Category: securityweek

SurePath AI has raised $5.2 million in seed funding for a solution that helps enterprises securely use generative AI. The post SurePath AI Raises $5.2 Million for Gen-AI Governance Solution appeared first on SecurityWeek. This article has been indexed from…

Read more →

Threat actors have hijacked over 70,000 domains, including known brands and government entities, because of failed domain ownership verification. The post Known Brand, Government Domains Hijacked via Sitting Ducks Attacks appeared first on SecurityWeek. This article has been indexed from…

Read more →

CISA has added two more Palo Alto Networks Expedition flaws, CVE-2024-9463 and CVE-2024-9465, to its KEV catalog. The post CISA Warns of Two More Palo Alto Expedition Flaws Exploited in Attacks appeared first on SecurityWeek. This article has been indexed…

Read more →

Palo Alto Networks has confirmed that a zero-day is being exploited in attacks after investigating claims of a firewall remote code execution flaw. The post Palo Alto Networks Confirms New Firewall Zero-Day Exploitation appeared first on SecurityWeek. This article has…

Read more →

Iran-linked Charming Kitten hackers have been running a ‘dream job’ campaign targeting the aerospace industry with the SnailResin malware. The post Iranian Hackers Target Aerospace Industry in ‘Dream Job’ Campaign appeared first on SecurityWeek. This article has been indexed from…

Read more →

Cyber risk management solutions provider Bitsight is acquiring threat intelligence firm Cybersixgill for $115 million. The post Bitsight to Acquire Cybersixgill for $115 Million appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Bitsight…

Read more →

Two Nigerian nationals, one in Mexico and one in North Dakota, have been charged for hacking into the systems of US tax preparation companies. The post Two Men Charged For Hacking US Tax Preparation Firms appeared first on SecurityWeek. This…

Read more →

CISA and the FBI have confirmed that Chinese hackers compromised the networks of telecommunications companies to spy on specific targets. The post CISA, FBI Confirm China Hacked Telecoms Providers for Spying appeared first on SecurityWeek. This article has been indexed…

Read more →

The exploit for a new zero-day vulnerability in Windows is executed by deleting files, drag-and-dropping them, or right clicking on them. The post Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions appeared first on SecurityWeek. This article…

Read more →

Cybereason Chairman & CEO Eric Gan believes the merger could help its existing success in some international markets. The post Cybereason and Trustwave Announce Merger appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…

Read more →

Exploitation attempts targeting CVE-2024-10914, a recently disclosed ‘won’t fix’ vulnerability affecting outdated D-Link NAS devices.  The post Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure   appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

Google Cloud will be assigning CVE identifiers to serious cloud vulnerabilities, even ones that don’t require patching. The post Google Cloud to Assign CVEs to Critical Vulnerabilities  appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…

Read more →

Most of the top frequently exploited vulnerabilities in 2023 were initially exploited as zero-days, according to data from government agencies. The post Citrix, Cisco, Fortinet Zero-Days Among 2023s Most Exploited Vulnerabilities appeared first on SecurityWeek. This article has been indexed…

Read more →

Intel and AMD have published November 2024 Patch Tuesday security advisories to inform customers about vulnerabilities found recently in their products.   The post Chipmaker Patch Tuesday: Intel Publishes 44 and AMD Publishes 8 New Advisories appeared first on SecurityWeek. This…

Read more →

Ivanti has released fixes for dozens of vulnerabilities in Endpoint Manager, Avalanche, Connect Secure, Policy Secure, and Secure Access Client. The post Ivanti Patches 50 Vulnerabilities Across Several Products appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

The CISO Forum Virtual Summit takes place on November 13th in SecurityWeek’s Virtual Conference Center. The post CISO Forum Virtual Summit is Today appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: CISO Forum…

Read more →

Citrix and Fortinet have released patches for multiple vulnerabilities, including high-severity bugs in NetScaler and FortiOS. The post Citrix, Fortinet Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Citrix, Fortinet…

Read more →

CISA, Schneider Electric, Siemens, and Rockwell Automation have released November 2024 Patch Tuesday security advisories. The post ICS Patch Tuesday: Security Advisories Released by CISA, Schneider, Siemens, Rockwell appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

Security researchers say the botnet created by China’s Volt Typhoon re-emerged recently, leveraging the same core infrastructure and techniques.  The post China’s Volt Typhoon Rebuilding Botnet appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…

Read more →

Teixeira pleaded guilty in March to six counts of the willful retention and transmission of national defense information under the Espionage Act. The post Pentagon Secrets Leaker Jack Teixeira Sentenced to 15 Years in Prison by a Federal Judge appeared…

