Enterprise cloud host Rackspace has been hacked via a zero-day flaw in ScienceLogic’s monitoring app, with ScienceLogic shifting the blame to an undocumented vulnerability in a different bundled third-party utility. The breach, flagged on September 24, was traced back to a zero-day in ScienceLogic’s flagship SL1 software but a company spokesperson tells SecurityWeek the remote code execution … [Read more...]
MITRE Adds Mitigations to EMB3D Threat Model
MITRE on Tuesday announced the full release of the EMB3D Threat Model, which now includes essential mitigations mapped to security controls specified in the Industrial Automation and Control Systems standard. Initially announced in December 2023 and officially released in May 2024, EMB3D is a framework offering information on the cyber threats targeting embedded devices used in critical … [Read more...]
US, Allies Release Guidance on Securing OT Environments
New guidance from government agencies in the US and allied countries provides organizations with details on how to design, implement, and manage safe and secure operational technology (OT) environments. OT is deeply integrated into critical infrastructure organizations’ complex environments, and business decisions such as adding new processes, services, or systems, selecting vendors for support, … [Read more...]
Cryptocurrency Wallets Targeted via Python Packages Uploaded to PyPI
Users of popular cryptocurrency wallets have been targeted in a supply chain attack involving Python packages relying on malicious dependencies to steal sensitive information, Checkmarx warns. As part of the attack, multiple packages posing as legitimate tools for data decoding and management were uploaded to the PyPI repository on September 22, purporting to help cryptocurrency users looking to … [Read more...]
Harmonic Raises $17.5M to Defend Against AI Data Harvesting
Harmonic, an early stage startup working on software to mitigate against unregulated AI apps harvesting company data at scale, has attracted $17.5 million in new funding as venture capital investors double down on AI security companies. The British company said the Series A raise was provided by Next47, a venture investment house with interests in Claroty and Sysdig. Seed-stage … [Read more...]
Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps
Web performance and security firm Cloudflare recently mitigated another record-breaking DDoS attack. According to Matthew Prince, the company’s CEO, the attack peaked at 3.8 terabits per second (Tbps) and 2.14 billion packets per second (Pps). The attack was aimed at an unidentified customer of an unnamed hosting provider that uses Cloudflare services. To put the numbers into context, the … [Read more...]
After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks
A few days after a researcher warned that the Common UNIX Printing System (CUPS) could be abused for unauthenticated remote code execution, cybersecurity firm Akamai determined that CUPS could also be abused for significant DDoS attacks. CUPS is a popular open source printing system that is based on the Internet Printing Protocol (IPP) and designed mainly for Linux and UNIX-like operating … [Read more...]
Critical Zimbra Vulnerability Exploited One Day After PoC Release
Security researchers have raised the alarm on the in-the-wild exploitation of a critical-severity vulnerability in the popular email and collaboration platform Zimbra. Tracked as CVE-2024-45519, the security defect allows attackers to execute commands on a vulnerable server, without authentication. Zimbra versions 9.0.0 Patch 41, 10.0.9, 10.1.1, and 8.8.15 Patch 46 fix “a security vulnerability in … [Read more...]
T-Mobile to Pay Millions to Settle With FCC Over Data Breaches
The Federal Communications Commission (FCC) on Monday announced a multi-million-dollar settlement with telco T-Mobile over four data breaches that affected millions of people. According to the FCC, T-Mobile failed to protect customer personal information, provided third-parties with access to customer proprietary network information (CPNI) without customer consent, failed to protect CPNI, did not … [Read more...]
More LockBit Hackers Arrested, Unmasked as Law Enforcement Seizes Servers
Law enforcement on Tuesday used the previously seized websites of the LockBit ransomware group to announce more arrests and infrastructure disruptions. Europol, the UK and the US have all issued press releases in addition to the announcements made on the former LockBit sites. Europol announced new law enforcement actions, including the arrest of an alleged LockBit developer at the request of … [Read more...]
Microsoft Unveils Copilot Vision AI Tool, but Highlights Security After Recall Debacle
Microsoft on Tuesday unveiled a new AI-based web content analysis tool named Copilot Vision, underscoring safety and security to address potential concerns. The tech giant seems to have learned its lesson from the launch of the Windows Recall feature, for which it pulled previews in June over security and privacy concerns. Last week, Microsoft announced the return of Recall after adding … [Read more...]
Organizations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities
The US cybersecurity agency CISA on Monday warned that years-old vulnerabilities in SAP Commerce, Gpac framework, and D-Link DIR-820 routers have been exploited in the wild. The oldest of the flaws is CVE-2019-0344 (CVSS score of 9.8), an unsafe deserialization issue in the ‘virtualjdbc’ extension of SAP Commerce Cloud that allows attackers to execute arbitrary code on a vulnerable system, with … [Read more...]
Cracking the Cloud: The Persistent Threat of Credential-Based Attacks
As organizations increasingly adopt cloud technologies, cybercriminals have adapted their tactics to target these environments, but their primary method remains the same: exploiting credentials. Cloud adoption continues to rise, with the market expected to reach $600 billion during 2024. It increasingly attracts cybercriminals. IBM’s Cost of a Data Breach Report found that 40% of all breaches … [Read more...]
Dragos Acquires Network Perception to Boost Visibility
OT cybersecurity firm Dragos on Tuesday announced the acquisition of Network Perception, a Chicago, Illinois-based company that specializes in network visibility solutions. Network Perception has developed a lightweight, non-invasive visualization platform for OT networks that is designed to identify bad configurations, assess risks, and ensure compliance. Dragos said the acquisition of … [Read more...]
Apono Raises $15.5 Million for Cloud Access Platform
Cloud access startup Apono on Monday announced raising $15.5 million in a Series A funding round that brings the total raised by the company to $20.5 million. The new investment round was led by New Era Capital Partners, with additional support from Mindset Ventures, Redseed Ventures, Silvertech Ventures, and previous investors. Founded in 2022, the Wilmington, Delaware-based company provides … [Read more...]
UMC Health System Diverts Patients Following Ransomware Attack
Texas healthcare provider UMC Health System has been diverting patients for several days after taking IT systems offline following a ransomware attack. UMC disclosed the incident on September 27, when it announced that both emergency and non-emergency patients via ambulance were being diverted to nearby hospitals. “Immediately after detecting this activity, our teams launched an investigation and … [Read more...]
North Korea Hackers Linked to Breach of German Missile Manufacturer
A professional hacking team linked to the North Korean government has broken into Diehl Defence, a German company that manufactures Iris-T air defense systems, using a clever phishing campaign with fake job offers and advanced social engineering tactics, according to a report by Der Spiegel. The attack, pinned on the Kimsuky APT, combined the use of booby-trapped PDF files with spear-phishing … [Read more...]
Patelco Credit Union Data Breach Impacts Over 1 Million People
Patelco Credit Union has informed authorities that the information of more than 1 million individuals was stolen in a ransomware attack this summer. The incident was identified on June 29 and resulted in Patelco taking some of its day-to-day banking systems offline, the company said, explaining that it led to an outage affecting the union’s online banking services, mobile application, and call … [Read more...]
Hawaii Health Center Discloses Data Breach After Ransomware Attack
The Community Clinic of Maui in Hawaii, a nonprofit healthcare organization doing business as Malama I Ke Ola Health Center, informed authorities in the US last week that a cyberattack suffered earlier this year has resulted in a data breach impacting over 120,000 individuals. Local media reported in May that it took the Maui healthcare organization more than two weeks to reopen after experiencing … [Read more...]
Accounting Firm WMDDH Discloses Data Breach Impacting 127,000
Public accounting firm Wright, Moore, DeHart, Dupuis & Hutchinson (WMDDH) is notifying over 127,000 individuals that their personal information was stolen in a July 2023 data breach. The incident, the company wrote in notification letters to the impacted individuals, was identified on July 11, 2023, when unusual network activity was observed on WMDDH’s network. However, it took roughly ten … [Read more...]
- 1
- 2
- 3
- …
- 189
- Next Page »