Threat hunters at CrowdStrike and Sentinel One are tracking what is believed to be an active supply chain attack hitting businesses using a desktop app distributed by video conferencing software firm 3CX. CrowdStrike threat intelligence team sounded the alarm on Wednesday after observing unexpected malicious activity from a legitimate, signed version of the 3CXDesktopApp. “The malicious activity … [Read more...]
LeapXpert Banks $22M Funding to Secure Corporate Messaging With Consumer Apps
New York security startup LeapXpert has scored $22 million in venture capital investment to build technology to help businesses manage the use of consumer messaging apps in the enterprise. The company said the Series A financing was led by Rockefeller Asset Management through its Technology Ventures Group with equity investments from Uncorrelated Ventures, the Partnership Fund for New York … [Read more...]
Blockchain Security Firm True I/O Raises $9 Million
Carlsbad, CA-based blockchain firm True I/O has raised $9 million in a Series A investment led by Deal Box Ventures. It simultaneously rebranded from its original name Total Network Services (TNS) to True I/O in order to better reflect the primary purpose of its product. The money will be used to accelerate deployment of the firm’s Universal Communication Identifier (UCID). This uses a … [Read more...]
Spera Banks $10 Million to Tackle Identity and Access Sprawl
Israeli startup Spera, backed by $10 million in seed funding from YL Ventures, has joined a growing list of early-stage startups tackling identity and access sprawl in the enterprise. Spera is pitching an identity security posture management platform to help corporate defenders to detect, prioritize, and remediate identity-driven breaches. In addition to YL Ventures, the company said it scored … [Read more...]
OpenAI Patches Account Takeover Vulnerabilities in ChatGPT
Last week, ChatGPT creator OpenAI patched multiple severe vulnerabilities that could have allowed attackers to take over user accounts and view chat histories. The first was a critical web cache deception bug that could have allowed attackers to access user information such as names, emails, and access tokens, which OpenAI’s API would fetch from the server. To exploit the vulnerability, an … [Read more...]
OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023
OpenSSL 1.1.1 will reach end of life (EoL) in less than six months and users have been instructed to either upgrade to a newer version or pay for extended support to continue receiving security patches. The OpenSSL Project has reminded users of the open source cryptography and secure communication toolkit that OpenSSL 1.1.1 will reach EoL on September 11, 2023, exactly five years after its … [Read more...]
New Wi-Fi Attack Allows Traffic Interception, Security Bypass
A group of academic researchers with Northeastern University in Boston and KU Leuven in Belgium have devised a new attack that can intercept Wi-Fi traffic at the MAC (media access control) layer, even between clients that are not allowed to communicate with one another. The attack exploits a Wi-Fi client isolation bypass vulnerability tracked as CVE-2022-47522 and impacts Wi-Fi networks with … [Read more...]
Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims
Australian casino giant Crown Resorts this week confirmed that the Cl0p ransomware group contacted them to claim the theft of data as part of the GoAnywhere attack. The incident occurred in late January, when a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) software was exploited to access files belonging to Fortra customers. The exploitation of the bug – tracked as … [Read more...]
Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors
Several zero-day vulnerabilities patched last year had been exploited by commercial spyware vendors to target Android and iOS devices, according to a report published on Wednesday by Google’s Threat Analysis Group (TAG). Google’s security researchers have detailed the zero-day and n-day vulnerabilities exploited in what they described as two different highly targeted campaigns. For many of … [Read more...]
Most Weaponized Vulnerabilities of 2022 and 5 Key Risks: Report
The Qualys 2023 TruRisk Research Report discusses the five most exploited vulnerabilities of calendar year 2022, and the five key ‘Risk Facts’ that security teams need to consider. To compile the report, the Qualys Threat Research Unit analyzed more than 13 billion events to gain insight into the vulnerabilities found on devices, the security of web apps, and the misconfiguration of on-premise … [Read more...]
Over 200 Organizations Targeted in Chinese Cyberespionage Campaign
Chinese cyberespionage group Mustang Panda has been targeting entities related to maritime, shipping, border, and immigration as part of a recent campaign, cybersecurity firm Trend Micro reports. Also known as Earth Preta, RedDelta, and TA416, Mustang Panda is believed to be operating on behalf of the Chinese government, and was previously seen targeting European diplomatic entities and various … [Read more...]
QuSecure and Accenture Test Multi-Orbit Communications Link Using Post-Quantum Cryptography
Quantum cybersecurity firm QuSecure has collaborated with Accenture to develop a multi-orbit quantum-resilient satellite communications capability. The firm has already demonstrated the ability to use low earth orbit (LEO) satellites to send data transmissions into space and back to earth. It can now also use geosynchronous equatorial orbit (GEO) satellites. QuSecure’s product can wrap a … [Read more...]
What Makes an Effective Anti-Bot Solution?
By now, many security and fraud professionals understand the risks that bots introduce to our online applications and to our businesses in general. In a previous piece, I discussed and summarized some of these risks to help security and fraud teams understand the need to articulate the threat of bots to executives and the board in their own language. Indeed, this type of communication has been … [Read more...]
Mandiant Catches Another North Korean Gov Hacker Group
Threat hunters at Mandiant have caught another North Korean hacker group funding itself through cybercrime operations to support espionage campaigns against South Korean and U.S.-based government organizations. The Google-owned incident response forensics firm flagged the group as APT43 and warned it’s a “moderately-sophisticated cyber operator that supports the interests of the North Korean … [Read more...]
Microsoft Puts ChatGPT to Work on Automating Cybersecurity
The world’s largest software maker is putting ChatGPT to work in the cybersecurity trenches. Microsoft on Wednesday rolled out an AI-powered security analysis tool to automate incident response and threat hunting tasks, showcasing a security use-case for the popular chatbot developed by OpenAI. The new tool, called Microsoft Security Copilot, is powered by OpenAI’s newest GPT-4 model and will be … [Read more...]
Video: How to Build Resilience Against Emerging Cyber Threats
Innovative cyber attacks are on the rise—threatening corporate and government infrastructure, supply chains, brand reputations, and revenues. One of the best ways to prepare for the evolving threats of tomorrow is to revisit the details of recent major cybersecurity incidents. The benefit of hindsight can help us spot warning signs and avoid poor security practices in our organizations. In this … [Read more...]
Nigerian BEC Scammer Sentenced to Prison in US
A Nigerian national was sentenced this week to four years and one month in prison in the US for his role in a business email compromise (BEC) fraud scheme. The man, Solomon Ekunke Okpe, 31, of Lagos, participated in multiple BEC, credit card, work-from-home, check-cashing, and romance scams targeting banks, businesses, and individuals in the US and abroad, including First American Holding Company … [Read more...]
China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
A South Asian advanced persistent threat (APT) actor has been observed targeting the nuclear energy sector in China in a recent cyberespionage campaign, Intezer reports. Dubbed ‘Bitter’ and active since at least 2021, the group is known for the targeting of energy and government organizations in Bangladesh, China, Pakistan, and Saudi Arabia, and is characterized by the use of Excel exploits, and … [Read more...]
SecurityScorecard Guarantees Accuracy of Its Security Ratings
SecurityScorecard delivers security posture assessments by analyzing companies’ external surface visibility. It is so convinced on the accuracy of these assessments that it is now offering free digital forensics and incident response (DFIR) services to customers that are breached. The offer, called Score Guarantee, is dependent on two things. First, the customer must have scored an ‘A’ rating in … [Read more...]
ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
ChatGPT creator OpenAI has confirmed a data breach caused by a bug in an open source library, just as a cybersecurity firm noticed that a recently introduced component is affected by an actively exploited vulnerability. OpenAI said on Friday that it had taken the chatbot offline earlier in the week while it worked with the maintainers of the Redis data platform to patch a flaw that resulted in the … [Read more...]
- « Previous Page
- 1
- …
- 125
- 126
- 127
- 128
- 129
- …
- 144
- Next Page »