Category: SecurityWeek RSS Feed

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami on Wednesday, along with five associates in Europe, during an international operation against “darknet” markets. read more This article has been indexed from SecurityWeek RSS Feed Read the original…

Read more →

Cisco on Wednesday announced patches for a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME). read more This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

The US government’s cybersecurity agency CISA is giving federal agencies an early February deadline to patch a critical — and already exploited — security vulnerability in the widely used CentOS Control Web Panel utility. read more This article has been…

Read more →

Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns. read more This article has been…

Read more →

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE). Two security defects were identified in TP-Link WR710N-V1-151022 and Archer-C5-V2-160201 SOHO (small office/home office) routers, allowing attackers to execute code, crash devices, or…

Read more →

A source code security audit has led to the discovery of several vulnerabilities in Git, the widely used distributed version control system. The results of the security audit, sponsored by OSTIF and conducted by X41 and GitLab, were made public…

Read more →

Oracle on Tuesday announced the release of its first Critical Patch Update for 2023, which includes 327 new security patches. More than 70 fixes address critical-severity vulnerabilities. Over 200 of the patches resolve security defects that can be exploited remotely…

Read more →

Norway‎-based industrial risk management and assurance solutions provider DNV said a recent ransomware attack on its ship management software impacted 1,000 vessels. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Ransomware Attack on…

Read more →

Nissan North America is informing roughly 18,000 customers that their personal information was exposed in a data breach at a third-party services provider. The breach occurred after data provided by Nissan to the services provider was inadvertently exposed on the…

Read more →

Vulnerabilities found in GE’s Proficy Historian product could be exploited by hackers for espionage and to cause damage and disruption in industrial environments. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Hackers Can…

Read more →

Cloud security company Orca has published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services, including two bugs that could have been exploited without authentication. read more This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Fortinet warns of three new malicious PyPI packages containing code designed to fetch the Wacatac trojan and information stealer as a next stage payload. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: PyPI…

Read more →

A GitHub Codespaces feature meant to help with code development and collaboration can be abused for malware delivery, Trend Micro reports. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Attackers Can Abuse GitHub…

Read more →

Avast and Bitdefender have released decryptors to help victims of BianLian and MegaCortex ransomware recover their data for free. Written in Golang, BianLian emerged in August 2022 and has been used in targeted attacks against entertainment, healthcare, media, and manufacturing…

Read more →

When the Supreme Court last June stripped away constitutional protections for abortion, concerns grew over the use of period tracking apps because they aren’t protected by federal privacy laws. read more This article has been indexed from SecurityWeek RSS Feed…

Read more →

Security researchers tracking a known pre-authentication remote code execution vulnerability in Zoho’s ManageEngine products are warning organizations to brace for “spray and pray” attacks across the internet. read more This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

A series of vulnerabilities affecting industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to internal operational technology (OT) networks from the internet. read more This article has been indexed from SecurityWeek RSS…

Read more →

Canadian liquor distributor Liquor Control Board of Ontario (LCBO) has announced that a web skimmer injected into its online store was used to steal users’ personal data. read more This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

The US Department of Defense (DoD) is getting ready to launch the third installment of its ‘Hack the Pentagon’ bug bounty program, which will focus on the Facility Related Controls System (FRCS) network. read more This article has been indexed…

Read more →

A hacktivist group has made bold claims regarding an attack on an industrial control system (ICS) device, but industry professionals have questioned their claims. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Cybersecurity…

Read more →

Software development service CircleCI has revealed that a recently disclosed data breach was the result of information stealer malware being deployed on an engineer’s laptop. The incident was initially disclosed on January 4, when CircleCI urged customers to rotate their…

Read more →

A top U.S. intelligence official on Thursday urged Congress to renew sweeping powers granted to American spy agencies to surveil and examine communications, saying they were critical to stopping terrorism, cyberattacks and other threats. read more This article has been…

Read more →

Most internet-exposed Cacti installations have not been patched against a critical-severity command injection vulnerability that is being exploited in attacks. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Most Cacti Installations Unpatched Against…

Read more →

The first round of security advisories published by Juniper Networks for 2023 cover hundreds of vulnerabilities that have been patched in the networking giant’s products. read more This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

Security researchers are observing exploitation attempts targeting a critical Control Web Panel (CWP) vulnerability, following the publication of proof-of-concept (PoC) code in early January. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Exploitation…

Read more →

Fortinet reported this week that a recently patched vulnerability tracked as CVE-2022-42475 has been exploited in highly targeted attacks aimed at government organizations. The security hole impacts the FortiOS SSL-VPN and it can allow a remote, unauthenticated hacker to execute…

Read more →

A Pro-Russian cybercrime group named NoName057(16) is actively launching distributed denial-of-service (DDoS) attacks against organizations in Ukraine and NATO countries. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Pro-Russian Group DDoS-ing Governments, Critical…

Read more →

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to complete vehicle compromise. read more This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

Twitter says it has analyzed the recently advertised databases allegedly containing the information of hundreds of millions of its users and found no evidence that a vulnerability has been exploited. read more This article has been indexed from SecurityWeek RSS…

Read more →

The developers of the open source secure messaging app Threema have come under fire over their public response to a security analysis conducted by researchers at the Swiss university ETH Zurich. read more This article has been indexed from SecurityWeek…

Read more →

British news organization The Guardian has confirmed that personal information was compromised in a ransomware attack in December 2022. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: The Guardian Confirms Personal Information Compromised…

Read more →

Cisco this week announced that no patches will be released for a critical-severity vulnerability impacting small business RV016, RV042, RV042G, and RV082 routers, which have reached end of life (EoL). read more This article has been indexed from SecurityWeek RSS…

Read more →

Exploitation of a critical vulnerability affecting the widely used SugarCRM customer relationship management system was seen just days after someone made public an exploit. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Recently…

Read more →

Cybersecurity firm Group-IB is raising the alarm on a newly identified advanced persistent threat (APT) actor targeting government and military organizations in Asia and Europe. read more This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

Cisco’s Talos security researchers have published technical information on three severe vulnerabilities impacting Asus RT-AX82U routers. A Wi-Fi 6 gaming router, the RT-AX82U can be configured via an HTTP server that is running on the local network, but also supports…

Read more →

Britain’s postal service said it was hit Wednesday by a “cyber incident” that is temporarily preventing it from sending letters or parcels to other countries. read more This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

Hack The Box, a British startup working on technology to simplify cybersecurity skills training, has banked a $55 million funding round as venture capital investors place big bets on the subscription-based talent assessment space. read more This article has been…

Read more →

read more This article has been indexed from SecurityWeek RSS Feed Read the original article: ‘No Evidence’ of Cyberattack Related to FAA Outage, White House Says

Read more →

Red Hat announced on Tuesday the general availability of a malware detection service for Red Hat Enterprise Linux (RHEL) systems. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Red Hat Announces General Availability…

Read more →

Google on Tuesday announced the release of Chrome 109 in the stable channel with patches for 17 vulnerabilities, including 14 bugs reported by external researchers. read more This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

UK-based manufacturing company Morgan Advanced Materials revealed on Tuesday that it’s investigating a cybersecurity incident. The company has launched an investigation after detecting unauthorized activity on its network. The wording suggests that it’s an ongoing security breach. read more This…

Read more →

A cybercrime group tracked as Scattered Spider has been observed exploiting an old vulnerability in an Intel Ethernet diagnostics driver for Windows in recent attacks on telecom and BPO firms. read more This article has been indexed from SecurityWeek RSS…

Read more →

Third-party administrator of insurance products Bay Bridge Administrators (BBA) is informing roughly 250,000 individuals that their personal information might have been compromised in a September 2022 data breach. read more This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Researchers at firmware security company Red Balloon Security have discovered a potentially serious vulnerability affecting many of Siemens’ programmable logic controllers (PLCs). read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Unpatchable Hardware Vulnerability…

Read more →

SAP this week announced the release of 12 new and updated security notes as part of the January 2023 Security Patch Day, including seven ‘hot news’ notes that address critical-severity vulnerabilities. read more This article has been indexed from SecurityWeek…

Read more →

The European Union warned online giant TikTok on Tuesday to respect EU law and ensure the safety of European users’ data, as the video-sharing app’s CEO met with top officials in Brussels. read more This article has been indexed from…

Read more →

Is the United States heading toward a recession? If we are, then profits will dip, and belts will be tightened while we wait for the government to turn things round. Most, but not all, businesses will survive; but all will…

Read more →

Microsoft’s security patching machine hummed into overdrive Tuesday with the release of fixes for at least 97 documented software vulnerabilities, including a zero-day that’s already been exploited to escape the browser sandbox. read more This article has been indexed from…

Read more →

Intel announced on Tuesday that it has added Intel Trust Domain Extensions (TDX) to its confidential computing portfolio with the launch of its new 4th Gen Xeon enterprise processors. read more This article has been indexed from SecurityWeek RSS Feed…

Read more →

Software maker Adobe has rolled out its first batch of security patches for 2023 with fixes for at least 29 security vulnerabilities in a range of enterprise-facing products. The most prominent update, for the widely deployed Adobe Acrobat and Reader…

Read more →

Video messaging giant Zoom has released patches for multiple security vulnerabilities that expose both Windows and macOS users to malicious hacker attacks. The vulnerabilities, in the enterprise-facing Zoom Rooms product, could be exploited in privilege escalation attacks on both Windows…

Read more →

Iowa’s largest school district cancelled classes for Tuesday after determining there was a cyber attack on its technology network. Des Moines Public Schools announced Monday that classes would be cancelled for its 33,000 students after being “alerted to a cyber…

Read more →

Software supply chain security firm Phylum has identified a malicious attack targeting Python Package Index (PyPI) users with the PoweRAT backdoor and information stealer. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: PyPI…

Read more →

Microsoft-owned code hosting platform GitHub is now providing developers with the option to have their code repositories automatically scanned for vulnerabilities. Available as a ‘default setup’ option, the new feature is meant to help code builders find and resolve vulnerabilities…

Read more →

A vulnerability in the JsonWebToken open source JavaScript package could be exploited to achieve remote code execution (RCE), Palo Alto Networks’ Unit 42 warns. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Vulnerability…

Read more →

The first ICS Patch Tuesday of 2023 brings a dozen security advisories from Siemens and Schneider Electric, addressing a total of 27 vulnerabilities. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: 2023 ICS…

Read more →

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Windows 7 Extended Security…

Read more →

Is the United States heading toward a recession? If we are, then profits will dip, and belts will be tightened while we wait for the government to turn things round. Most, but not all, businesses will survive; but all will…

Read more →

Security researchers at Microsoft are flagging ransomware attacks on Apple’s flagship macOS operating system, warning that financially motivated cybercriminals are abusing legitimate macOS functionalities to exploit vulnerabilities, evade defenses, or coerce users to infect their devices. read more This article…

Read more →

Security researchers at Microsoft are flagging ransomware attacks on Apple’s flagship macOS platform, warning that financially motivated cybercriminals are abusing legitimate macOS functionalities to exploit vulnerabilities, evade defenses, or coerce users to infect their devices. read more This article has…

Read more →

Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Secrets to…

Read more →

The Supreme Court on Monday rejected an Israeli spyware maker’s bid to derail a high-profile lawsuit filed by the WhatsApp messaging service. The justices left in place lower court rulings against the Israeli firm, NSO Group. WhatsApp claims that NSO…

Read more →

The Federal Communications Commission (FCC) is proposing tighter rules on the reporting of data breaches by wireless carriers. The updated rules, the FCC says, will fall in line with recent changes in federal and state laws regarding data breaches in…

Read more →

Franco-Dutch airline company Air France-KLM has started informing Flying Blue customers of a data breach involving their user accounts. Air France-KLM was formed in 2004, following the merger between Air France and KLM. Flying Blue is their loyalty program, also…

Read more →

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: AWS Enables Default Server-Side Encryption for…

Read more →

The US Cybersecurity and Infrastructure Security Agency (CISA) published advisories last week to inform organizations using Hitachi Energy products about several recently addressed critical and high-severity vulnerabilities. read more This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

More than a dozen new Mac malware families were discovered in 2022, including information stealers, cryptocurrency miners, loaders, and backdoors, and many of them have been linked to China. read more This article has been indexed from SecurityWeek RSS Feed…

Read more →

XDR’s fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture read more This article has been indexed from SecurityWeek RSS Feed Read the original article: XDR and the Age-old…

Read more →

Secure access service edge (SASE) provider Netskope on Thursday announced that it has raised $401 million in an oversubscribed financing round. To date, the company has raised close to $1.5 billion. read more This article has been indexed from SecurityWeek…

Read more →

The cybercriminals behind the Dridex banking trojan have adopted a new tactic in recent attacks targeting macOS devices, overwriting the victim’s document files to deliver their malicious code, Trend Micro reports. read more This article has been indexed from SecurityWeek…

Read more →

In a recent attack against a Ukrainian organization, Russian state-sponsored threat actor Turla leveraged legacy Andromeda malware likely deployed by other hackers via an infected USB drive, Mandiant reports. read more This article has been indexed from SecurityWeek RSS Feed…

Read more →

Many devices made by Microsoft, Lenovo, Samsung and likely others are affected by potentially serious UEFI firmware vulnerabilities in Qualcomm Snapdragon chips. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Qualcomm UEFI Flaws…

Read more →

More than 200 government, education, and healthcare organizations in the United States fell victim to ransomware in 2022, data gathered by cybersecurity firm Emsisoft shows. read more This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

Cloud company Rackspace has completed its investigation into the recent ransomware attack and found that the hackers did access some customer resources. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Rackspace Completes Investigation…

Read more →

France’s data regulator said Wednesday that it had fined Apple eight million euros ($8.5 million) for breaching privacy laws on its App Store. The CNIL said the US tech giant had installed trackers on the devices of French users without…

Read more →

read more This article has been indexed from SecurityWeek RSS Feed Read the original article: More Political Storms for TikTok After US Government Ban

Read more →

The SecurityWeek editorial team huddled over the holidays to look back at the stories that shaped 2022 and, more importantly, to stare into a shiny crystal ball to find the cybersecurity narratives that will dominate this year’s headlines. read more…

Read more →

Zoho this week announced patches for a high-severity SQL injection vulnerability in ManageEngine Password Manager Pro, PAM360, and Access Manager Plus. ManageEngine is an enterprise software solution offering management capabilities for endpoints, enterprise services, identity and access, IT operations, and…

Read more →

The SecurityWeek editorial team huddled over the holidays to look back at the stories that shaped 2022 and, more importantly, to stare into a shiny crystal ball to find the cybersecurity narratives that will dominate this year’s headlines. read more…

Read more →

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car functions and start or stop the engine. read more This article has been indexed from SecurityWeek…

Read more →

US burger chain Five Guys has disclosed a data breach impacting job applicants, and the company may be facing a lawsuit over the cybersecurity incident. Five Guys appears to have started informing customers on December 29, when it also notified…

Read more →

The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this week. read more This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock warns. read more This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is limited. read more This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Meta Hit With 390 Million Euro Fine Over EU Data Breaches

Read more →

read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Virtual Insanity: Protecting the Immersive Online World

Read more →

Google announced on Tuesday the first Android security updates for 2023, which patch a total of 60 vulnerabilities. The first part of the update, which arrives on devices as the 2023-01-01 security patch level, addresses 19 security defects in the…

Read more →

Cybersecurity solutions provider Fortinet this week announced patches for several vulnerabilities across its product portfolio and informed customers about a high-severity command injection bug in FortiADC. read more This article has been indexed from SecurityWeek RSS Feed Read the original…

Read more →

Rail systems and locomotive manufacturer Wabtec has started sending notification letters to individuals whose personal information was stolen in a ransomware attack last year. The US-based firm provides railway equipment, systems, and services worldwide and has offices in the Americas,…

Read more →

The National Institute of Standards and Technology (NIST) has published the final version of its guidance on applying the Cybersecurity Framework to the ground segment of space operations, specifically satellite command and control. read more This article has been indexed…

Read more →

A hacker is offering to sell data allegedly stolen from Swedish vehicle manufacturer Volvo Cars following a ransomware attack carried out in late December. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Hacker…

Read more →

read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Cybersecurity M&A Roundup: 21 Deals Announced in December 2022

Read more →

Security researcher Matt Kunze says Google paid him a $107,500 bug bounty reward for responsibly reporting vulnerabilities in the Google Home Mini smart speaker. The issues, the researcher says, could have been exploited by an attacker within wireless proximity to…

Read more →

The world changed fundamentally during the pandemic. Businesses were affected profoundly as they were forced to undergo digital transformation quickly to survive. And for organizations that were able to truly excel at it, digital transformation became a differentiating advantage. Of…

Read more →

Taiwan-based networking and storage solutions provider Synology has informed customers about the availability of patches for several critical vulnerabilities, including flaws likely exploited recently at the Pwn2Own hacking contest. read more This article has been indexed from SecurityWeek RSS Feed…

Read more →

Last week’s nightly builds of the open source machine learning framework PyTorch were injected with malware following a supply chain attack. Now part of the Linux Foundation umbrella, PyTorch is based on the Torch library and is used for applications…

Read more →

Google will pay Indiana $20 million to resolve the state’s lawsuit against the technology giant over allegedly deceptive location tracking practices, state Attorney General Todd Rokita announced. read more This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

Canadian Copper Mountain Mining Corporation (CMMC) last week shut down its mill after falling victim to a ransomware attack. Listed on the Toronto Stock Exchange, the firm owns most of the Copper Mountain mine. Located in southern British Columbia, the…

Read more →

read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Cybersecurity M&A Roundup: 16 Deals Announced in December 2022

Read more →

Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Nearly 300 Vulnerabilities Patched in Huawei’s HarmonyOS in 2022

Read more →