Tag: SecurityWeek RSS Feed

A cyberattack caused a nearly daylong outage of the nation’s new 988 mental health helpline on Dec. 1, 2022, federal officials said The post Feds Say Cyberattack Caused Suicide Helpline’s Outage appeared first on SecurityWeek. This article has been indexed…

Read more →

After French satirical magazine Charlie Hebdo’s launched a cartoon contest to mock Iran, an Iranian cyber retaliated in January. The post Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code. The post F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution appeared first on SecurityWeek. This article has been…

Read more →

Google announces an expansion of its OSS-Fuzz rewards program to help find software vulnerabilities before they are exploited. The post Google Shells Out $600,000 for OSS-Fuzz Project Integrations appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

The Pentagon said a Chinese spy balloon was over the central United States, and that the U.S. rejected China’s claims that it was not being used for surveillance. The post Big China Spy Balloon Moving East Over US, Pentagon Says…

Read more →

VMware patches CVE-2023-20854, a vulnerability that can be exploited by a malicious hacker to delete arbitrary files. The post High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

Read more →

A critical authentication vulnerability in Jira Service Management Server and Data Center allows attackers to impersonate users. The post Atlassian Warns of Critical Jira Service Management Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

Read more →

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023. The post Cyber Insights 2023: Venture Capital appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article: Cyber…

Read more →

Former Ubiquiti employee Nickolas Sharp has admitted in court to abusing company-provided credentials to steal data and then attempting to extort Ubiquiti. The post Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty appeared first on SecurityWeek. This article has…

Read more →

GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet The post GoAnywhere MFT Users Warned of Zero-Day Exploit appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

The U.S. is tracking a suspected Chinese spy balloon spotted over U.S. airspace, officials said on Feb. 2, 2023. The post China Says It’s Looking Into Report of Spy Balloon Over US appeared first on SecurityWeek. This article has been…

Read more →

Critical Oracle E-Business Suite vulnerability exploited in attacks shortly after PoC is published. The post Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code. The post F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution appeared first on SecurityWeek. This article has been…

Read more →

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions. The post Cyber Insights 2023 | Ransomware appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption. The post Cyber Insights 2023 | Quantum Computing and the Coming Cryptopocalypse appeared first on SecurityWeek. This article has been…

Read more →

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often in conflict with the second and third. The post Cyber Insights 2023 | Regulations appeared first…

Read more →

Google announces an expansion of its OSS-Fuzz rewards program to help find software vulnerabilities before they are exploited. The post Google Shells Out $600,000 for OSS-Fuzz Project Integrations appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code. The post F5 Working on Patch for BIG-IP Flaw That Can Lead to DoS, Code Execution appeared first on…

Read more →

Arnold Clark, one of Europe’s largest car companies, was targeted in a cyberattack, with the Play ransomware group claiming to have stolen gigabytes of information The post UK Car Retailer Arnold Clark Hit by Ransomware appeared first on SecurityWeek. This…

Read more →

Cisco this week announced patches for a high-severity command injection vulnerability allowing malicious code to persist across reboots. The post Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots appeared first on SecurityWeek. This article has been…

Read more →

The sophisticated HeadCrab malware has infected at least 1,200 Redis servers and abused them for cryptomining. The post HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies. The post Dealing With the Carcinization of Security appeared first on SecurityWeek. This article has been indexed…

Read more →

Vulnerabilities in electric vehicle charging management systems can be exploited for DoS attacks and to steal energy or sensitive information. The post EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft appeared first on SecurityWeek. This article has been indexed…

Read more →

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions. The post Cyber Insights 2023: Ransomware appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption. The post Cyber Insights 2023: Quantum Computing and the Coming Cryptopocalypse appeared first on SecurityWeek. This article has been indexed…

Read more →

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be remediated. The post Cyber Insights 2023 | Supply Chain Security appeared first on SecurityWeek. This article…

Read more →

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often in conflict with the second and third. The post Cyber Insights 2023: Regulations appeared first on…

Read more →

A new report found that 98% of organizations have a relationship with a third party that has been breached, while more than 50% have an indirect relationship with more than 200 fourth parties that have been breached. The post 98%…

Read more →

VMware confirms the publication of exploit code and urged VMware vRealize Log Insight users to implement mitigations immediately. The post VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities appeared first on SecurityWeek. This article has been indexed from…

Read more →

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads. The post Malicious NPM, PyPI Packages Stealing User Information appeared first on SecurityWeek. This article has been…

Read more →

Nantucket’s public schools shut its doors to students and teachers after a data encryption and extortion attack on its computer systems. The post Ransomware Leads to Nantucket Public Schools Shutdown appeared first on SecurityWeek. This article has been indexed from…

Read more →

Israeli venture group Team8 has bankrolled an $11 million seed-stage investment in Gem Security. The post Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform  appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

Dutch cyber authorities said several hospital websites in the Netherlands and Europe were likely targeted by a pro-Kremlin hacking group because of their countries’ support for Ukraine. The post Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’ appeared first on SecurityWeek.…

Read more →

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base. The post Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing appeared first on SecurityWeek.…

Read more →

Cyberinsurance and protection firm Boxx Insurance raises $14.4 million in a Series B funding round led by Zurich Insurance. The post Boxx Insurance Raises $14.4 Million in Series B Funding appeared first on SecurityWeek. This article has been indexed from…

Read more →

Serious vulnerabilities found in Econolite EOS traffic controller software can be exploited to control traffic lights, but the flaws remain unpatched. The post Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking appeared first on SecurityWeek. This article has been indexed…

Read more →

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while cybercriminals have had their restraints reduced. The post Cyber Insights 2023: ICS and Operational Technology appeared…

Read more →

While cyber eyes are trained on Russia, we should remember that it is not the West’s only cyber adversary. China, Iran, and North Korea will all increase their activity through 2023 under cover of the European war. The post Cyber…

Read more →

Despite some geopolitical overlaps with state attackers, the majority of cyberattacks still come from simple – or perhaps sophisticated – criminals who are more motivated by money than politics. The post Cyber Insights 2023: Criminal Gangs appeared first on SecurityWeek.…

Read more →

Censys finds 30,000 internet-exposed QNAP appliances that are likely affected by a recently disclosed critical code injection vulnerability. The post 30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

The Prilex point-of-sale (PoS) malware has been modified to block contactless transactions to force the insertion of credit cards and steal their information. The post Prilex PoS Malware Blocks NFC Transactions to Steal Credit Card Data appeared first on SecurityWeek.…

Read more →

Google Fi informs customers about a data breach related to the recent T-Mobile cyberattack and some users claim they were targeted in a SIM swapping attack The post Google Fi Data Breach Reportedly Led to SIM Swapping appeared first on…

Read more →

Sentra, a cloud data security company with roots in New York and Tel Aviv, has raised a $30 million as investors continue to place big bets on the data security posture management category. The post Sentra Raises $30 Million for…

Read more →

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status. The post Microsoft’s Verified Publisher Status Abused in Email Theft Campaign appeared first on SecurityWeek. This article has…

Read more →

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool for beneficial improvement is still unknown. The post Cyber Insights 2023: Artificial Intelligence appeared first on…

Read more →

The question for 2023 and beyond is whether the cyberinsurance industry can make a profit without destroying its market. The post Cyber Insights 2023: Cyberinsurance appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas of IT infrastructure that can be attacked. The post Cyber Insights 2023: Attack Surface Management appeared…

Read more →

QNAP warns users of a critical vulnerability that allows attackers to inject malicious code on NAS devices. The post Critical QNAP Vulnerability Leads to Code Injection appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud, and edge. The post How the Atomized Network Changed Enterprise Protection appeared first on SecurityWeek. This…

Read more →

All-in-one cybersecurity platform Guardz today emerged from stealth mode with $10 million in seed funding. The post Guardz Emerges From Stealth Mode With $10 Million in Funding appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

Read more →

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications. The post GitHub Revokes Code Signing Certificates Following Cyberattack appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Identity and access governance vendor Saviynt has closed a $205 million financing round. The post Saviynt Raises $205M; Founder Rejoins as CEO appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the original article: Saviynt…

Read more →

Chainguard released OpenVEX Spec Adds Clarity to Supply Chain Vulnerability Warnings specification to help software vendors and maintainers communicate precise metadata about the vulnerability status of products The post OpenVEX Spec Adds Clarity to Supply Chain Vulnerability Warnings appeared first…

Read more →

Russian Vladislav Klyushin made tens of millions of dollars by hacking into U.S. computer networks to steal insider information. The post Russian Millionaire on Trial in Hack, Insider Trade Scheme appeared first on SecurityWeek. This article has been indexed from…

Read more →

JD Sports discovers unauthorized access to information from orders placed by customers between 2018 and 2020. The post British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks. The post Russia-Linked APT29 Uses New Malware in Embassy Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

Read more →

Vulnerabilities in open source health records management software OpenEMR could lead to patient data compromise, remote code execution (RCE). The post Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment in cybersecurity. The post The Effect of Cybersecurity Layoffs on Cybersecurity Recruitment appeared first on SecurityWeek.…

Read more →

A researcher has disclosed the details of a 2FA bypass vulnerability affecting Instagram and Facebook. The post Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published. The post Critical Vulnerability Impacts Over 120 Lexmark Printers appeared first on SecurityWeek. This article has been indexed from…

Read more →

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement. The post Industry Reactions to Hive Ransomware Takedown: Feedback Friday appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

The latest BIND updates patch multiple remotely exploitable vulnerabilities that could lead to denial-of-service (DoS). The post BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham’s Ax persona The post Iranian APT Leaks Data From Saudi Arabia Government Under New Persona appeared first on SecurityWeek. This article has…

Read more →

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks. The post Microsoft Urges Customers to Patch Exchange Servers appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive operation. The post US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware appeared first…

Read more →

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet The post Cyberattacks Target Websites of German Airports, Admin appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS Feed…

Read more →

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries. The post Hive Ransomware Operation Shut Down by Law Enforcement appeared first on SecurityWeek. This article has been indexed from SecurityWeek…

Read more →

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation. The post US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’ appeared first on SecurityWeek. This article…

Read more →

How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers. The post Mapping Threat Intelligence to the NIST Compliance Framework Part 2 appeared first on SecurityWeek. This article…

Read more →

Zacks Investment Research is informing 820,000 individuals that their personal data was compromised in a data breach. The post 820k Impacted by Data Breach at Zacks Investment Research appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

Tenable has launched a $25 million venture fund to place bets on early-stage startups in the exposure management space. The post Tenable Launches $25 Million Early-Stage Venture Fund appeared first on SecurityWeek. This article has been indexed from SecurityWeek RSS…

Read more →

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries. The post Hive Ransomware Operation Apparently Shut Down by Law Enforcement appeared first on SecurityWeek. This article has been indexed from…

Read more →

Apple’s product security response team on Monday rolled out patches to cover numerous serious security vulnerabilities affecting users of its flagship iOS and macOS platforms. read more This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

Thoma Bravo’s shopping spree in the cybersecurity lane is showing no signs of slowing down. The private equity giant has announced plans to spend $1.3 billion to acquire Canadian software firm Magnet Forensics, a deal that expands Thoma Bravo’s push…

Read more →

Microsoft says it is making a “multiyear, multibillion dollar investment” in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools that can write readable text and generate new images. read more This article has been indexed from SecurityWeek…

Read more →

Cybersecurity firm NCC Group has shared details on two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page. read more This article has been indexed from SecurityWeek RSS…

Read more →

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December 2022, the US Government Accountability Office (GAO) says in a new report. read more This article…

Read more →

The National Security Agency (NSA) has published guidance to help the Department of Defense (DoD) and other system administrators identify and mitigate cyber risks associated with transitioning to Internet Protocol version 6 (IPv6). read more This article has been indexed…

Read more →

A new unit to handle cybersecurity in Mississippi is in place and has its first director. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Mississippi Creates New Cyber Unit, Names 1st Director

Read more →

Companies affected by the recent Mailchimp data breach have started notifying customers. The list includes WooCommerce, FanDuel, Yuga Labs and the Solana Foundation. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: Companies Impacted…

Read more →

FBI Director Christopher Wray said Thursday that he was “deeply concerned” about the Chinese government’s artificial intelligence program, asserting that it was “not constrained by the rule of law.” read more This article has been indexed from SecurityWeek RSS Feed…

Read more →

A sophisticated ad fraud scheme that spoofed over 1,700 applications and 120 publishers peaked at 12 billion ad requests per day before being taken down, bot attack prevention firm Human says. read more This article has been indexed from SecurityWeek…

Read more →

Cloud risk management and threat detection firm Rapid7 warns that it has seen organizations being compromised in attacks exploiting a recently patched Zoho ManageEngine vulnerability. read more This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →

Several vulnerabilities described as having critical and high impact, including ones allowing unauthenticated remote code execution, have been found and patched in OpenText’s enterprise content management (ECM) product. read more This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands, according to data from Chainalysis. read more This article has been indexed from SecurityWeek RSS Feed Read the original…

Read more →

Online payments system PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: PayPal Warns 35,000 Users of…

Read more →

The European Union’s digital policy chief warned TikTok’s boss Thursday that the social media app will have to fall in line with tough new rules for online platforms set to take effect later this year. read more This article has…

Read more →

Drupal this week announced software updates that resolve a total of four vulnerabilities in Drupal core and three plugins, and which could lead to unauthorized access to data. read more This article has been indexed from SecurityWeek RSS Feed Read…

Read more →

A ransomware attack forced the parent company of KFC and Taco Bell to close several hundred restaurants in the United Kingdom this week. A government filing posted Thursday says the attack impacted information technology systems. Yum Brands said the attackers…

Read more →

Bad actors find themselves at a constant advantage. They can determine when, where, and how they will attack an enterprise, using time and patience to pick the moment they want to strike. read more This article has been indexed from…

Read more →

A China-linked threat actor was observed exploiting a recently disclosed Fortinet FortiOS SSL-VPN vulnerability when it was still a zero-day, months before patches were released, Mandiant reports. read more This article has been indexed from SecurityWeek RSS Feed Read the…

Read more →

Wireless carrier T-Mobile on Thursday fessed up to another massive data breach affecting  approximately 37 million current postpaid and prepaid customer accounts. read more This article has been indexed from SecurityWeek RSS Feed Read the original article: T-Mobile Says Hackers…

Read more →

Software engineers tracking the quality of software bill of materials have stumbled on a startling discovery: Barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government. read more This article has been indexed…

Read more →

Social media giant Meta has been fined an additional 5.5 million euros ($5.9 million) for violating EU data protection regulations with its instant messaging platform WhatsApp, Ireland’s regulator announced Thursday. read more This article has been indexed from SecurityWeek RSS…

Read more →

There is a problem with API security – it isn’t working very well, and it’s largely down to credential leakage. Most security professionals are confident in their own API credential management; but at the same time, most of the same…

Read more →

B2B payment security provider NsKnox this week announced that it has raised $17 million in a new funding round that brings the total raised by the company to $35.6 million. read more This article has been indexed from SecurityWeek RSS…

Read more →

Sophos has confirmed reports that it’s laying off employees. The company joins several other major cybersecurity companies that have announced cutting staff over the past year. read more This article has been indexed from SecurityWeek RSS Feed Read the original…

Read more →

A cross-site request forgery (CSRF) vulnerability impacting the source control management (SCM) service Kudu could be exploited to achieve remote code execution (RCE) in multiple Azure services, cloud infrastructure security firm Ermetic has discovered. read more This article has been…

Read more →

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami on Wednesday, along with five associates in Europe, during an international operation against “darknet” markets. read more This article has been indexed from SecurityWeek RSS Feed Read the original…

Read more →

Cisco on Wednesday announced patches for a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME). read more This article has been indexed from SecurityWeek RSS Feed Read the original article:…

Read more →