Tag: SecurityWeek RSS Feed

Malware Upload Attack Hits PyPI Repository

Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign. The post Malware Upload Attack Hits PyPI Repository appeared first on SecurityWeek. This article has…

Splunk Patches Vulnerabilities in Enterprise Product

Splunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue. The post Splunk Patches Vulnerabilities in Enterprise Product appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article: Splunk Patches Vulnerabilities…

Cybersecurity Mesh: Overcoming Data Security Overload

A significant cybersecurity challenge arises from managing the immense volume of data generated by numerous IT security tools, leading organizations into a reactive rather than proactive approach. The post Cybersecurity Mesh: Overcoming Data Security Overload appeared first on SecurityWeek. This…

Coro Raises $100 Million for All-in-One Security Platform

Coro has raised $100 million in Series D funding for its enterprise-grade platform tailored for the small- and mid-sized market. The post Coro Raises $100 Million for All-in-One Security Platform appeared first on SecurityWeek. This article has been indexed from…

Cisco Patches DoS Vulnerabilities in Networking Products

Cisco has released patches for multiple IOS and IOS XE software vulnerabilities leading to denial-of-service (DoS). The post Cisco Patches DoS Vulnerabilities in Networking Products appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Chinese Cyberspies Targeting ASEAN Entities

Two Chinese cyberespionage groups have been targeting entities and member countries affiliated with ASEAN. The post Chinese Cyberspies Targeting ASEAN Entities appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article: Chinese Cyberspies…

Code Execution Flaws Haunt NVIDIA ChatRTX for Windows

Artificial intelligence computing giant NVIDIA patches flaws in ChatRTX for Windows and warns of code execution and data tampering risks. The post Code Execution Flaws Haunt NVIDIA ChatRTX for Windows appeared first on SecurityWeek. This article has been indexed from…

Researchers Discover 40,000-Strong EOL Router, IoT Botnet

Malware hunters sound an alarm after discovering a 40,000-strong botnet packed with end-of-life routers and IoT devices being used in cybercriminal activities. The post Researchers Discover 40,000-Strong EOL Router, IoT Botnet  appeared first on SecurityWeek. This article has been indexed…

Webinar Today: How to Reduce Cloud Identity Risk

Please the fireside chat as Phil Bues, Cloud Research Manager at IDC, discusses the challenges and best practices for cybersecurity leaders managing cloud identities. The post Webinar Today: How to Reduce Cloud Identity Risk appeared first on SecurityWeek. This article…

Airbus to Buy German Cybersecurity Firm Infodas

Airbus Defence and Space is set to acquire Infodas, a Germany-based company that boasts €50 million revenue. The post Airbus to Buy German Cybersecurity Firm Infodas appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Greylock Makes $10M Bet on Bedrock Security

Silicon Valley startup deposits $10 million in seed-stage funding to help organizations manage risk from cloud and gen-AI technologies. The post Greylock Makes $10M Bet on Bedrock Security appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

ZenHammer Attack Targets DRAM on Systems With AMD CPUs

A new Rowhammer attack named ZenHammer has been demonstrated against DRAM on systems with AMD CPUs, including DDR5. The post ZenHammer Attack Targets DRAM on Systems With AMD CPUs appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Apple Patches Code Execution Vulnerability in iOS, macOS

Apple has released iOS 17.4.1 and macOS Sonoma 14.4.1 with patches for an arbitrary code execution vulnerability. The post Apple Patches Code Execution Vulnerability in iOS, macOS appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

US Treasury Slaps Sanctions on China-Linked APT31 Hackers

The US Treasury Department sanctions a pair of Chinese hackers linked to “malicious cyber operations targeting US critical infrastructure sectors.” The post US Treasury Slaps Sanctions on China-Linked APT31 Hackers appeared first on SecurityWeek. This article has been indexed from…

Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own

Firefox browser updates address two zero-day vulnerabilities exploited at the Pwn2Own hacking contest. The post Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article: Mozilla…

‘Brain Weasels’: Impostor Syndrome in Cybersecurity

There are several attributes that tie the cybersecurity community together–namely our collective passion for solving complex problems in order to reduce harm – but one has stood out prominently over the years: impostor syndrome. The post ‘Brain Weasels’: Impostor Syndrome…

US Government Issues New DDoS Mitigation Guidance

CISA, the FBI, and MS-ISAC have released new guidance on how federal agencies can defend against DDoS attacks. The post US Government Issues New DDoS Mitigation Guidance appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

39,000 Websites Infected in ‘Sign1’ Malware Campaign

Over 39,000 websites have been infected with the Sign1 malware that redirects visitors to scam domains. The post 39,000 Websites Infected in ‘Sign1’ Malware Campaign appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

New ‘GoFetch’ Apple CPU Attack Exposes Crypto Keys

Researchers detail GoFetch, a new side-channel attack impacting Apple CPUs that could allow an attacker to obtain secret keys. The post New ‘GoFetch’ Apple CPU Attack Exposes Crypto Keys  appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Watch Now: Supply Chain & Third-Party Risk Summit 2024

