Source: www.securityweek.com – Author: Kevin Townsend Two new products aim to secure the traditional OSS supply chain, and the new AI model software supply chain. The...
Month: January 2024
Fintech Company EquiLend Restoring Systems Following Cyberattack – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Fintech firm EquiLend is investigating a cyberattack (possibly a ransomware attack) that knocked some of its systems offline. The post...
Cisco Patches Critical Vulnerability in Enterprise Collaboration Products – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire A critical flaw in Cisco Unified Communications and Contact Center Solutions products could lead to remote code execution. The post...
Tesla Infotainment Hack Earns Researchers $100,000 at Pwn2Own Automotive – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs Over $1 million paid out in the first two days of Pwn2Own Automotive for Tesla, infotainment and EV charger hacks....
Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Over 5,000 GitLab servers have yet to be patched against CVE-2023-7028, a critical password reset vulnerability. The post Thousands of...
Firefox 122 Patches 15 Vulnerabilities – Source: www.securityweek.com
Source: www.securityweek.com – Author: Ionut Arghire Updates released for Firefox and Thunderbird resolve 15 vulnerabilities, including five high-severity bugs. The post Firefox 122 Patches 15 Vulnerabilities...
Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users – Source: www.securityweek.com
Source: www.securityweek.com – Author: Associated Press Amazon-owned Ring will stop allowing police to request doorbell camera footage from users following criticism from privacy advocates. The post...
HPE Says Russian Government Hackers Had Access to Emails for 6 Months – Source: www.securityweek.com
Source: www.securityweek.com – Author: Eduard Kovacs HPE told the SEC that Russian state-sponsored threat group Midnight Blizzard had access to an email system for several months....
Airline Gets SASE to Modernize Operations – Source: www.darkreading.com
Source: www.darkreading.com – Author: Karen D. Schwartz, Contributing Writer Source: Boaz Rottem via Alamy Stock Photo Complaints like delayed and canceled flights, lost and damaged luggage,...
SecurityScorecard Launches MAX – Source: www.darkreading.com
Source: www.darkreading.com – Author: PRESS RELEASE NEW YORK – Jan. 25, 2024 — SecurityScorecard today announced SecurityScorecard MAX™, a new partner-focused managed service from SecurityScorecard that builds on the company’s...
Help Wanted From Convicted Cybercriminals – Source: www.darkreading.com
Source: www.darkreading.com – Author: Dan Raywood, Senior Editor, Dark Reading Source: Andriy Popov via Alamy Stock Photo The most recent ISC2 Cybersecurity Workforce Study found a...
Pwn2Own 2024: Tesla Hacks, Dozens of Zero-Days in Electrical Vehicles – Source: www.darkreading.com
Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Rosemary Roberts via Alamy Stock Photo In just two days at Pwn2Own 2024 in Tokyo, researchers have...
‘Midnight Blizzard’ Breached HPE Email Months Before Microsoft Hack – Source: www.darkreading.com
Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Source: trambler58 via Shutterstock Months before Russian threat actor “Midnight Blizzard” accessed and exfiltrated data from email accounts...
Panorays Study Finds 94% of CISOs Are Concerned About Third-party Cyber Threats, Yet Only 3% Have Implemented Security Measures – Source: www.darkreading.com
Source: www.darkreading.com – Author: PRESS RELEASE NEW YORK (January 25, 2024) – Panorays, a leading provider of third-party security risk management software, has conducted its 2024 CISO Survey of...
Protecting Children’s Data Needs to Be a Priority for All – Source: www.darkreading.com
Source: www.darkreading.com – Author: Steve Yin Source: Chad Ehlers via Alamy Stock Photo COMMENTARY Organizations are facing a challenging cybersecurity environment and a chaotic threat landscape....
Critical Cisco Unified Communications RCE Bug Allows Root Access – Source: www.darkreading.com
Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading 1 Min Read Source: Anucha Cheechang via Shutterstock A critical security vulnerability in Cisco Unified...
‘CherryLoader’ Malware Allows Serious Privilege Execution – Source: www.darkreading.com
Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer 2 Min Read Source: kevers via Alamy Stock Photo It’s the pits for admins: Researchers have discovered a...
Abu Dhabi Investment Firm Warns About Scam Efforts – Source: www.darkreading.com
Source: www.darkreading.com – Author: Dark Reading Staff Source: designer491 via Alamy Stock Photo The National Investor, an Abu Dhabi-based investment management and advisory firm, has warned that...
Multiple vulnerabilities discovered in widely used security driver – Source: news.sophos.com
Source: news.sophos.com – Author: Angela Gunn A false-alarm incident involving Panda Security software leads to three very real CVEs In July 2023, our proactive behavior rules...
More Australian IT Leaders Could Be Looking to Replace Passwords With Passkeys in 2024 – Source: www.techrepublic.com
Source: www.techrepublic.com – Author: Ben Abbott The Australian government announced in 2023 that it would phase out the use of passwords to access key government digital...
How to Prevent Phishing Attacks with Multi-Factor Authentication – Source: www.techrepublic.com
Source: www.techrepublic.com – Author: Drew Robb We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not...
Trickbot malware scumbag gets five years for infecting hospitals, businesses – Source: go.theregister.com
Source: go.theregister.com – Author: Team Register A former Trickbot developer has been sent down for five years and four months for his role in infecting American...
EquiLend drags systems offline after admitting attacker broke in – Source: go.theregister.com
Source: go.theregister.com – Author: Team Register US securities lender EquiLend has pulled a number of its systems offline after a security “incident” in which an attacker...
23andMe data breach: Hackers stole raw genotype data, health reports – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential...
Blackwood hackers hijack WPS Office update to install malware – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas A previously unknown advanced threat actor tracked as ‘Blackwood’ is using sophisticated malware called NSPX30 in cyberespionage attacks against companies...
Russian TrickBot malware dev sentenced to 64 months in prison – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating...
iPhone apps abuse iOS push notifications to collect user data – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Numerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the...
Tesla hacked again, 24 more zero-days exploited at Pwn2Own Tokyo – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Security researchers hacked the Tesla infotainment system and demoed 24 more zero-days on the second day of the Pwn2Own Automotive...
Cisco warns of critical RCE flaw in communications software – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Cisco is warning that several of its Unified Communications Manager (CM) and Contact Center Solutions products are vulnerable to a...
Hackers target WordPress database plugin active on 1 million sites – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Malicious activity targeting a critical severity flaw in the ‘Better Search Replace’ WordPress plugin has been detected, with researchers observing...