizations in US, Korea appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

A threat actor tracked as Lancefly has been targeting government organizations in South and Southeast Asia for at least three years. The post Lancefly APT Targeting Asian Government Organizations for Years appeared first on SecurityWeek. This article has been indexed…

Read more →

Critical vulnerabilities found in Teltonika products by industrial cybersecurity firms Otorio and Claroty expose thousands of internet-exposed devices to attacks. The post Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks appeared first on SecurityWeek. This article has…

Read more →

Crosspoint Capital Partners has agreed to acquire security solutions provider Absolute Software in an $870 million deal. The post Crosspoint Capital Partners Acquires Absolute Software in $870 Million Deal appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

Communications and social platform Discord is notifying users of a cyber incident involving a third-party services provider. The post Discord Informs Users of Data Breach Involving Customer Support Provider appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

Brightly Software has started informing roughly three million users that their personal information was compromised in a recent data breach. The post Brightly Software Notifying 3 Million SchoolDude Users of Data Breach appeared first on SecurityWeek. This article has been…

Read more →

The recent ransomware attack on Capita may impact millions of customers of hundreds of pension funds in the UK. The post Capita Cyberattack Hits UK Pension Funds appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

Read more →

The personal information of more than 5.8 million was compromised in a data breach at national pharmacy network PharMerica. The post PharMerica Discloses Data Breach Impacting 5.8 Million Individuals appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

PoC exploit targeting an XSS vulnerability in the Advanced Custom Fields WordPress plugin started being used in malicious attacks two days after patch. The post WordPress Field Builder Plugin Vulnerability Exploited in Attacks Two Days After Patch appeared first on…

Read more →

Several old Linux vulnerabilities for which there are no public reports of malicious exploitation have been added to CISA’s KEV catalog. The post CISA: Several Old Linux Vulnerabilities Exploited in Attacks appeared first on SecurityWeek. This article has been indexed…

Read more →

The Philadelphia Inquirer experienced the most significant disruption to its operations in 27 years due to a cyberattack on Sunday, May 14, 2023. The post Philadelphia Inquirer Hit by Cyberattack Causing Newspaper’s Largest Disruption in Decades appeared first on SecurityWeek.…

Read more →

Former ByteDance executive said China government officials maintained access to all TikTok data, including information stored in the United States. The post Executive Fired From TikTok’s Chinese Owner Says Beijing Had Access to App Data in Termination Suit appeared first…

Read more →

A decade-long data breach in Toyota’s online service put some information on more than 2 million vehicles at risk. The post Toyota: Data on More Than 2 Million Vehicles in Japan Were at Risk in Decade-Long Breach appeared first on…

Read more →

A vulnerability in a WordPress plugin exposed the official website of sports car maker Ferrari to hacker attacks. The post WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

A decade-long data breach in Toyota’s online service put some information on more than 2 million vehicles at risk. The post Toyota: Data on More Than 2 million Vehicles in Japan Were at Risk in Decade-Long Breach appeared first on…

Read more →

SentinelOne sees multiple threat groups adopting the leaked Babuk source code to build their own VMware ESXi lockers. The post Leaked Babuk Code Fuels New Wave of VMware ESXi Ransomware appeared first on SecurityWeek. This article has been indexed from…

Read more →

Spanish authorities have announced the arrest of 40 individuals for their roles in a group involved in bank fraud, identity theft, and money laundering. The post Spain Arrests Hackers in Crackdown on Major Criminal Organization appeared first on SecurityWeek. This…

Read more →

Rockwell Automation customers have been informed about potentially serious vulnerabilities in several products, shortly after news of an investigation into the firm’s China operations. The post Organizations Informed of Over a Dozen Vulnerabilities in Rockwell Automation Products appeared first on…

Read more →

Australian enterprise software maker TechnologyOne said its internal Microsoft 365 system was compromised in a cyberattack. The post Australian Enterprise Software Maker TechnologyOne Resumes Trading Following Hack appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

Read more →

France’s privacy watchdog doled out further penalties to US firm Clearview AI for failing to pay a 20-million-euro fine imposed last year over data breaches. The post France Punishes Clearview AI For Failing To Pay Fine appeared first on SecurityWeek.…

Read more →

CISA and FBI have observed a ransomware gang exploiting a recent PaperCut vulnerability in attacks targeting the education facilities subsector. The post CISA, FBI: Ransomware Gang Exploited PaperCut Flaw Against Education Facilities appeared first on SecurityWeek. This article has been…

Read more →

Exploitation of a critical vulnerability in the Essential Addons for Elementor WordPress plugin started immediately after a patch was released. The post 1 Million WordPress Sites Impacted by Exploited Plugin Vulnerability appeared first on SecurityWeek. This article has been indexed…

Read more →

Twitter launched encrypted messaging, offering select users the ability to communicate more securely. But its new service is much more of a baby step than a giant leap forward. The post Secure Messaging Arrives on Twitter – Sort of. ‘Don’t…

Read more →

Yhe convergence of networking and security, the consolidation of technology vendors, and a focus on OT security are essential underpinnings of any organization’s success. The post This New Era of Security Requires Secure Networking, Vendor Consolidation, and Focus on OT…

Read more →

US government investigating whether the Chinese operations of industrial giant Rockwell Automation pose a cybersecurity risk to critical infrastructure. The post US Probing Cybersecurity Risks of Rockwell Automation’s China Operations: Report appeared first on SecurityWeek. This article has been indexed…

Read more →

Nickolas Sharp, the former Ubiquiti employee who posed as a hacker and attempted to extort the firm for $2 million, was sentenced to prison. The post Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison appeared first on SecurityWeek.…