Join the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues. (Login Now) The post Watch Now: Supply Chain & Third-Party Risk Summit 2024  appeared first on SecurityWeek. This article…

Vulnerability Allowed One-Click Takeover of AWS Service Accounts

AWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack.  The post Vulnerability Allowed One-Click Takeover of AWS Service Accounts appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Microsoft Patches Xbox Vulnerability Following Public Disclosure

Microsoft patches Xbox Gaming Services vulnerability CVE-2024-28916 after initially saying it was not a security issue. The post Microsoft Patches Xbox Vulnerability Following Public Disclosure appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta

GitHub’s code scanning autofix delivers remediation suggestions for two-thirds of the identified vulnerabilities. The post GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original…

$200,000 Awarded at Pwn2Own 2024 for Tesla Hack

Participants earned a total of $732,500 on the first day of Pwn2Own Vancouver 2024 for hacking a Tesla, operating systems, and other software. The post $200,000 Awarded at Pwn2Own 2024 for Tesla Hack appeared first on SecurityWeek. This article has…

Chrome 123, Firefox 124 Patch Serious Vulnerabilities

Chrome and Firefox security updates released on Tuesday resolve a critical-severity and multiple high-severity vulnerabilities. The post Chrome 123, Firefox 124 Patch Serious Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original…

Risk Management Firm CyberSaint Raises $21 Million

Cyber risk management firm CyberSaint has raised $21 million in Series A funding, bringing the total investment to $29 million. The post Risk Management Firm CyberSaint Raises $21 Million appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

300,000 Systems Vulnerable to New Loop DoS Attack

Academic researchers describe a new application-layer loop DoS attack affecting Broadcom, Honeywell, Microsoft and MikroTik. The post 300,000 Systems Vulnerable to New Loop DoS Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Airbus Pulls Out of Deal to Buy Atos Cybersecurity Unit

Atos shares tank after Airbus decides not to move ahead with discussions to acquire its cybersecurity business. The post Airbus Pulls Out of Deal to Buy Atos Cybersecurity Unit appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

BigID Raises $60 Million at $1 Billion Valuation

Data security firm BigID raises $60 million in a growth round that brings the total to $320 million and values the company at over $1 billion. The post BigID Raises $60 Million at $1 Billion Valuation appeared first on SecurityWeek.…

Chinese APT Hacks 48 Government Organizations

Earth Krahang, likely a penetration team of Chinese government contractor I-Soon, has compromised 48 government entities worldwide. The post Chinese APT Hacks 48 Government Organizations appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Aiohttp Vulnerability in Attacker Crosshairs

A recently patched Aiohttp vulnerability tracked as CVE-2024-23334 is being targeted by threat actors, including by a ransomware group. The post Aiohttp Vulnerability in Attacker Crosshairs appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Misconfigured Firebase Instances Expose 125 Million User Records

A weakness in a Firebase implementation allowed researchers to gain access to names, phone numbers, email addresses, plaintext passwords, confidential messages, and more. The post Misconfigured Firebase Instances Expose 125 Million User Records appeared first on SecurityWeek. This article has…

UK Government Releases Cloud SCADA Security Guidance

UK’s NCSC releases security guidance for OT organizations considering migrating their SCADA solutions to the cloud. The post UK Government Releases Cloud SCADA Security Guidance appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Cisco Completes $28 Billion Acquisition of Splunk

The networking giant paid $157 per share in cash for Splunk, a powerhouse in data analysis, security and observability tools, in a deal first announced in September 2023. The post Cisco Completes $28 Billion Acquisition of Splunk appeared first on…

Fujitsu Data Breach Impacts Personal, Customer Information

Fujitsu says hackers infected internal systems with malware, stole personal and customer information. The post Fujitsu Data Breach Impacts Personal, Customer Information appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article: Fujitsu…

PoC Published for Critical Fortra Code Execution Vulnerability

A critical directory traversal vulnerability in Fortra FileCatalyst Workflow could lead to remote code execution. The post PoC Published for Critical Fortra Code Execution Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

IMF Emails Hacked

The International Monetary Fund (IMF) detects a cybersecurity incident that involved nearly a dozen email accounts getting hacked. The post IMF Emails Hacked appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Codezero Raises $3.5 Million for DevOps Security Solution

Secure enterprise microservices development firm Codezero raises $3.5 million in seed funding. The post Codezero Raises $3.5 Million for DevOps Security Solution appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article: Codezero…

Ballistic Ventures Closes $360 Million Cybersecurity-Focused Fund

Venture capital firm Ballistic Ventures closed an oversubscribed $360 million fund that will be used to fund cybersecurity companies. The post Ballistic Ventures Closes $360 Million Cybersecurity-Focused Fund appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…