Johnson & Johnson has disclosed a data breach impacting the personal information of thousands of people. The post Pharma Giant Johnson & Johnson Discloses Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Category: securityweek
VMware Struggles to Fix Flaw Exploited at Chinese Hacking Contest
For the second time in as many months, VMware patches a remote code execution vulnerability first exploited at a Chinese hacking contest in June. The post VMware Struggles to Fix Flaw Exploited at Chinese Hacking Contest appeared first on SecurityWeek.…
Apple Offering Hackable iPhones to Universities
Apple expands its Security Research Device Program to put hackable iPhones in the hands of select educators at the university level. The post Apple Offering Hackable iPhones to Universities appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Sophos to Acquire SecureWorks in $859 Million All-Cash Deal
Sophos plans to integrate Secureworks Taegis XDR platform into its MDR services across small, mid-sized, and enterprise segments. The post Sophos to Acquire SecureWorks in $859 Million All-Cash Deal appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
ESET Distributor’s Systems Abused to Deliver Wiper Malware
ESET has launched an investigation after a product distributor in Israel sent out emails delivering wiper malware. The post ESET Distributor’s Systems Abused to Deliver Wiper Malware appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Big Rewards Offered in Dedicated Google Cloud Bug Bounty Program
More than 460 products and services are covered under Google Cloud’s new VRP, with 140 eligible for top tier bug bounty rewards. The post Big Rewards Offered in Dedicated Google Cloud Bug Bounty Program appeared first on SecurityWeek. This article…
Cisco Confirms Security Incident After Hacker Offers to Sell Data
Cisco has confirmed that some files have been stolen from its DevHub environment after a hacker offered to sell information. The post Cisco Confirms Security Incident After Hacker Offers to Sell Data appeared first on SecurityWeek. This article has been…
Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira
Atlassian has released patches for high-severity vulnerabilities in Bitbucket, Confluence, and Jira Service Management. The post Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Atlassian Patches…
AI and Hardware Hacking on the Rise
Bugcrowd’s Inside the Mind of a Hacker report surveys the thoughts of one of the world’s largest hacker communities. The post AI and Hardware Hacking on the Rise appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Roundcube Webmail Vulnerability Exploited in Government Attack
An XSS vulnerability in Roundcube Webmail has been targeted for code execution against a governmental organization in a CIS country. The post Roundcube Webmail Vulnerability Exploited in Government Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Industry Moves for the week of October 21, 2024 – SecurityWeek
Explore industry moves and significant changes in the industry for the week of October 21, 2024. Stay updated with the latest industry trends and shifts. This article has been indexed from SecurityWeek Read the original article: Industry Moves for the…
Internet Archive Hacked Again During Service Restoration Efforts
The Internet Archive has suffered an email hack while working to restore services impacted by the recent cyberattacks. The post Internet Archive Hacked Again During Service Restoration Efforts appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Cyprus Thwarted a Digital Attack Against the Government’s Main Online Portal
Cyprus said that it has successfully thwarted a DDoS attack aimed at blocking access to the government’s central online portal. The post Cyprus Thwarted a Digital Attack Against the Government’s Main Online Portal appeared first on SecurityWeek. This article has…
Industrial and Critical Infrastructure Defenders to Gather in Atlanta for 2024 ICS Cybersecurity Conference
Premier Industrial Cybersecurity Conference offers 80+ sessions and hands-on training to tackle critical infrastructure cyber threats. The post Industrial and Critical Infrastructure Defenders to Gather in Atlanta for 2024 ICS Cybersecurity Conference appeared first on SecurityWeek. This article has been…
Microsoft: macOS Vulnerability Potentially Exploited in Adware Attacks
The Adload macOS adware potentially exploits a privacy bypass vulnerability resolved in Sequoia 15 last month. The post Microsoft: macOS Vulnerability Potentially Exploited in Adware Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
North Korean APT Exploited IE Zero-Day in Supply Chain Attack
A Pyongyang-aligned APT was caught exploiting a recent zero-day in Internet Explorer in a supply chain attack. The post North Korean APT Exploited IE Zero-Day in Supply Chain Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Rising Tides: Christien “DilDog” Rioux on Building Privacy and What Makes Hackers Unique
Veracode and Veilid Foundation co-founder discusses the “human rights issue” of accessible privacy and what makes hackers unique. The post Rising Tides: Christien “DilDog” Rioux on Building Privacy and What Makes Hackers Unique appeared first on SecurityWeek. This article has…
Organizations Faster at Detecting OT Incidents, but Response Still Lacking: Report
SANS has published its 2024 State of ICS/OT Cybersecurity report, based on a survey of over 530 critical infrastructure sector professionals. The post Organizations Faster at Detecting OT Incidents, but Response Still Lacking: Report appeared first on SecurityWeek. This article…
Omni Family Health Data Breach Impacts 470,000 Individuals
Omni Family Health has disclosed a data breach impacting nearly 470,000 current and former patients and employees. The post Omni Family Health Data Breach Impacts 470,000 Individuals appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Cyera Acquires Data Loss Prevention Firm Trail Security for $162 Million
Data security company Cyera has acquired stealth mode startup Trail Security for its data loss prevention (DLP) technology. The post Cyera Acquires Data Loss Prevention Firm Trail Security for $162 Million appeared first on SecurityWeek. This article has been indexed…
Be Aware of These Eight Underrated Phishing Techniques
There are a number of lesser-known phishing techniques that are often overlooked or underestimated yet increasingly being employed by attackers. The post Be Aware of These Eight Underrated Phishing Techniques appeared first on SecurityWeek. This article has been indexed from…
CISA, FBI Seek Public Comment on Software Security Bad Practices Guidance
CISA and the FBI are requesting public comment on new guidance regarding risky software security bad practices. The post CISA, FBI Seek Public Comment on Software Security Bad Practices Guidance appeared first on SecurityWeek. This article has been indexed from…
F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability
F5 has released patches for a high-severity elevation of privilege vulnerability in BIG-IP and a medium-severity bug in BIG-IQ. The post F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability appeared first on SecurityWeek. This article has been indexed from…
Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters
Cisco has released patches for multiple vulnerabilities in ATA 190 series firmware, including two high-severity flaws. The post Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Brazilian Police Arrest Notorious Hacker USDoD
Brazil’s Federal Police announced the arrest of a hacker whose description matches that of the notorious leaker USDoD. The post Brazilian Police Arrest Notorious Hacker USDoD appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Anonymous Sudan DDoS Service Disrupted, Members Charged by US
The DoJ has announced charges against Anonymous Sudan members and the disruption of their DDoS attack service. The post Anonymous Sudan DDoS Service Disrupted, Members Charged by US appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Code Execution, Data Tampering Flaw in Nvidia NeMo Gen-AI Framework
Artificial intelligence tech giant Nvidia issues a warning for code execution and data tampering security problems in the NeMo platform. The post Code Execution, Data Tampering Flaw in Nvidia NeMo Gen-AI Framework appeared first on SecurityWeek. This article has been…
VMware Patches High-Severity SQL Injection Flaw in HCX Platform
VMware patches CVE-2024-38814 and warns that attackers with non-administrator privileges can execute remote code on the HCX manager. The post VMware Patches High-Severity SQL Injection Flaw in HCX Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Android 15 Rolling Out With New Theft, Application Protection Features
Google has released Android 15 with new security features to keep devices and sensitive applications better protected. The post Android 15 Rolling Out With New Theft, Application Protection Features appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
OT Risk Management Firm DeNexus Raises $17.5 Million
DeRisk is an AI and ML-driven data analytics platform that focuses on managing the cyber risk to the underserved operational technology of critical industries. The post OT Risk Management Firm DeNexus Raises $17.5 Million appeared first on SecurityWeek. This article…
Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site
Microsoft has patched ‘critical’ privilege escalation and information disclosure vulnerabilities in Power Platform, Dataverse and the Imagine Cup website. The post Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site appeared first on SecurityWeek. This article has been indexed from…
Google Pays Out $36,000 for Severe Chrome Vulnerability
Google has released Chrome 130 in the stable channel to resolve 17 vulnerabilities, including 13 reported by external researchers. The post Google Pays Out $36,000 for Severe Chrome Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
AI Models in Cybersecurity: From Misuse to Abuse
Exploring differences in AI models on security measures and unveiling threat actor tactics. The post AI Models in Cybersecurity: From Misuse to Abuse appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: AI Models…
Organizations Warned of Exploited SolarWinds Web Help Desk Vulnerability
CISA warns that a critical-severity hardcoded credentials vulnerability in SolarWinds Web Help Desk is exploited in attacks. The post Organizations Warned of Exploited SolarWinds Web Help Desk Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Oracle Patches Over 200 Vulnerabilities With October 2024 CPU
Oracle has released 334 new security patches to address roughly 220 unique CVEs as part of its October 2024 Critical Patch Update. The post Oracle Patches Over 200 Vulnerabilities With October 2024 CPU appeared first on SecurityWeek. This article has…
Passkey News: FIDO Unveils New Specifications, Amazon Announces 175 Million Users
FIDO Alliance has published new specifications for securely moving passkeys across providers, as Amazon announced 175 million passkey users. The post Passkey News: FIDO Unveils New Specifications, Amazon Announces 175 Million Users appeared first on SecurityWeek. This article has been…
Cybercriminals Are Increasingly Helping Russia and China Target the US and Allies, Microsoft Says
The growing collaboration between authoritarian governments and criminal hackers has alarmed national security officials and cybersecurity experts. The post Cybercriminals Are Increasingly Helping Russia and China Target the US and Allies, Microsoft Says appeared first on SecurityWeek. This article has…
Election Day is Close, the Threat of Cyber Disruption is Real
New threat report shows that the potential for disruption to November’s Election Day is severe, and the threat is real. The post Election Day is Close, the Threat of Cyber Disruption is Real appeared first on SecurityWeek. This article has…
GitHub Patches Critical Vulnerability in Enterprise Server
A critical-severity flaw in GitHub Enterprise Server could lead to unauthorized access to the vulnerable instances. The post GitHub Patches Critical Vulnerability in Enterprise Server appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Volkswagen Says IT Infrastructure Not Affected After Ransomware Gang Claims Data Theft
Volkswagen has issued a statement after the 8Base ransomware group claimed to have stolen valuable data from the company’s systems. The post Volkswagen Says IT Infrastructure Not Affected After Ransomware Gang Claims Data Theft appeared first on SecurityWeek. This article…
CISO Conversations: Julien Soriano (Box) and Chris Peake (Smartsheet)
CISOS from Box and Smartsheet discuss the route toward, the role within, and the future of being a successful CISO. The post CISO Conversations: Julien Soriano (Box) and Chris Peake (Smartsheet) appeared first on SecurityWeek. This article has been indexed…
Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities
Splunk has released patches for multiple vulnerabilities in Splunk Enterprise, including two high-severity remote code execution flaws. The post Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack
Automattic has rolled out updates for 101 Jetpack versions released over the past eight years to resolve a critical vulnerability. The post Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack appeared first on SecurityWeek. This article has been…
Industry Moves for the week of October 14, 2024 – SecurityWeek
Explore industry moves and significant changes in the industry for the week of October 14, 2024. Stay updated with the latest industry trends and shifts. This article has been indexed from SecurityWeek Read the original article: Industry Moves for the…
New CounterSEVeillance and TDXDown Attacks Target AMD and Intel TEEs
Intel and AMD respond to new attack methods named TDXDown and CounterSEVeillance that can be used against TDX and SEV technology. The post New CounterSEVeillance and TDXDown Attacks Target AMD and Intel TEEs appeared first on SecurityWeek. This article has…
Juniper Networks Patches Dozens of Vulnerabilities
Juniper Networks has announced patches for dozens of vulnerabilities in Junos OS, Junos OS Evolved, and third-party components. The post Juniper Networks Patches Dozens of Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability
The Iran-linked APT OilRig has intensified cyber operations against the United Arab Emirates and the broader Gulf region. The post Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks
Fortinet believes state-sponsored threat actors are behind the recent attacks involving exploitation of Ivanti CSA zero-days. The post Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches
Gryphon Healthcare and Tri-City Medical Center have disclosed data breaches collectively impacting over 500,000 individuals. The post Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Watch Now: Zero Trust Strategies Summit – All Sessions Available on Demand
With all sessions now available on demand, the online summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. The post Watch Now: Zero Trust Strategies Summit – All Sessions Available on Demand…
Dozens of Cybersecurity Companies Announced Layoffs in Past Year
Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce. The post Dozens of Cybersecurity Companies Announced Layoffs in Past Year appeared first on SecurityWeek. This article has been…
Chinese Hackers Adopting Open Source ‘SparkRAT’ Tool
Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations. The post Chinese Hackers Adopting Open Source ‘SparkRAT’ Tool appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups. The post UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies appeared first on SecurityWeek. This…
US Government Agencies Warn of Malicious Use of Remote Management Software
CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts. The post US Government Agencies Warn of Malicious Use of Remote Management Software appeared first on SecurityWeek. This article has…
Malicious Prompt Engineering With ChatGPT
The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad. The post Malicious Prompt Engineering With ChatGPT appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Security Update for Chrome 109 Patches 6 Vulnerabilities
Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update. The post Security Update for Chrome 109 Patches 6 Vulnerabilities appeared first on SecurityWeek. This article has been…
North Korean APT Expands Its Attack Repertoire
The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by other hackers. The post North Korean APT Expands Its Attack Repertoire appeared first on SecurityWeek. This…
Strata Raises $26 Million for Multi-Cloud Identity Management Platform
Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital, and Menlo Ventures. The post Strata Raises $26 Million for Multi-Cloud Identity Management Platform appeared first…
New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication. The post New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch appeared first on SecurityWeek. This article…
CISA Provides Resources for Securing K-12 Education System
CISA has published a report detailing the cybersecurity risks to the K-12 education system and recommendations on how to secure it. The post CISA Provides Resources for Securing K-12 Education System appeared first on SecurityWeek. This article has been indexed…
Forward Networks Raises $50 Million in Series D Funding
Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors. The post Forward Networks Raises $50 Million in Series D Funding appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
South Dakota’s Noem Says Cell Phone Number Hacked
South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6 committee. The post South Dakota’s Noem Says Cell Phone Number Hacked appeared first on SecurityWeek. This…
Riot Games Says Source Code Stolen in Ransomware Attack
Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack The post Riot Games Says Source Code Stolen in Ransomware Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Password Dependency: How to Break the Cycle
Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the password dependency cycle. But how can this be done? The post Password Dependency: How to Break…
Learning to Lie: AI Tools Adept at Creating Disinformation
Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation. The post Learning to Lie: AI Tools Adept at Creating Disinformation appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
VMware Plugs Critical Code Execution Flaws
VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system. The post VMware Plugs Critical Code Execution Flaws appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
GoTo Says Hackers Stole Encrypted Backups, MFA Settings
GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach. The post GoTo Says Hackers Stole Encrypted Backups, MFA Settings appeared first on SecurityWeek. This article has…
Apple Patches Exploited iOS Vulnerability in Old iPhones
Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads. The post Apple Patches Exploited iOS Vulnerability in Old iPhones appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
FBI Confirms North Korean Hackers Behind $100 Million Horizon Bridge Heist
FBI says a North Korea-linked threat group known as Lazarus and APT38 is behind the $100 million Horizon bridge cryptocurrency heist. The post FBI Confirms North Korean Hackers Behind $100 Million Horizon Bridge Heist appeared first on SecurityWeek. This article…
Attacks Targeting Realtek SDK Vulnerability Ramping Up
Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK. The post Attacks Targeting Realtek SDK Vulnerability Ramping Up appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Arm Vulnerability Leads to Code Execution, Root on Pixel 6 Phones
Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6. The post Arm Vulnerability Leads to Code Execution, Root on Pixel 6 Phones appeared first on SecurityWeek. This article has…
Zendesk Hacked After Employees Fall for Phishing Attack
Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees. The post Zendesk Hacked After Employees Fall for Phishing Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Microsoft Office to Block XLL Add-ins From Internet
Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet. The post Microsoft Office to Block XLL Add-ins From Internet appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Cygnvs Emerges From Stealth Mode With Incident Response Platform
Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding. The post Cygnvs Emerges From Stealth Mode With Incident Response Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Thoma Bravo to Buy Magnet Forensics in $1.3B Transaction
Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business. The post Thoma Bravo to Buy Magnet Forensics in $1.3B Transaction appeared first on SecurityWeek. This article has been…
Apple Patches WebKit Code Execution in iPhones, MacBooks
Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities. The post Apple Patches WebKit Code Execution in iPhones, MacBooks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Apple…