Read more →

ChatGPT maker OpenAI, and other major AI providers such as Google and Microsoft, are coordinating with the Biden administration to let thousands of hackers take a shot at testing the limits of their technology. The post Mass Event Will Let…

Read more →

A new phishing-as-a-service (PaaS) tool has been observed targeting businesses, mainly in the manufacturing, healthcare, technology, and real estate sectors. The post New ‘Greatness’ Phishing-as-a-Service Targets Microsoft 365 Accounts appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

OpenSSF has added four new members and is receiving $5 million in funding for its Alpha-Omega open source software security project. The post OpenSSF Receives $5 Million for Open Source Software Security Project appeared first on SecurityWeek. This article has…

Read more →

Claroty has disclosed the details of 5 vulnerabilities that can be chained in an exploit allowing unauthenticated attackers to hack Netgear routers. The post Details Disclosed for Exploit Chain That Allows Hacking of Netgear Routers appeared first on SecurityWeek. This…

Read more →

Judge refuses to dismiss shareholder lawsuit alleging that Facebook violated the law and fiduciary duties in failing for years to protect user data privacy. The post Delaware Judge Refuses to Dismiss Facebook Shareholder Suit Over User Data Privacy Breaches appeared…

Read more →

Microsoft has rolled out patches for a vulnerability allowing attackers to bypass mitigations for a critical Outlook zero-day leading to credentials theft. The post Microsoft Makes Second Attempt to Patch Recent Outlook Zero-Day appeared first on SecurityWeek. This article has…

Read more →

Google is improving Android security with new Safe Browsing real-time API, credential manager jetpack API, and new SDK API for developers. The post Google Improves Android Security With New APIs appeared first on SecurityWeek. This article has been indexed from…

Read more →

Senators introduce bill to reform security classification system in the US to prevent mishandling of classified information and promote better use of intelligence. The post Senators Push Overhaul of Classification Rules After Trump, Biden Cases appeared first on SecurityWeek. This…

Read more →

Equifax released its security and privacy controls framework to provide a public blueprint to help organizations to build or enhance their own cybersecurity programs. The post Equifax Releases Security and Privacy Controls Framework   appeared first on SecurityWeek. This article has…

Read more →

Google is now letting Gmail users in the US run scans to learn whether their Gmail ID appears on the dark web. The post Google Now Lets US Users Search Dark Web for Their Gmail ID appeared first on SecurityWeek.…

Read more →

ICS cybersecurity vendor Dragos discloses breach and data theft but says ransomware group failed at elaborate extortion scheme. The post Dragos Says Ransomware Gang Accessed Limited Data but Failed at Extortion Scheme  appeared first on SecurityWeek. This article has been…

Read more →

US appeals court sides with Corellium in the copyright infringement lawsuit filed by Apple against the company over its security research tools. The post Appeals Court Sides With Corellium in Apple Copyright Case appeared first on SecurityWeek. This article has…

Read more →

ICS cybersecurity vendor Dragos discloses breach and data theft but says ransomware group failed at elaborate extortion scheme. The post Dragos Says Ransomware Hackers Failed at Elaborate Extortion Scheme  appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

UK-based Capita says the recent ransomware attack will cost it up to $25 million, but it has not clarified whether that includes a ransom payment to the cybercriminals. The post Capita Says Ransomware Attack Will Cost It Up to $25…

Read more →

IBM’s Quantum Safe Roadmap was designed to help federal agencies and business meet the requirements and the deadlines for quantum safe cryptography. The post IBM Delivers Roadmap for Transition to Quantum-safe Cryptography appeared first on SecurityWeek. This article has been…

Read more →

Blockchain company Webb Technologies has raised $7 million in seed funding for its privacy tools and protocol. The post Webb Raises $7 Million for Blockchain Asset Transfer Privacy System appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

SquareX emerges from stealth mode with $6 million in seed funding for the development of its security-focused browser extension. The post SquareX Raises $6 Million for Browser Security Product appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

Intel and AMD have informed their customers about a total of more than 100 vulnerabilities found in their products. The post Chipmaker Patch Tuesday: Intel, AMD Address Over 100 Vulnerabilities appeared first on SecurityWeek. This article has been indexed from…

Read more →

SAP released 18 new security notes on May 2023 Security Patch Day, including two that resolve critical vulnerabilities in 3D Visual Enterprise License Manager and BusinessObjects. The post SAP Patches Critical Vulnerabilities With May 2023 Security Updates appeared first on…

Read more →

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation compared to a national company. The post CISO Conversations: HP and Dell CISOs Discuss the Role…

Read more →

Joseph James O’Connor pleaded guilty for his role in schemes to hack the Twitter accounts of celebrities like Barack Obama and Elon Musk. The post Twitter Celebrity Hacker Pleads Guilty in US appeared first on SecurityWeek. This article has been…

Read more →

The US government has announced the disruption of Snake, a sophisticated cyberespionage malware officially attributed to a unit of Russia’s FSB agency. The post US Disrupts Russia’s Sophisticated ‘Snake’ Cyberespionage Malware  appeared first on SecurityWeek. This article has been indexed…

Read more →

Microsoft’s May 2023 security updates address a total of 40 newly documented vulnerabilities, including two flaws already exploited in attacks. The post Microsoft Patch Tuesday: 40 Vulnerabilities, 2 Zero-Days appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

Adobe has patched more than a dozen vulnerabilities, including critical code execution flaws, in its Substance 3D Painter product. The post Adobe Patches 14 Vulnerabilities in Substance 3D Painter appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →