Tag: SecurityWeek RSS Feed

Cisco says it will not release patches for a cross-site scripting vulnerability impacting end-of-life small business routers. The post Cisco Warns of Vulnerability in Discontinued Small Business Routers appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

With so much money riding on the promise of AI advances, it’s no surprise that AGI is also becoming a corporate buzzword that sometimes attracts a quasi-religious fervor. The post Tech Companies Want to Build Artificial General Intelligence. But Who…

Read more →

NIST announced $3.6 million in grants for 18 education and community organizations to build the future cybersecurity workforce. The post NIST Grants $3.6 Million to Boost US Cybersecurity Workforce appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

Noteworthy stories that might have slipped under the radar: the CISA hack could impact 100,000 people, Microsoft AI Copilot banned by US House, UK nuclear site prosecution.  The post In Other News: 100,000 Affected by CISA Breach, Microsoft AI Copilot…

Read more →

Japanese lens maker Hoya says production processes and ordering systems were disrupted by a cyberattack. The post Lens Maker Hoya Scrambling to Restore Systems Following Cyberattack appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Acuity, the tech firm from which hackers claimed to have stolen State Department and other government data, confirms hack, but says stolen info is old. The post Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Old Info…

Read more →

Attackers are exploiting a recent Magento vulnerability to deploy a persistent backdoor on ecommerce websites. The post Magento Vulnerability Exploited to Deploy Persistent Backdoor appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original…

Read more →

Cybersecurity companies raised $2.3 billion in funding in Q1 2024, a 20% decrease compared to the same period of 2023, according to Pinpoint. The post Cybersecurity Firms Raised $2.3 Billion in Q1 2024: Report appeared first on SecurityWeek. This article…

Read more →

Ivanti releases a carefully scripted YouTube video and an open letter from chief executive Jeff Abbott vowing to fix the entire security organization. The post Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz appeared first on SecurityWeek. This article has…

Read more →

Omni Hotels & Resorts tells customers that recent disruptions have been caused by a cyberattack that forced it to shut down systems. The post Cyberattack Causes Disruptions at Omni Hotels appeared first on SecurityWeek. This article has been indexed from…

Read more →

City of Hope is notifying 800,000 individuals of a data breach impacting their personal and health information. The post US Cancer Center Data Breach Impacting 800,000 appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Google this week patched two Pixel phone zero-day vulnerabilities actively exploited by forensic companies to obtain data from devices. The post Pixel Phone Zero-Days Exploited by Forensic Firms appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

Data breach impacting users’ personal information prompts survey rewards platform SurveyLama to reset passwords. The post SurveyLama Data Breach Impacts 4.4 Million Users appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

Cloud security firm provides a detection platform able to detect and predict the likely behavior of ‘bad’ identities. The post Cloud Threat Detection Firm Permiso Raises $18 million appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

A critical OS command injection in Progress Flowmon can be exploited to gain remote, unauthenticated access to the system. The post Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems appeared first on SecurityWeek. This article has been indexed…

Read more →

New HTTP/2 DoS method named Continuation Flood can pose a greater risk than Rapid Reset, which has been used for record-breaking attacks. The post New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset appeared first on SecurityWeek. This…

Read more →

Video conferencing giant Zoom has paid out $10 million through its bug bounty program since it was launched in 2019. The post Zoom Paid Out $10 Million via Bug Bounty Program Since 2019 appeared first on SecurityWeek. This article has…

Read more →

News analysis:  SecurityWeek editor-at-large Ryan Naraine reads the CSRB report on China’s audacious Microsoft’s Exchange Online hack and isn’t at all surprised by the findings. The post Microsoft’s Security Chickens Have Come Home to Roost appeared first on SecurityWeek. This…

Read more →

An analysis by Forescout shows 300,000 Chinese devices in the US, up 40% compared to the previous year, despite bans. The post Number of Chinese Devices in US Networks Growing Despite Bans appeared first on SecurityWeek. This article has been…

Read more →

MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of all vulnerabilities. What went wrong, and what can be done? The post CVE and NVD –…

Read more →

How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and solve real problems for enterprises? The post Know Your Audience When Speaking to Security Practitioners…

Read more →

A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information. The post Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites appeared first on SecurityWeek. This article has been indexed from…

Read more →

Cyber Safety Review Board, said “a cascade of errors” by Microsoft let state-backed Chinese cyber operators break into email accounts of senior U.S. officials. The post Scathing Federal Report Rips Microsoft for Shoddy Security, Insincerity in Response to Chinese Hack…

Read more →

Jackson County, Missouri, discloses ‘significant disruptions’ to IT systems, says ransomware attack likely at fault. The post Missouri County Hit by Ransomware appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article: Missouri…

Read more →

The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago. The post XZ Utils Backdoor Attack Brings Another Similar Incident to Light appeared first on SecurityWeek. This article has…

Read more →

Google pushes a new Chrome update to patch another zero-day vulnerability demonstrated at a hacking contest. The post Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

Google patches 28 vulnerabilities in Android and 25 bugs in Pixel devices, including two flaws exploited in the wild. The post Google Patches Exploited Pixel Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Google is bringing to Chrome new features to bind browser sessions to the device and protect users against cookie theft. The post Chrome to Fight Cookie Theft With Device Bound Session Credentials  appeared first on SecurityWeek. This article has been…

Read more →

A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages. The post Security Flaw in WP-Members Plugin Leads to Script Injection appeared first on SecurityWeek. This article has been indexed from…

Read more →

Self check-in kiosks at Ibis Budget hotels were affected by a vulnerability that exposed keypad codes that could be used to enter rooms.  The post Hotel Self Check-In Kiosks Exposed Room Access Codes appeared first on SecurityWeek. This article has…

Read more →

Twenty-seven cybersecurity-related merger and acquisition (M&A) deals were announced in March 2024. The post Cybersecurity M&A Roundup: 27 Deals Announced in March 2024 appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

The OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members. The post OWASP Data Breach Caused by Server Misconfiguration appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Prudential Financial says the names, addresses, and ID numbers of over 36,000 were stolen in a February data breach. The post Prudential Financial Data Breach Impacts 36,000 appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

Read more →

Heartbleed made most certificates vulnerable. The future problem is that quantum decryption will make all certificates and everything else using RSA encryption vulnerable to everyone. The post Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! appeared first on…

Read more →

MarineMax confirms suffering a data breach as a result of a recent ransomware attack, with the attackers claiming to have obtained 180,000 files.  The post Boat Dealer MarineMax Confirms Data Breach  appeared first on SecurityWeek. This article has been indexed…

Read more →

Google agreed to purge billions of records containing personal information collected from more than 136 million people using its Chrome web browser as part of settlement in a lawsuit accusing it of illegal surveillance. The post Google to Purge Billions…

Read more →

Veracode announces a deal to acquire Longbow Security, a Texas seed-stage startup working on automated root cause analysis technology. The post Veracode Buys Longbow Security for Automated Root Cause Analysis Tech appeared first on SecurityWeek. This article has been indexed…

Read more →

NCC Group researchers warn that the Android banking malware ‘Vultur’ has been updated with device interaction and file tampering capabilities. The post ‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities appeared first on SecurityWeek. This article has been indexed from…

Read more →

A vulnerability in util-linux, a core utilities package in Linux systems, allows attackers to leak user passwords and modify the clipboard. The post ‘WallEscape’ Linux Vulnerability Leaks User Passwords appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

Software developers relying on AI chatbots for building applications may end up using hallucinated software packages. The post AI Hallucinated Packages Fool Unsuspecting Developers appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original…

Read more →

Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions. The post Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor appeared first on SecurityWeek. This…

Read more →

AT&T used the Easter holiday weekend to quietly share details on data that surfaced on the dark web roughly two weeks ago. The post AT&T Says Data on 73 Million Customers Leaked on Dark Web appeared first on SecurityWeek. This…

Read more →

Noteworthy stories that might have slipped under the radar: US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users. The post In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing…

Read more →

Generative-AI security startup SydeLabs emerges from stealth mode with $2.5 million in seed funding led by RTP Global. The post SydeLabs Emerges From Stealth Mode With $2.5 Million in Funding appeared first on SecurityWeek. This article has been indexed from…

Read more →

US Defense Department releases defense industrial base cybersecurity strategy with a focus on four key goals. The post Pentagon Outlines Cybersecurity Strategy for Defense Industrial Base  appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

The US Department of Energy announces $15 million funding for university-based electric power cybersecurity centers. The post Energy Department Invests $15 Million in University Cybersecurity Centers  appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

It is the CISO’s responsibility to build and maintain a high functioning team in a difficult environment – cybersecurity is a complex, continuous, and adversarial environment like none other outside of military conflict. The post The Complexity and Need to…

Read more →

JetBrains patches 26 security issues in TeamCity and takes steps to avoid malicious exploitation of vulnerabilities. The post 26 Security Issues Patched in TeamCity appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original…

Read more →

Harvard Pilgrim Health Care says the personal information of over 2.8 million individuals was stolen in a year-old ransomware attack. The post Massachusetts Health Insurer Data Breach Impacts 2.8 Million appeared first on SecurityWeek. This article has been indexed from…

Read more →

Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign. The post Malware Upload Attack Hits PyPI Repository appeared first on SecurityWeek. This article has…

Read more →

Splunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue. The post Splunk Patches Vulnerabilities in Enterprise Product appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article: Splunk Patches Vulnerabilities…

Read more →

Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India. The post Cyberespionage Campaign Targets Government, Energy Entities in India appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

A significant cybersecurity challenge arises from managing the immense volume of data generated by numerous IT security tools, leading organizations into a reactive rather than proactive approach. The post Cybersecurity Mesh: Overcoming Data Security Overload appeared first on SecurityWeek. This…

Read more →

Coro has raised $100 million in Series D funding for its enterprise-grade platform tailored for the small- and mid-sized market. The post Coro Raises $100 Million for All-in-One Security Platform appeared first on SecurityWeek. This article has been indexed from…

Read more →

Zafran has emerged from stealth mode with a risk and mitigation platform and $30 million in funding from Sequoia Capital and Cyberstarts. The post Zafran Emerges From Stealth With Risk and Mitigation Platform, $30M in Funding appeared first on SecurityWeek.…

Read more →

Cisco has released patches for multiple IOS and IOS XE software vulnerabilities leading to denial-of-service (DoS). The post Cisco Patches DoS Vulnerabilities in Networking Products appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major threat indicators. The post Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 appeared first on SecurityWeek. This…

Read more →

Two Chinese cyberespionage groups have been targeting entities and member countries affiliated with ASEAN. The post Chinese Cyberspies Targeting ASEAN Entities appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article: Chinese Cyberspies…

Read more →

The US is offering a reward of up to $10 million for information on BlackCat ransomware affiliates that targeted US critical infrastructure. The post US Offering $10 Million Reward for Information on Change Healthcare Hackers appeared first on SecurityWeek. This…

Read more →

In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major threat indicators. The post Threat Indicators Show 2024 is Already Promising to be Worse Than 2023 appeared first on SecurityWeek. This…

Read more →

CISA is seeking comment on the implementation of CIRCIA, which will cost $2.6 billion and will impact 316,000 entities. The post CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities appeared first on SecurityWeek. This article has been…

Read more →

Although the attack on the national library of the UK occurred five months ago, the Library’s infrastructure won’t be rebuilt until mid-April 2024, and then the full restoration of systems and data can begin. The post Details and Lessons Learned…

Read more →

Artificial intelligence computing giant NVIDIA patches flaws in ChatRTX for Windows and warns of code execution and data tampering risks. The post Code Execution Flaws Haunt NVIDIA ChatRTX for Windows appeared first on SecurityWeek. This article has been indexed from…

