Dozens of security flaws that have likely been exploited in the wild are missing from the Known Exploited Vulnerabilities (KEV) catalog maintained by the US Cybersecurity and Infrastructure Security Agency (CISA), according to vulnerability intelligence company VulnCheck. VulnCheck recently conducted an analysis of the vulnerabilities added by CISA to its catalog in 2022. While the agency added … [Read more...]
Jenkins Server Vulnerabilities Chained for Remote Code Execution
Two recently patched vulnerabilities affecting Jenkins servers can be chained to achieve remote code execution, cybersecurity firm Aqua Security warns. Tracked as CVE-2023-27898 and CVE-2023-27905 and impacting both Jenkins Server and Update Center, the two security defects are described as cross-site scripting (XSS) bugs that can be exploited by providing a malicious plugin. Rated ‘high … [Read more...]
Fortinet Patches Critical Unauthenticated RCE Vulnerability in FortiOS
Cybersecurity company Fortinet this week announced patches for multiple severe vulnerabilities across its product portfolio, including a critical flaw in FortiOS and FortiProxy that could lead to remote code execution (RCE). Tracked as CVE-2023-25610 (CVSS score of 9.3), the issue impacts the administrative interface of the affected products and can be exploited without authentication, either for … [Read more...]
Defeating the Deepfake Danger
As deepfakes quickly advance in terms of sophistication, they can be scarily convincing, as we’ve seen in some examples. And what’s more, they’re becoming increasingly popular with cybercriminals, as these technologies become even easier to use. The introduction of VALL-E, for instance, has raised new concerns about the ability to make deepfake voices quick and easy – in other words, … [Read more...]
Google Discontinuing Chrome Tool for Removing Unwanted Software
Google this week announced that it’s discontinuing Chrome Cleanup Tool, an application that allows users to identify and remove unwanted software. Introduced in 2015, the tool also helps users recover from sudden settings changes, and has performed over 80 million unwanted software cleanups. According to Google, the existence of the Chrome Cleanup Tool appears redundant amid a continuous decline … [Read more...]
ChatGPT Integrated Into Cybersecurity Products as Industry Tests Its Capabilities
While there has been a lot of talk about how OpenAI’s ChatGPT could be abused for malicious purposes and how it can pose a threat, the artificial intelligence chatbot can also be very useful to the cybersecurity industry. Launched in November 2022, ChatGPT has been described by many as revolutionary. It is built on top of OpenAI’s GPT-3 family of large language models and users interact with it … [Read more...]
Cado Security Banks $20M in Series B Funding
Cado Security, a British startup building technology for cloud forensics and incident response, has closed a $20 million funding round to fuel ambitious expansion plans. The London-based company said Series B financing was led by Eurazeo, a French investment and asset management firm. Ten Eleven Ventures, a prior backer, also expanded its equity stake. Cado Security has raised $31.5 million in … [Read more...]
Congress Members Warned of Significant Health Data Breach
Members of the House and Senate were informed Wednesday that hackers may have gained access to their sensitive personal data in a breach of a Washington, D.C., health insurance marketplace. Employees of the lawmakers and their families were also affected. DC Health Link confirmed that data on an unspecified number of customers was affected and said it was notifying them and working with law … [Read more...]
Revelstoke Security Raises $20 Million for SOAR Platform
Revelstoke Security on Wednesday announced that it has raised $20 million in a Series B funding round that brings the total investment in the company to $38 million. The new funding round was co-led by ClearSky Security and SYN Ventures, with additional investment from Crosslink Capital and Rally Ventures. Founded in 2020, the San Jose, California-based company provides a security orchestration, … [Read more...]
Mistakes by Threat Actors Lead to Disruption, Not Just Better Blocking
Many CISOs and security professionals respond to threats with the same phrase, “I don’t care who is attacking me, I just want it to stop.” They deploy an array of security tools to better block attacks and they hope the malicious actors will go elsewhere. Does this actually work? Some mature security teams have mature detection and intelligence programs that place a serialized code on the bottom … [Read more...]
