Category: SecurityWeek RSS Feed

Google releases a Chrome 123 update to resolve three high-severity memory safety vulnerabilities. The post Google Pays Out $41,000 for Three Serious Chrome Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original…

Read more →

A bill that would reauthorize Section 702 of the Foreign Intelligence Surveillance Act was blocked by a conservative revolt. The post Conservative Revolt in the House Blocks Effort to Reauthorize a Key US Spy Tool appeared first on SecurityWeek. This…

Read more →

The financial sector has suffered over 20,000 cyberattacks in two decades, causing more than $12 billion in losses. The post IMF: Financial Firms Lost $12 Billion to Cyberattacks in Two Decades appeared first on SecurityWeek. This article has been indexed…

Read more →

Alethea has raised $20 million in Series B funding for its technology designed to detect and mitigate disinformation. The post Alethea Raises $20 Million for Disinformation Detection and Mitigation Solution appeared first on SecurityWeek. This article has been indexed from…

Read more →

Google adds AI to cloud security features and announces other security capabilities for cloud customers. The post Google Cloud Unveils New AI-Powered Security Capabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original…

Read more →

Palo Alto Networks patches several high-severity vulnerabilities, including ones that allow DoS attacks against its firewalls. The post Palo Alto Networks Patches Vulnerabilities Allowing Firewall Disruption appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

CISA’s Malware Next-Gen system is now available for any organization to submit malware samples and other suspicious artifacts for analysis. The post CISA Releases Malware Next-Gen Analysis System for Public Use appeared first on SecurityWeek. This article has been indexed…

Read more →

The recent AT&T data breach impacts 51 million customers, the company tells Maine’s attorney general. The post AT&T Data Breach Update: 51 Million Customers Impacted appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

VUSec researchers resurrect Spectre v2 attack, showing that it works against the Linux kernel on the latest-generation Intel CPUs. The post Researchers Resurrect Spectre v2 Attack Against Intel CPUs appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

Many LG TVs may be vulnerable to remote hacking due to a series of vulnerabilities found by Bitdefender researchers. The post Thousands of LG TVs Possibly Exposed to Remote Hacking appeared first on SecurityWeek. This article has been indexed from…

Read more →

Fortinet has released patches for a dozen vulnerabilities, including a critical-severity remote code execution flaw in FortiClientLinux. The post Fortinet Patches Critical RCE Vulnerability in FortiClientLinux appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

The personal information of 500,000 people was compromised in a data breach at Group Health Cooperative of South Central Wisconsin. The post 530k Impacted by Data Breach at Wisconsin Healthcare Organization appeared first on SecurityWeek. This article has been indexed…

Read more →

Risk and compliance solutions provider Sprinto has raised $20 million in a Series B funding round led by Accel. The post Sprinto Raises $20 Million for Automated Risk and Compliance Platform appeared first on SecurityWeek. This article has been indexed…

Read more →

Microsoft patches CVE-2024-29988 and CVE-2024-26234, two zero-day vulnerabilities exploited by threat actors to deliver malware. The post Microsoft Patches Two Zero-Days Exploited for Malware Delivery appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

Cisco says it will not release patches for a cross-site scripting vulnerability impacting end-of-life small business routers. The post Cisco Warns of Vulnerability in Discontinued Small Business Routers appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

With so much money riding on the promise of AI advances, it’s no surprise that AGI is also becoming a corporate buzzword that sometimes attracts a quasi-religious fervor. The post Tech Companies Want to Build Artificial General Intelligence. But Who…

Read more →

NIST announced $3.6 million in grants for 18 education and community organizations to build the future cybersecurity workforce. The post NIST Grants $3.6 Million to Boost US Cybersecurity Workforce appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

Noteworthy stories that might have slipped under the radar: the CISA hack could impact 100,000 people, Microsoft AI Copilot banned by US House, UK nuclear site prosecution.  The post In Other News: 100,000 Affected by CISA Breach, Microsoft AI Copilot…

Read more →

Japanese lens maker Hoya says production processes and ordering systems were disrupted by a cyberattack. The post Lens Maker Hoya Scrambling to Restore Systems Following Cyberattack appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Acuity, the tech firm from which hackers claimed to have stolen State Department and other government data, confirms hack, but says stolen info is old. The post Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Old Info…

Read more →

Attackers are exploiting a recent Magento vulnerability to deploy a persistent backdoor on ecommerce websites. The post Magento Vulnerability Exploited to Deploy Persistent Backdoor appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original…

Read more →

Cybersecurity companies raised $2.3 billion in funding in Q1 2024, a 20% decrease compared to the same period of 2023, according to Pinpoint. The post Cybersecurity Firms Raised $2.3 Billion in Q1 2024: Report appeared first on SecurityWeek. This article…

Read more →

Ivanti releases a carefully scripted YouTube video and an open letter from chief executive Jeff Abbott vowing to fix the entire security organization. The post Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz appeared first on SecurityWeek. This article has…

Read more →

Omni Hotels & Resorts tells customers that recent disruptions have been caused by a cyberattack that forced it to shut down systems. The post Cyberattack Causes Disruptions at Omni Hotels appeared first on SecurityWeek. This article has been indexed from…

Read more →

City of Hope is notifying 800,000 individuals of a data breach impacting their personal and health information. The post US Cancer Center Data Breach Impacting 800,000 appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Google this week patched two Pixel phone zero-day vulnerabilities actively exploited by forensic companies to obtain data from devices. The post Pixel Phone Zero-Days Exploited by Forensic Firms appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

Data breach impacting users’ personal information prompts survey rewards platform SurveyLama to reset passwords. The post SurveyLama Data Breach Impacts 4.4 Million Users appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

Cloud security firm provides a detection platform able to detect and predict the likely behavior of ‘bad’ identities. The post Cloud Threat Detection Firm Permiso Raises $18 million appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

A critical OS command injection in Progress Flowmon can be exploited to gain remote, unauthenticated access to the system. The post Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems appeared first on SecurityWeek. This article has been indexed…

Read more →

New HTTP/2 DoS method named Continuation Flood can pose a greater risk than Rapid Reset, which has been used for record-breaking attacks. The post New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset appeared first on SecurityWeek. This…

Read more →

Video conferencing giant Zoom has paid out $10 million through its bug bounty program since it was launched in 2019. The post Zoom Paid Out $10 Million via Bug Bounty Program Since 2019 appeared first on SecurityWeek. This article has…

Read more →

News analysis:  SecurityWeek editor-at-large Ryan Naraine reads the CSRB report on China’s audacious Microsoft’s Exchange Online hack and isn’t at all surprised by the findings. The post Microsoft’s Security Chickens Have Come Home to Roost appeared first on SecurityWeek. This…

Read more →

An analysis by Forescout shows 300,000 Chinese devices in the US, up 40% compared to the previous year, despite bans. The post Number of Chinese Devices in US Networks Growing Despite Bans appeared first on SecurityWeek. This article has been…

Read more →

MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of all vulnerabilities. What went wrong, and what can be done? The post CVE and NVD –…

Read more →

How can security practitioners make sense of the vendor landscape and separate those who talk a good game from those who can execute, perform, and solve real problems for enterprises? The post Know Your Audience When Speaking to Security Practitioners…

Read more →

A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information. The post Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites appeared first on SecurityWeek. This article has been indexed from…

Read more →

Cyber Safety Review Board, said “a cascade of errors” by Microsoft let state-backed Chinese cyber operators break into email accounts of senior U.S. officials. The post Scathing Federal Report Rips Microsoft for Shoddy Security, Insincerity in Response to Chinese Hack…

Read more →

Jackson County, Missouri, discloses ‘significant disruptions’ to IT systems, says ransomware attack likely at fault. The post Missouri County Hit by Ransomware appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article: Missouri…

Read more →

The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago. The post XZ Utils Backdoor Attack Brings Another Similar Incident to Light appeared first on SecurityWeek. This article has…

Read more →

Google pushes a new Chrome update to patch another zero-day vulnerability demonstrated at a hacking contest. The post Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

Google patches 28 vulnerabilities in Android and 25 bugs in Pixel devices, including two flaws exploited in the wild. The post Google Patches Exploited Pixel Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Google is bringing to Chrome new features to bind browser sessions to the device and protect users against cookie theft. The post Chrome to Fight Cookie Theft With Device Bound Session Credentials  appeared first on SecurityWeek. This article has been…

Read more →

A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages. The post Security Flaw in WP-Members Plugin Leads to Script Injection appeared first on SecurityWeek. This article has been indexed from…

Read more →

Self check-in kiosks at Ibis Budget hotels were affected by a vulnerability that exposed keypad codes that could be used to enter rooms.  The post Hotel Self Check-In Kiosks Exposed Room Access Codes appeared first on SecurityWeek. This article has…

Read more →

Twenty-seven cybersecurity-related merger and acquisition (M&A) deals were announced in March 2024. The post Cybersecurity M&A Roundup: 27 Deals Announced in March 2024 appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

The OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members. The post OWASP Data Breach Caused by Server Misconfiguration appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Prudential Financial says the names, addresses, and ID numbers of over 36,000 were stolen in a February data breach. The post Prudential Financial Data Breach Impacts 36,000 appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

Read more →

Heartbleed made most certificates vulnerable. The future problem is that quantum decryption will make all certificates and everything else using RSA encryption vulnerable to everyone. The post Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! appeared first on…

Read more →

MarineMax confirms suffering a data breach as a result of a recent ransomware attack, with the attackers claiming to have obtained 180,000 files.  The post Boat Dealer MarineMax Confirms Data Breach  appeared first on SecurityWeek. This article has been indexed…

Read more →

Google agreed to purge billions of records containing personal information collected from more than 136 million people using its Chrome web browser as part of settlement in a lawsuit accusing it of illegal surveillance. The post Google to Purge Billions…

Read more →

Veracode announces a deal to acquire Longbow Security, a Texas seed-stage startup working on automated root cause analysis technology. The post Veracode Buys Longbow Security for Automated Root Cause Analysis Tech appeared first on SecurityWeek. This article has been indexed…

Read more →

NCC Group researchers warn that the Android banking malware ‘Vultur’ has been updated with device interaction and file tampering capabilities. The post ‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities appeared first on SecurityWeek. This article has been indexed from…

Read more →

A vulnerability in util-linux, a core utilities package in Linux systems, allows attackers to leak user passwords and modify the clipboard. The post ‘WallEscape’ Linux Vulnerability Leaks User Passwords appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

Software developers relying on AI chatbots for building applications may end up using hallucinated software packages. The post AI Hallucinated Packages Fool Unsuspecting Developers appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original…

Read more →

Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions. The post Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor appeared first on SecurityWeek. This…

Read more →

AT&T used the Easter holiday weekend to quietly share details on data that surfaced on the dark web roughly two weeks ago. The post AT&T Says Data on 73 Million Customers Leaked on Dark Web appeared first on SecurityWeek. This…

Read more →

Noteworthy stories that might have slipped under the radar: US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users. The post In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing…

Read more →

Generative-AI security startup SydeLabs emerges from stealth mode with $2.5 million in seed funding led by RTP Global. The post SydeLabs Emerges From Stealth Mode With $2.5 Million in Funding appeared first on SecurityWeek. This article has been indexed from…

Read more →

US Defense Department releases defense industrial base cybersecurity strategy with a focus on four key goals. The post Pentagon Outlines Cybersecurity Strategy for Defense Industrial Base  appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

The US Department of Energy announces $15 million funding for university-based electric power cybersecurity centers. The post Energy Department Invests $15 Million in University Cybersecurity Centers  appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

It is the CISO’s responsibility to build and maintain a high functioning team in a difficult environment – cybersecurity is a complex, continuous, and adversarial environment like none other outside of military conflict. The post The Complexity and Need to…

Read more →

JetBrains patches 26 security issues in TeamCity and takes steps to avoid malicious exploitation of vulnerabilities. The post 26 Security Issues Patched in TeamCity appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original…

Read more →

Harvard Pilgrim Health Care says the personal information of over 2.8 million individuals was stolen in a year-old ransomware attack. The post Massachusetts Health Insurer Data Breach Impacts 2.8 Million appeared first on SecurityWeek. This article has been indexed from…

Read more →

Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign. The post Malware Upload Attack Hits PyPI Repository appeared first on SecurityWeek. This article has…

Read more →

Splunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue. The post Splunk Patches Vulnerabilities in Enterprise Product appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article: Splunk Patches Vulnerabilities…

Read more →

Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India. The post Cyberespionage Campaign Targets Government, Energy Entities in India appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

A significant cybersecurity challenge arises from managing the immense volume of data generated by numerous IT security tools, leading organizations into a reactive rather than proactive approach. The post Cybersecurity Mesh: Overcoming Data Security Overload appeared first on SecurityWeek. This…

Read more →

Coro has raised $100 million in Series D funding for its enterprise-grade platform tailored for the small- and mid-sized market. The post Coro Raises $100 Million for All-in-One Security Platform appeared first on SecurityWeek. This article has been indexed from…

Read more →

Zafran has emerged from stealth mode with a risk and mitigation platform and $30 million in funding from Sequoia Capital and Cyberstarts. The post Zafran Emerges From Stealth With Risk and Mitigation Platform, $30M in Funding appeared first on SecurityWeek.…

Read more →

Cisco has released patches for multiple IOS and IOS XE software vulnerabilities leading to denial-of-service (DoS). The post Cisco Patches DoS Vulnerabilities in Networking Products appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major threat indicators. The post Threat Indicators Show 2024 Is Already Promising to be Worse Than 2023 appeared first on SecurityWeek. This…

Read more →

Two Chinese cyberespionage groups have been targeting entities and member countries affiliated with ASEAN. The post Chinese Cyberspies Targeting ASEAN Entities appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article: Chinese Cyberspies…

Read more →

The US is offering a reward of up to $10 million for information on BlackCat ransomware affiliates that targeted US critical infrastructure. The post US Offering $10 Million Reward for Information on Change Healthcare Hackers appeared first on SecurityWeek. This…

Read more →

In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major threat indicators. The post Threat Indicators Show 2024 is Already Promising to be Worse Than 2023 appeared first on SecurityWeek. This…

Read more →

CISA is seeking comment on the implementation of CIRCIA, which will cost $2.6 billion and will impact 316,000 entities. The post CISA Moving Forward With Cyber Incident Reporting Rules Impacting 316,000 Entities appeared first on SecurityWeek. This article has been…

Read more →

Although the attack on the national library of the UK occurred five months ago, the Library’s infrastructure won’t be rebuilt until mid-April 2024, and then the full restoration of systems and data can begin. The post Details and Lessons Learned…

Read more →

Artificial intelligence computing giant NVIDIA patches flaws in ChatRTX for Windows and warns of code execution and data tampering risks. The post Code Execution Flaws Haunt NVIDIA ChatRTX for Windows appeared first on SecurityWeek. This article has been indexed from…

Read more →

Human Security identifies 28 VPN applications for Android and an SDK that turn devices into proxies. The post VPN Apps on Google Play Turn Android Devices Into Proxies appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →