The US Cybersecurity and Infrastructure Security Agency (CISA) this week announced adding more experts to its Cybersecurity Advisory Committee (CSAC) and updating the baseline cybersecurity goals introduced last year. CISA on Monday announced over a dozen new members of the CSAC, whose role is to advise the agency’s director on policies and programs. Members of the advisory committee include … [Read more...]
Malware Trends: What’s Old is Still New
It’s clear that cybercrime is one of the world’s most lucrative illicit industries – possibly taking the top spot. Threat actors are getting more meticulous and inventive in their ploys, even reviving outdated and long-forgotten techniques, thanks to their own brand of Key Performance Indicators linked to return on investment. After all, if a successful remake of an old classic can generate new … [Read more...]
Burnout in Cybersecurity – Can it be Prevented?
Burnout is a growing problem that damages people and threatens effective security. Burnout is likely to worsen in the coming months as the economy forces teams to do more with less at the same time as cybercrime and nation-state attacks are increasing. But what is burnout? How does it affect you; can you prevent it; and can you recover from it? Any profession, especially stressful professions, … [Read more...]
Spain Needs More Transparency Over Pegasus: EU Lawmakers
Spain needs more transparency over the Pegasus spyware hacking scandal, a European Parliament committee said Tuesday at the end of a two-day fact-finding mission to Madrid. The cross-party European committee, which investigates the illegal use of spyware in EU states, has been looking into espionage allegations involving Pegasus software which can turn smartphones into pocket spying devices. “We … [Read more...]
Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
Ransomware has become the top threat to the transport sector in the EU, and the European Union Agency for Cybersecurity (ENISA) expects ransomware groups to disrupt operational technology (OT) systems. The overall number of cyberattacks targeting aviation, maritime, railway and road transport organizations has increased between January 2021 and October 2022, with cybercriminals responsible for … [Read more...]
Virtual Event Today: Supply Chain & Third-Party Risk Summit
SecurityWeek’s Supply Chain & Third-Party Risk Summit takes place today in SecurityWeek’s virtual conference center. Join us for the virtual experience as we bring together security experts to discuss the complex nature of the supply chain problem, best practices for mitigating security issues, and the frameworks and specifications available. The first session kicks off today, Wednesday, … [Read more...]
Google Suspends Chinese Shopping App Amid Security Concerns
Google has suspended the Chinese shopping app Pinduoduo on its app store after malware was discovered in versions of the app from other sources. Google said in a statement Tuesday that it suspended the Pinduoduo app on the Google Play app store out of “security concerns” and that it was investigating the matter. The suspension of the Pinduoduo app — mainly used in China — comes amid heightened … [Read more...]
Verosint Launches Account Fraud Detection and Prevention Platform
Security startup 443ID, which previously focused on bringing open source intelligence (OSINT) to access management, is now refocusing its solution to tackle account fraud detection and prevention, and has changed its name to Verosint to better describe its new focus. It is launching what is technically version 2 of 443ID’s IAM platform, but is effectively version 1 of Verosint’s account fraud … [Read more...]
Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
The Play ransomware gang has released data allegedly stolen from Dutch maritime logistics services company Royal Dirkzwager. Founded in 1872, the company provides ship management services to hundreds of organizations in the maritime industry, including monitoring of incoming and outgoing vessel traffic in ports, emergency response services, and more. Royal Dirkzwager fell victim to the cyberattack … [Read more...]
Zoom Paid Out $3.9 Million in Bug Bounties in 2022
Video communications giant Zoom this week announced that in 2022 it paid out $3.9 million to security researchers who reported vulnerabilities as part of its bug bounty program. Zoom launched a private bug bounty program on HackerOne in 2019 and has paid out over $7 million in bounty rewards to date. In 2021, the company paid roughly $1.8 million in bug bounty rewards. Moving forth, the company is … [Read more...]
Oleria Scores $8M Seed Funding for ID Authentication Technology
Oleria, a Seattle startup founded by former Salesforce CISO Jim Alkove, has banked an $8 million seed round to build technology in the identity and authentication space. Oleria said the $8 million investment was provided by Salesforce Ventures, Tapestry VC and a roster of CEOs and CISOs of prominent tech and security companies. Alkove, who spent five years managing information security and … [Read more...]
Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
Google-owned Mandiant has conducted an analysis of the zero-day vulnerabilities disclosed in 2022 and found that over a dozen of them were used in attacks believed to have been carried out by cyberespionage groups. The cybersecurity community cannot reach an agreement on the definition of zero-day vulnerability. Some define as zero-day any vulnerability whose details are made public before a patch … [Read more...]
News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
The UK – perhaps surprisingly – is the world’s second nation in terms of private investment in quantum, and the number of existing quantum companies. This excludes China, where government investment dwarfs even US government investment – but where it is almost impossible to distinguish between public and private investment. On March 15, 2023, the UK government announced an additional £2.5 … [Read more...]
Malicious NuGet Packages Used to Target .NET Developers
A newly discovered attack has been targeting .NET developers with malicious packages loaded to the NuGet repository, JFrog’s security researchers explain. A package manager helping developers share and consume reusable code, NuGet allows developers to create code packages using the NuGet client app and have them published in either public or private repositories. While attacks abusing open source … [Read more...]
Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
A vulnerability lurking in Google’s Pixel phones for five years allows for the recovery of an original, unedited screenshot from the cropped version of the image. Referred to as aCropalypse and tracked as CVE-2023-21036, the issue resides in Markup, the image-editing application on Pixel devices, which fails to properly truncate edited images, making the cropped data recoverable. Reverse engineers … [Read more...]
Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
Organizations that use human-machine interface (HMI) and supervisory control and data acquisition (SCADA) products from UK-based industrial software maker Aveva have been informed about the existence of several potentially serious vulnerabilities. Security advisories published last week by Aveva and the US Cybersecurity and Infrastructure Security Agency (CISA) inform users about three … [Read more...]
Ferrari Says Ransomware Attack Exposed Customer Data
Italian sports car maker Ferrari said on Monday that a threat actor had demanded a ransom related to customer contact details that may have been exposed in a ransomware attack. “Upon receipt of the ransom demand, we immediately started an investigation in collaboration with a leading global third-party cybersecurity firm,” the iconic car maker said. “In addition, we informed the relevant … [Read more...]
Aembit Scores $16.6M Seed Funding for Workload IAM Technology
Aembit, a Maryland startup with ambitious plans in the identity and access management space, has snagged $16.6 million in early stage venture capital funding. The company said the seed-stage financing was provided by Ballistic Ventures and Ten Eleven Ventures, two firms active in funding cybersecurity companies. Aembit is building an identity platform designed to manage, enforce, and audit access … [Read more...]
Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
Cryptocurrency ATM manufacturer General Bytes over the weekend disclosed a security incident that resulted in the theft of millions of dollars’ worth of funds. The attackers, the company says, exploited a vulnerability in the master service interface that Bitcoin ATMs use to upload videos, which allowed them to upload a JavaScript script and execute it with batm user privileges. “The attacker … [Read more...]
Waterfall Security, TXOne Networks Launch New OT Security Appliances
Waterfall Security Solutions and TXOne Networks have each announced launching new security appliances for operational technology (OT) environments. TXOne Networks TXOne last week announced the worldwide availability of the EdgeIPS 103 intrusion prevention system (IPS), which is designed for protecting mission-critical machines against cyber threats. According to the industrial … [Read more...]
- « Previous Page
- 1
- …
- 128
- 129
- 130
- 131
- 132
- …
- 144
- Next Page »