Category: Cybersecurity News, Insights and Analysis | SecurityWeek

A Pennsylvania-based convenience store chain will pay $8 million to several states over a 2019 data breach that involved some 34 million payment cards, authorities announced Tuesday. read more This article has been indexed from Cybersecurity News, Insights and Analysis…

Read more →

A security audit by the European Parliament has unearthed attempts to plant high-end surveillance software on the phone of a Greek lawmaker and there are fresh reports linking the hack attempt to a known North Macedonia spyware vendor. read more…

Read more →

An ongoing spear phishing campaign has been targeting Facebook business accounts since the second half of 2021. The campaign uses an infostealer specifically designed to steal browser cookies for authenticated Facebook sessions to steal information from the account and ultimately…

Read more →

Data security startup Sotero has raised $8 million in an extended seed funding round that brings the total invested in the company to $13 million. The round was led by OurCrowd, with participation from existing investors Boston Seed Capital, Gutbrain…

Read more →

Security researchers with Kaspersky have analyzed a UEFI firmware rootkit that appears to target specific motherboard models from Gigabyte and Asus. read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek Read the original article:…

Read more →

Entrust suffered a data breach last month and the security company has confirmed that the attackers have stolen some files. read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek Read the original article: Data…

Read more →

The team behind the open source PrestaShop ecommerce platform has issued a public advisory to warn of zero day SQL injection attacks hitting merchant servers and planting code capable of stealing customer payment information. read more This article has been…

Read more →

Uber has entered a non-prosecution agreement to resolve a criminal investigation into the manner in which the company handled a 2016 data breach that impacted 57 million users and drivers. read more This article has been indexed from Cybersecurity News,…

Read more →

A bipartisan bill that seeks to strengthen national security against quantum-computing threats has been introduced in the US Senate. Co-sponsored by Senators Rob Portman (R-OH) and Maggie Hassan (D-NH), the bill was introduced in the House in April and passed…

Read more →

The Transportation Security Administration (TSA) has updated its directive for oil and natural gas pipeline cybersecurity, providing owners and operators more flexibility in achieving the outlined goals. read more This article has been indexed from Cybersecurity News, Insights and Analysis…

Read more →

Vulnerabilities affecting a mobile device management (MDM) product from FileWave exposed many organizations to remote attacks, according to industrial cybersecurity firm Claroty. read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek Read the original…

Read more →

Atlassian has warned customers that a vulnerability in Questions for Confluence will likely be used in attacks after someone made public a piece of information needed to exploit a recently addressed vulnerability. read more This article has been indexed from…

Read more →

T- Mobile has agreed to pay $350 million to customers affected by a class action lawsuit filed after the company disclosed last August that personal data like social security numbers had been stolen in a read more This article has…

Read more →

Network security appliance vendor SonicWall late Thursday shipped urgent patches for a critical flaw in its Global Management System (GMS) software, warning that the issue exposes businesses to remote hacker attacks. read more This article has been indexed from Cybersecurity…

Read more →

Edge management and orchestration provider Zededa has raised $26 million in Series B funding, which brings the total investment in the company to $57 million. read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek…

Read more →

Recent Windows 11 builds come with an account lockout policy enabled by default, to prevent remote desktop protocol (RDP) and other types of brute force attacks. read more This article has been indexed from Cybersecurity News, Insights and Analysis |…

Read more →

Security researchers at Intezer are documenting the discovery of a powerful piece of Linux malware that can stay undetected and has the ability to install rootkits. read more This article has been indexed from Cybersecurity News, Insights and Analysis |…

Read more →

A recently patched Chrome vulnerability that appears to have been exploited by an Israeli spyware company also impacts Microsoft’s Edge and Apple’s Safari web browsers. read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek…

Read more →

Microsoft this week announced that it has resumed the rollout of an Office feature that will block by default macros in documents received from the internet. Macros are small snippets of code attached to Office documents to trigger specific behavior…

Read more →

Drupal developers have announced the release of updates that patch several vulnerabilities in the open source content management system (CMS). read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek Read the original article: Code…

Read more →

A new cross-platform ransomware named Luna can encrypt files on Windows, Linux and ESXi, but its developers are only offering it to Russian-speaking affiliates. read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek Read…

Read more →

A Romanian national accused of operating a bulletproof hosting service used by the Gozi banking trojan was extradited from Colombia and has made an appearance in court in the United States. read more This article has been indexed from Cybersecurity…

Read more →

An analysis of the evolution of cybercrime from its beginnings in the 1990s to its billion-dollar presence today has one overriding theme: the development of cybercrime as a business closely mimics the evolution of legitimate business, and will continue to…

Read more →

Atlassian this week announced patches for two critical Servlet Filter vulnerabilities that impact multiple products across its portfolio. read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek Read the original article: Atlassian Patches Servlet…

Read more →

The United States Cyber Command (USCYBERCOM) this week released indicators of compromise (IoCs) associated with malware families identified in recent attacks targeting Ukraine. read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek Read the…

Read more →

Anvilogic, a Silicon Valley startup working on technology to modernize the Security Operations Center (SOC), has deposited $25 million in a new investment round led by Outpost Ventures. read more This article has been indexed from Cybersecurity News, Insights and…

Read more →

Cisco on Wednesday announced the availability of patches for multiple vulnerabilities in Nexus Dashboard, including a critical-severity issue that could lead to the execution of arbitrary commands. read more This article has been indexed from Cybersecurity News, Insights and Analysis…

Read more →

More than 600 industrial control system (ICS) product vulnerabilities were disclosed in the first half of 2022 by the US Cybersecurity and Infrastructure Security Agency (CISA), according to an analysis conducted by industrial asset and network monitoring company SynSaber. read…

Read more →

An actively exploited Chrome zero-day that Google patched on July 4 has been linked to an Israeli spyware company and used in targeted attacks aimed at entities in the Middle East. read more This article has been indexed from Cybersecurity…

Read more →

Machine identity management and application delivery automation provider AppViewX has raised $20 million in a Series B funding round led by Brighton Park Capital, which brings the total invested in the company to $52 million. read more This article has…

Read more →

It’s a very busy Patch Wednesday for computer users running Apple’s flagship macOS and iOS devices. Apple’s security response team has pushed out software fixes for at least 39 software vulnerabilities haunting the macOS Catalina, iOS and iPadOS platforms. read…

Read more →

Data security company Netwrix recently patched a vulnerability in its Auditor product that could allow attackers to execute arbitrary code and possibly compromise an organization’s Active Directory domain. read more This article has been indexed from Cybersecurity News, Insights and…

Read more →

California-based Nubeva is building technology to recover encrypted data without making ransomware payments read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek Read the original article: Can Encryption Key Intercepts Solve The Ransomware Epidemic?

Read more →

Russia-linked Turla threat actor spotted using Android malware for first time Google and the European Union have issued separate warnings this week over Russian cyberattacks and misinformation campaigns. read more This article has been indexed from Cybersecurity News, Insights and…

Read more →

Google this week announced the rollout of DNS-over-HTTP/3 (DoH3) for Android 11 and newer devices. An encrypted DNS protocol, DoH3 is expected to provide performance and safety improvements compared to alternatives, mainly through the QUIC transport layer network protocol. read…

Read more →

Oracle on Tuesday announced that a total of 349 new security patches have been released as part of its July 2022 Critical Patch Update (CPU), including 230 for vulnerabilities that can be exploited by remote, unauthenticated attackers. read more This…

Read more →

Google this week announced a Chrome update that resolves a total of 11 vulnerabilities in the browser, including six reported by external researchers. Of these, five are use-after-free issues, including four that are considered “high severity.” Use-after-free flaws are triggered…

Read more →

A German consumer group on Tuesday said it had sued US electric vehicles manufacturer Tesla over data privacy concerns and claims that buying its cars reduces emissions. read more This article has been indexed from Cybersecurity News, Insights and Analysis…

Read more →

Belgium on Monday accused Chinese state-sponsored hackers of launching cyberattacks against its interior and defense ministries. Belgium noted in a statement that it has detected cyber intrusions from hacking groups tracked as APT27, APT30, APT31, and Gallium. read more This…

Read more →

Startup raises $6M to develop machine learning detection and response (MLDR) platform HiddenLayer is designed to protect the AI machine learning models that protect companies from attackers. read more This article has been indexed from Cybersecurity News, Insights and Analysis…

Read more →

Managed detection and response (MDR) platform provider Huntress has shelled out $22 million to acquire Curricula, a startup in the growing security awareness business. Huntress, based in Ellicott City, Maryland, said the deal adds a fun, story-based security awareness training…

Read more →

Push Security, a British startup building technology to help defenders manage cloud software sprawl and shadow IT, has banked $4 million in early-stage venture capital funding. read more This article has been indexed from Cybersecurity News, Insights and Analysis |…

Read more →

The FBI and Justice Department recently disrupted the activities of a hacking group that was sponsored by the North Korean government and that targeted U.S. read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek…

Read more →

Widely used vehicle GPS trackers from Micodus are affected by critical vulnerabilities that can be exploited by hackers to stalk people and remotely disable cars, according to cybersecurity company BitSight. read more This article has been indexed from Cybersecurity News,…

Read more →

read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek Read the original article: Now Live: Cyber Solutions Summit and Expo

Read more →

Researchers at cybersecurity company ESET have analyzed a previously undocumented macOS malware that appears to have been used in targeted attacks to steal valuable information from compromised systems. read more This article has been indexed from Cybersecurity News, Insights and…

Read more →

As part of its July 2022 Patch Tuesday fixes, Microsoft has released an update for the Azure Storage SDK, to address a padding oracle vulnerability in client-side encryption. read more This article has been indexed from Cybersecurity News, Insights and…

Read more →

The Federal Bureau of Investigation (FBI) is warning financial institutions and investors of fraudulent cryptocurrency investment applications used to defraud victims of millions of dollars. read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek…

Read more →

A Chinese threat actor named Roaming Mantis has been targeting Android users in France with the MoqHao malware in a new smishing campaign, security researchers with Sekoia warn. read more This article has been indexed from Cybersecurity News, Insights and…

Read more →

read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek Read the original article: CISO Conversations: Netenrich, Malwarebytes CISOs Discuss Security Vendor CISOs

Read more →

The US Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that it’s set to open an office in the United Kingdom in an effort to boost international cooperation and collaboration. read more This article has been indexed from Cybersecurity…

Read more →

A prominent cybersecurity executive is calling on the U.S. government to resist the urge to match China’s reported mandates around early vulnerability disclosure, warning that such a move would “meaningfully and dramatically increase the risk” of zero-day flaws landing in…

Read more →

Researchers with the New Jersey Institute of Technology have devised a new targeted deanonymization attack that relies on a cache side-channel and which they say is efficient on multiple architectures, operating systems, and browser versions, and works on major websites.…

Read more →

Juniper Networks last week published 21 security advisories to inform customers about more than 200 vulnerabilities affecting its products. The security holes impact Junos OS (including on SRX, EX, PTX, QFX and MX series devices), Junos Space, Contrail Networking, and…

Read more →

Tools advertised as being capable of cracking passwords for HMIs, PLCs and other industrial products have been found to exploit a zero-day vulnerability, and threat actors are using these tools to deliver malware. read more This article has been indexed…

Read more →

Cybersecurity researchers reported details Monday of cases where Thai activists involved in the country’s pro-democracy protests had their cell phones or other devices infected and attacked with government-sponsored spyware. read more This article has been indexed from Cybersecurity News, Insights…

Read more →

Security researchers with Palo Alto Networks have detailed a recent campaign targeting the Elastix system in Digium phones with a web shell that allows attackers to drop and execute additional payloads. read more This article has been indexed from Cybersecurity…

Read more →

The Wordfence team at WordPress security company Defiant warns of an increase in attacks targeting an unpatched vulnerability in the Kaswara addon for the WPBakery Page Builder WordPress plugin. read more This article has been indexed from Cybersecurity News, Insights…

Read more →

read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek Read the original article: SecurityWeek Analysis: Over 230 Cybersecurity M&A Deals Announced in First Half of 2022

Read more →

Security researchers at Checkmarx are warning of a new supply chain attack technique that relies on spoofed commit metadata to add legitimacy to malicious GitHub repositories. read more This article has been indexed from Cybersecurity News, Insights and Analysis |…

Read more →

Web protection firm Cloudflare warns that a small but powerful botnet has launched distributed denial-of-service (DDoS) attacks on roughly 1,000 organizations over the past month alone. read more This article has been indexed from Cybersecurity News, Insights and Analysis |…

Read more →

A survey commissioned by cybersecurity company Xage shows that zero trust is on track to being implemented in many operational technology (OT) environments, particularly in critical infrastructure organizations. read more This article has been indexed from Cybersecurity News, Insights and…

Read more →

If Twitter’s lawsuit over Elon Musk’s $44 billion buyout bid ever reaches trial, the case will likely center on a ubiquitous and often unloved technology: bots. read more This article has been indexed from Cybersecurity News, Insights and Analysis |…

Read more →

Vendors have started rolling out software updates to address the recently disclosed Retbleed speculative execution attack targeting Intel and AMD processors. read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek Read the original article:…

Read more →

Microsoft this week sounded the alarm on a North Korean threat actor using the H0lyGh0st ransomware in attacks targeting small and midsize businesses worldwide. read more This article has been indexed from Cybersecurity News, Insights and Analysis | SecurityWeek Read…

Read more →