‘Sys01 Stealer’ Malware Targeting Government Employees
Endpoint security firm Morphisec has shared details on an information stealer that has been observed targeting the Facebook accounts of critical government infrastructure employees. Dubbed Sys01 Stealer, the malware is distributed via Google ads and fake Facebook accounts promoting adult content, games, and cracked software, and is executed on the victim’s machine using DLL side-loading. Last … [Read more...]
Chrome 111 Patches 40 Vulnerabilities
Google this week announced the release of Chrome 111 to the stable channel with patches for 40 vulnerabilities. A total of 24 of the addressed security defects were reported by external researchers. These include eight high-severity flaws, 11 medium-severity bugs, and five low-severity issues. Three of the high-severity vulnerabilities reported by external researchers are use-after-free bugs … [Read more...]
TSA Requires Aviation Sector to Enhance Cybersecurity Resilience
The US Transportation Security Administration (TSA) said on Tuesday that airport and aircraft operators will be required to improve their cybersecurity resilience. The agency said the new cybersecurity requirements, issued through an emergency amendment, come in response to the persistent threats against the country’s aviation sector and other critical infrastructure. Airport and … [Read more...]
Pre-Deepfake Campaign Targets Putin Critics
Russia is continuing its campaign of disinformation around the Ukraine war through advanced social engineering delivered by a threat group tracked as TA499. According to a report from Proofpoint, TA499 targets US and European politicians, and leading businessmen and celebrities who have spoken out against Putin’s invasion. The primary purpose is to persuade the victims to take part in phone calls … [Read more...]
Virtual Event Tomorrow: Ransomware Resilience & Recovery Summit
Ransomware attacks continue to impose major costs on enterprise security programs, underscoring the need for multi-pronged approaches to avoid falling victim to million-dollar extortion schemes. Join SecurityWeek’s Ransomware Resilience & Recovery Summit, a virtual event designed to help businesses to plan, prepare, and recover from a ransomware incident. Featured sessions and topics being … [Read more...]
Vulnerability in Toyota Management Platform Provided Access to Customer Data
A severe vulnerability in the Toyota Customer 360 customer relationship management (CRM) platform allowed a security researcher to access the personal information of the car maker’s customers in Mexico. The web application aggregates customer data from across the organization, providing a single view of all customer information, including personal information and purchase and service … [Read more...]
Acer Confirms Breach After Hacker Offers to Sell Stolen Data
Electronics giant Acer has confirmed getting hacked after a hacker offered to sell 160 Gb of files allegedly stolen from the company’s systems. “We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server,” Acer told … [Read more...]
Edgeless Systems Raises $5m for Trustworthy Data Processing
German cybersecurity start-up Edgeless Systems has banked $5 million in seed-stage funding to fuel ambitious plans to build an open-source stack for confidential computing. Edgeless Systems said Berlin-based venture capital outfit SquareOne led the funding round. Several prominent European entrepreneurs also took equity as angel investors. The company is working on technology for trustworthy data … [Read more...]
Talking Cyberinsurance With Munich Re
The growth of ransomware and cyberwar have highlighted possible fault lines in current cyberinsurance. Cyberinsurance has been much debated over the last eighteen months because of a self-inflicted double whammy. Firstly, it failed to recognize the speed and extent at which ransomware and ransomware costs would grow, and was rapidly forced to increase premiums, demand basic preconditions, and … [Read more...]
Exploitation of Bitrix CMS Vulnerability Drives ICS Attack Surge in Russia
Kaspersky has seen a surge in attacks on industrial control system (ICS) computers in Russia and neighboring countries, and the company has linked it to increased exploitation of a vulnerability affecting a content management system (CMS). The cybersecurity firm on Monday published its latest ICS threat landscape report, which focuses on the second half of 2022. The company said it had blocked … [Read more...]
- « Previous Page
- 1
- …
- 127
- 128
- 129
- 130
- 131
- …
- 139
- Next Page »