Read more →

Human Security identifies 28 VPN applications for Android and an SDK that turn devices into proxies. The post VPN Apps on Google Play Turn Android Devices Into Proxies appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack surfaces and bug patterns. The post Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are…

Read more →

Google ships a security-themed Chrome browser refresh to fix flaws exploited at the CanSecWest Pwn2Own hacking contest. The post Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

Read more →

In the past week Rockwell Automation addressed 10 vulnerabilities found in its FactoryTalk, PowerFlex and Arena Simulation products. The post Organizations Informed of 10 Vulnerabilities in Rockwell Automation Products  appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

Disputed Ray AI framework vulnerability exploited to steal information and deploy cryptominers on hundreds of clusters. The post Ray AI Framework Vulnerability Exploited to Hack Hundreds of Clusters appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

CISA says a second SharePoint vulnerability demonstrated last year at Pwn2Own, CVE-2023-24955, has been exploited in the wild. The post CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks appeared first on SecurityWeek. This article has been indexed from…

Read more →

Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital. The post Binarly Attracts $10.5M to Tackle Software Supply Chain Security appeared first on SecurityWeek. This article has been indexed from…

Read more →

Malware hunters sound an alarm after discovering a 40,000-strong botnet packed with end-of-life routers and IoT devices being used in cybercriminal activities. The post Researchers Discover 40,000-Strong EOL Router, IoT Botnet  appeared first on SecurityWeek. This article has been indexed…

Read more →

Please the fireside chat as Phil Bues, Cloud Research Manager at IDC, discusses the challenges and best practices for cybersecurity leaders managing cloud identities. The post Webinar Today: How to Reduce Cloud Identity Risk appeared first on SecurityWeek. This article…

Read more →

UK Judges said the U.S. must guarantee that Assange, who is Australian, “is afforded the same First Amendment protections as a United States citizen, and that the death penalty is not imposed.” The post UK Court Says Assange Can’t be…

Read more →

Airbus Defence and Space is set to acquire Infodas, a Germany-based company that boasts €50 million revenue. The post Airbus to Buy German Cybersecurity Firm Infodas appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Startup says simple awareness training is not sufficient – users need to practice ‘good’ behavior beyond simply acknowledging poor behavior and bad intent. The post UK Firm Think Cyber Raises $3.8 Million for Staff Security Nudging appeared first on SecurityWeek.…

Read more →

Silicon Valley startup deposits $10 million in seed-stage funding to help organizations manage risk from cloud and gen-AI technologies. The post Greylock Makes $10M Bet on Bedrock Security appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

A new Rowhammer attack named ZenHammer has been demonstrated against DRAM on systems with AMD CPUs, including DDR5. The post ZenHammer Attack Targets DRAM on Systems With AMD CPUs appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

A suspicious NuGet package likely targets developers working with technology from Chinese firm Bozhon. The post Suspicious NuGet Package Harvesting Information From Industrial Systems appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original…

Read more →

Apple has released iOS 17.4.1 and macOS Sonoma 14.4.1 with patches for an arbitrary code execution vulnerability. The post Apple Patches Code Execution Vulnerability in iOS, macOS appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

Read more →

CISA and the FBI issue a secure-by-design alert on eliminating SQL injection vulnerabilities from software. The post US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

Read more →

Australia and New Zealand support the UK in condemning Chinese hackers for targeting UK institutions and parliamentarians. The post UK, New Zealand Accuse China of Cyberattacks on Government Entities appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

CVE-2023-48788, a critical SQL injection vulnerability in Fortinet’s FortiClient EMS product, is being exploited in the wild. The post Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

Read more →

The OODA Loop can be used both by defenders and incident responders for a variety of use cases such as threat assessment, threat monitoring, and threat hunting. The post The OODA Loop: The Military Model That Speeds Up Cybersecurity Response…

Read more →

Leen Security, a new startup building technology to help reduce chaos in the data security space, has banked a $2.8 million pre-seed funding. The post Leen Banks Early Stage Funding for Data Security Technology appeared first on SecurityWeek. This article…

Read more →