Read more →

Patch Tuesday: Microsoft patches 90 security flaws across the Windows ecosystem warns of zero-day exploitation and code execution risks. The post Microsoft Confirms Zero-Day Exploitation of Task Scheduler Flaw appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

Adobe patches critical-severity bugs in multiple products, including the Adobe Commerce and Magento Open Source platforms. The post Patch Tuesday: Critical Flaws in Adobe Commerce, Photoshop, InDesign, Illustrator appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

GoIssue is a new tool for cybercriminals that allows attackers to extract email addresses from GitHub profiles and send bulk emails to users. The post GitLoker Strikes Again: New “Goissue” Tool Targets GitHub Developers and Corporate Supply Chains appeared first…

Read more →

Cybersecurity incident impacts Giant Food, Hannaford, and other Ahold Delhaize USA brands, including pharmacies and e-commerce services. The post Ahold Delhaize Cybersecurity Incident Impacts Giant Food, Hannaford appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…

Read more →

The impact of a data breach suffered by Form I-9 Compliance is growing, with the number of affected individuals reaching 190,000. The post Form I-9 Compliance Data Breach Impacts Over 190,000 People appeared first on SecurityWeek. This article has been…

Read more →

Amazon has confirmed that some employee data was compromised as a result of a MOVEit hack last year. The post Amazon Employee Data Leaked by Hacker appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…

Read more →

A new feature in the latest iOS release reportedly reboots locked devices that have not been unlocked for longer periods of time. The post New iOS Security Feature Reboots Devices to Protect User Data: Reports appeared first on SecurityWeek. This…

Read more →

The FBI is seeing an increase in threat actors using fake emergency data requests to harvest information from US companies. The post FBI Warns US Organizations of Fake Emergency Data Requests Made by Cybercriminals appeared first on SecurityWeek. This article…

Read more →

In its latest financial report, Halliburton said the recent cybersecurity incident has so far cost the company $35 million. The post Cyberattack Cost Oil Giant Halliburton $35 Million appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

Forth says the personal information of 1.5 million people was compromised in a May 2024 data breach. The post Debt Relief Firm Forth Discloses Data Breach Impacting 1.5 Million People appeared first on SecurityWeek. This article has been indexed from…

Read more →

Veeam has released a hotfix for a high-severity authentication bypass vulnerability in Backup Enterprise Manager. The post Veeam Patches High-Severity Vulnerability as Exploitation of Previous Flaw Expands appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…

Read more →

The information of over 300,000 Presbyterian Healthcare Services patients was compromised as a result of a data breach at law firm Thompson Coburn. The post Law Firm Data Breach Impacts 300,000 Presbyterian Healthcare Patients appeared first on SecurityWeek. This article…

Read more →

D-Link warns of a critical-severity command injection vulnerability impacting multiple discontinued NAS models. The post Many Legacy D-Link NAS Devices Exposed to Remote Attacks via Critical Flaw appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…

Read more →

Explore industry moves and significant changes in the industry for the week of November 11, 2024. Stay updated with the latest industry trends and shifts. This article has been indexed from SecurityWeek Read the original article: Industry Moves for the…

Read more →

Palo Alto Networks has issued an advisory urging customers to take action in response to claims of an RCE vulnerability in PAN-OS.  The post Palo Alto Networks Addresses Remote Code Execution Vulnerability Claims appeared first on SecurityWeek. This article has…

Read more →

The US government’s CFPB sent an email with a simple directive: “Do NOT conduct CFPB work using mobile voice calls or text messages.” The post US Gov Agency Urges Employees to Limit Phone Use After China ‘Salt Typhoon’ Hack appeared…

Read more →

Noteworthy stories that might have slipped under the radar: China’s Volt Typhoon hacked Singtel, GuLoader targets European industrial organizations, and US agency warns employees about phone use.  The post In Other News: China Hacked Singtel, GuLoader Attacks on Industrial Firms, Phone…

Read more →

Malwarebytes has acquired Sweden-based privacy-focused VPN provider AzireVPN to expand its product offerings. The post Malwarebytes Acquires VPN Provider AzireVPN appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Malwarebytes Acquires VPN Provider AzireVPN

Read more →

ZDI discloses vulnerabilities in the infotainment system of multiple Mazda car models that could lead to code execution. The post Unpatched Vulnerabilities Allow Hacking of Mazda Cars: ZDI appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

After the hacker IntelBroker leaked stolen source code, Nokia said the impact of the cybersecurity incident is limited. The post Nokia Says Impact of Recent Source Code Leak Is Very Limited appeared first on SecurityWeek. This article has been indexed…

Read more →

A significant number of Nigerian cybercriminals have been sent to prison in recent months in the United States, and some of them received lengthy sentences. The post US Prison Sentences for Nigerian Cybercriminals Surge in Recent Months appeared first on…

Read more →

HPE this week warned of two critical vulnerabilities in Aruba Networking access points that could lead to unauthenticated command injection. The post HPE Patches Critical Vulnerabilities in Aruba Access Points appeared first on SecurityWeek. This article has been indexed from…

Read more →

CISA has added a Palo Alto Networks Expedition flaw tracked as CVE-2024-5910 to its Known Exploited Vulnerabilities Catalog. The post Palo Alto Networks Expedition Vulnerability Exploited in Attacks, CISA Warns appeared first on SecurityWeek. This article has been indexed from…

Read more →

North Korean cryptocurrency thieves caught targeting macOS with fake PDF applications, backdoors and new persistence tactics. The post North Korean Hackers Target macOS Users appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: North…

Read more →

North Korean cryptocurrency thieves caught targeting macOS with fake PDF applications, backdoors and new persistence tactics. The post North Korean Hackers Target macOS Users with Fake Crypto PDFs  appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

Essential steps such as security awareness training, MFA, and Zero Trust identity management help organizations reduce the human element and stay ahead in the cybersecurity curve. The post The Biggest Inhibitor of Cybersecurity: The Human Element appeared first on SecurityWeek.…

Read more →

Embed Security has raised $6 million in an early stage funding round led by Paladin Capital Group. The post Embed Security Raises $6 Million to Help Overworked Analysts appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

Impersonating legitimate software such as Foxit PDF Editor and AutoCAD, the SteelFox crimeware bundle steals user information. The post ‘SteelFox’ Miner and Information Stealer Bundle Emerges appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…

Read more →

A critical vulnerability in Cisco Unified Industrial Wireless software could allow remote, unauthenticated attackers to inject commands with root privileges. The post Cisco Patches Critical Vulnerability in Industrial Networking Solution appeared first on SecurityWeek. This article has been indexed from…

Read more →

Canada won’t block access to TikTok but is ordering the dissolution of its Canadian business after a national security review. The post Canada Orders TikTok’s Canadian Business to Be Dissolved but Won’t Block App appeared first on SecurityWeek. This article…

Read more →

Vehicle tracking services for Serco, DHL, and other fleets were disrupted after Microlise fell victim to a cyberattack. The post Cyberattack on Microlise Disables Tracking in Prison Vans, Courier Vehicles appeared first on SecurityWeek. This article has been indexed from…

Read more →

ToxicPanda is a China-linked Android banking trojan spotted targeting over a dozen banks in Europe and Latin America. The post Android Banking Trojan ToxicPanda Targets Europe appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…

Read more →

Starting this month, Google Cloud will be rolling out mandatory MFA for all users who sign in with a password. The post Google Cloud Rolling Out Mandatory MFA for All Users appeared first on SecurityWeek. This article has been indexed…

Read more →

CrowdStrike is acquiring Israeli SaaS security firm Adaptive Shield to boost the capabilities of its Falcon cybersecurity platform. The post CrowdStrike to Acquire Adaptive Shield in Reported $300 Million Deal appeared first on SecurityWeek. This article has been indexed from…

Read more →

Microchip Technology’s latest financial report reveals the company’s expenses due to the recent cybersecurity incident.  The post Microchip Technology Reports $21.4 Million Cost From Ransomware Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…

Read more →

Unauthorized activity detected on the Washington courts network, which led to websites and other services becoming unavailable. The post Cyberattack Blamed for Statewide Washington Courts Outage appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…

Read more →

Memorial Hospital and Manor’s access to its Electronic Health Record system was disrupted following a ransomware attack. The post Ransomware Attack Disrupts Georgia Hospital’s Access to Health Records appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

Georgia Tech researchers have developed PLCHound, an algorithm that uses AI to improve the identification of internet-exposed ICS. The post PLCHound Aims to Improve Detection of Internet-Exposed ICS appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

South Korea’s privacy watchdog has fined Meta 21.6 billion won ($15 million) for illegally collecting sensitive personal information from Facebook users. The post South Korea Fines Meta $15 Million for Illegally Collecting Information on Facebook Users appeared first on SecurityWeek.…

Read more →

Canadian authorities have arrested Alexander ‘Connor’ Moucka, suspected of hacking multiple Snowflake accounts earlier this year. The post Canadian Authorities Arrest Suspected Snowflake Hacker appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Canadian…

Read more →

Canadian authorities have arrested Alexander ‘Connor’ Moucka, suspected of hacking multiple Snowflake accounts earlier this year. The post Suspected Snowflake Hacker Arrested in Canada appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Suspected…

Read more →

Cybercriminals are abusing DocuSign APIs to send bogus email messages that bypass protections such as spam and phishing filters. The post DocuSign Abused to Deliver Fake Invoices appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…

Read more →

Roundup of the thirty-seven cybersecurity-related merger and acquisition (M&A) deals announced in October 2024. The post Cybersecurity M&A Roundup: 37 Deals Announced in October 2024 appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…

Read more →

Google warns of the limited, targeted exploitation of two vulnerabilities resolved with the latest Android security update. The post Google Patches Two Android Vulnerabilities Exploited in Targeted Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

Attackers could have exploited IBM Security Verify Access vulnerabilities to compromise the entire authentication infrastructure. The post Researcher Discloses 36 Vulnerabilities Found in IBM Security Verify Access  appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…

Read more →

Hackers claim to have stolen sensitive information, including user data, after breaching Schneider Electric’s Jira system.  The post Schneider Electric Launches Probe After Hackers Claim Theft of User Data appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

Saint Xavier University is notifying over 210,000 individuals of personal information compromise in a July 2023 data breach. The post 210,000 Impacted by Saint Xavier University Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

Kolade Akinwale Ojelade was sentenced to 26 years in prison in the US for compromising email accounts through phishing and stealing millions. The post US Sentences Nigerian to 26 Years in Prison for Stealing Millions Through Phishing appeared first on…

Read more →

The FBI is asking for information on the Chinese threat actors targeting Sophos edge devices to compromise private and government entities. The post FBI Seeking Information on Chinese Hackers Targeting Sophos Firewalls appeared first on SecurityWeek. This article has been…

Read more →

The City of Columbus says the personal information of 500,000 people was stolen in a ransomware attack. The post City of Columbus Ransomware Attack Impacts 500,000 People appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…

Read more →

Siemens and Rockwell Automation are taking steps to improve cybersecurity in industrial organizations, but getting customers to install security systems and upgrade ICS can still be challenging.  The post Siemens and Rockwell Tackle Industrial Cybersecurity, but Face Customer Hesitation  appeared…

Read more →

Explore industry moves and significant changes in the industry for the week of November 4, 2024. Stay updated with the latest industry trends and shifts. This article has been indexed from SecurityWeek Read the original article: Industry Moves for the…

Read more →

Barracuda has observed a large-scale OpenAI impersonation campaign whose goal is to phish for ChatGPT credentials. The post Businesses Worldwide Targeted in Large-Scale ChatGPT Phishing Campaign appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…

Read more →

Noma provides a platform to protect the data and lifecycle of emerging gen-AI applications, which introduces new threats not covered by existing security controls. The post Noma Security Raises $32 Million to Safeguard Gen-AI Applications appeared first on SecurityWeek. This…

Read more →

A stealthy network backdoor found on hacked Sophos XG firewall devices is programmed to work on a broader range of Linux-based devices. The post NCSC Details ‘Pygmy Goat’ Backdoor Planted on Hacked Sophos Firewall Devices appeared first on SecurityWeek. This…

Read more →

GreyNoise Intelligence says an internal AI tool captured attempts to exploit critical vulnerabilities in commercial livestream IoT cameras. The post GreyNoise Credits AI for Spotting Exploit Attempts on IoT Livestream Cams appeared first on SecurityWeek. This article has been indexed…

Read more →

Noteworthy stories that might have slipped under the radar: FBI conducted over 30 ransomware disruption operations this year, Windows Recall delayed until December, CrowdStrike responds to a Bloomberg article.  The post In Other News: FBI’s Ransomware Disruptions, Recall Delayed Again,…

Read more →

The US and Israel have published an advisory describing the latest activities of Iranian cyber firm Emennet Pasargad, now called Aria Sepehr Ayandehsazan. The post US, Israel Describe Iranian Hackers’ Targeting of Olympics, Surveillance Cameras  appeared first on SecurityWeek. This…

Read more →

LottieFiles has confirmed that Lottie-Player has been compromised in a supply chain attack whose goal is cryptocurrency theft. The post Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…

Read more →

Bugcrowd has secured $50 million in growth capital facility from Silicon Valley Bank for expansion and innovation. The post Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →