Fortinet released 40 security advisories last week to inform customers about the availability of patches for dozens of vulnerabilities, including critical flaws affecting the FortiNAC and FortiWeb products. Two of the advisories have a ‘critical’ severity rating and 15 of them have been classified as having ‘high’ severity. One of the critical advisories describes CVE-2021-42756, a CVE … [Read more...]
Cybersecurity M&A Roundup for February 1-15, 2023
Seventeen cybersecurity-related merger and acquisition (M&A) deals were announced in the first half of February 2023. An analysis conducted by SecurityWeek shows that more than 450 cybersecurity-related mergers and acquisitions were announced in 2022. Accenture acquires Morphus Professional services giant Accenture has acquired Brazil-based cybersecurity firm Morphus, which provides … [Read more...]
GoDaddy Says Recent Hack Part of Multi-Year Campaign
GoDaddy has disclosed another cybersecurity incident and the company believes the attack was part of a multi-year campaign conducted by a sophisticated threat actor. In a statement published last week on its website, the hosting giant said a small number of customers complained in early December 2022 about their websites being intermittently redirected. An analysis showed the redirects occurring … [Read more...]
Spain Orders Extradition of British Alleged Hacker to U.S.
Spain’s National Court has agreed to the extradition to the U.S. of a British citizen who allegedly took part in computer attacks, including the July 2020 hacking of Twitter accounts of public figures such as Joseph Biden, Barack Obama and Bill Gates. A court statement Friday said requirements had been met for handing over Joseph James O’Connor to U.S. authorities for 14 charges covering crimes … [Read more...]
Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks
Malwarebytes warns of a remote code execution vulnerability impacting several Arris routers, for which proof-of-concept (PoC) exploit code has been released. Tracked as CVE-2022-45701, the bug exists because the router firmware does not properly neutralize special characters in requests, which allowed security researcher Yerodin Richards to perform shell script command injection. The impacted … [Read more...]
‘Frebniis’ Malware Hijacks Microsoft IIS Function to Deploy Backdoor
A recently identified malware family is abusing Microsoft Internet Information Services (IIS) to deploy a backdoor and monitor all HTTP traffic to the infected system, Symantec reports. Dubbed Frebniis, the malware injects code into a DLL that an IIS feature called Failed Request Event Buffering (FREB) uses when troubleshooting failed requests. FREB collects data about the tracked requests, … [Read more...]
Security Experts Warn of Foreign Cyber Threat to 2024 Voting
Top state election and cybersecurity officials on Thursday warned about threats posed by Russia and other foreign adversaries ahead of the 2024 elections, noting that America’s decentralized system of thousands of local voting jurisdictions creates a particular vulnerability. Russia and Iran have meddled in previous elections, including attempts to tap into internet-connected electronic voter … [Read more...]
SolarWinds Announces Upcoming Patches for High-Severity Vulnerabilities
SolarWinds this week published multiple advisories describing high-severity vulnerabilities expected to be patched with a SolarWinds Platform update by the end of February. Out of a total of seven security defects, five are described as deserialization of untrusted data issues that could be exploited to achieve command execution. Four of them have a CVSS score of 8.8. Tracked as CVE-2023-23836, … [Read more...]
EU Organizations Warned of Chinese APT Attacks
The European Union Agency for Cybersecurity (ENISA) and CERT-EU are warning of multiple Chinese advanced persistent threat (APT) actors targeting businesses and government organizations in the EU. The observed malicious activity, the agencies say in a joint advisory (PDF), can be attributed to several known Chinese hacking groups, including APT27, APT30, APT31, Ke3chang, Gallium, and Mustang … [Read more...]
Hackers Earn $180,000 for ICS Exploits at Pwn2Own Miami 2023
White hat hackers received a total of $180,000 at the Pwn2Own Miami 2023 hacking contest this week for exploits targeting widely used industrial control system (ICS) products. At the ICS edition of Pwn2Own, hackers have been invited to demonstrate exploits against OPC UA, data gateway and edge products made by Aveva, Inductive Automation, ProSys, PTC, Softing Industrial Automation, Triangle … [Read more...]
Data Security Startup CommandK Raises $3 Million in Seed Funding
Early-stage cybersecurity startup CommandK has raised $3 million in seed funding for a solution designed to help organizations protect their sensitive data. The investment round was led by Lightspeed and received additional participation from various angel investors. Founded in 2022, the San Francisco, California-based company provides organizations with an all-in-one sensitive data manager … [Read more...]
Atlassian Investigating Security Breach After Hackers Leak Data
Enterprise software giant Atlassian has launched an investigation after a hacker group leaked information belonging to the company. A threat actor named SiegedSec, whose members have claimed to be hacktivists, announced on its Telegram channel and hacking forums that it “hacked the software company Atlassian”. They made 35 Mb of files public. This includes two image files apparently … [Read more...]
How Ukraine War Has Shaped US Planning for a China Conflict
As the war rages on in Ukraine, the United States is doing more than supporting an ally. It’s learning lessons — with an eye toward a possible future clash with China. No one knows what the next U.S. major military conflict will be or whether the U.S. will send troops — as it did in Afghanistan and Iraq — or provide vast amounts of aid and expertise, as it has done with Ukraine. But China remains … [Read more...]
Published XIoT Vulnerabilities Trend Down, but Vigilance Must Remain High: Report
Published XIoT vulnerabilities are trending down and have been since 2021. At the same time, the percentage of vulnerabilities published by the device manufacturer rather than third-party researchers is trending up. The clear implication is device manufacturers are taking greater responsibility for the security of their own devices. The reason is probably twofold: government pressure and … [Read more...]
Chris Inglis Steps Down as US National Cyber Director
Former NSA deputy director Chris Inglis on Thursday announced he was retiring from government and leaving his job as the U.S. government’s first National Cyber Director. The departure of Inglis, which was widely expected, comes just 17 months after he was unanimously confirmed as President Joe Biden’s top advisor on cybersecurity issues and ahead of the release of the government’s National Cyber … [Read more...]
Firefox Updates Patch 10 High-Severity Vulnerabilities
Mozilla this week announced the release of Firefox 110 and Firefox ESR 102.8 with patches for 10 high-severity vulnerabilities. Tracked as CVE-2023-25728, the first of the security defects could result in an attacker being able to leak a child iframe’s unredacted URI, provided that a redirect is triggered when interacting with that iframe. The latest Firefox releases also resolve a flaw related to … [Read more...]
Mirai Variant V3G4 Targets 13 Vulnerabilities to Infect IoT Devices
During the second half of 2022, a variant of the Mirai malware called V3G4 was seen targeting 13 vulnerabilities to ensnare Internet of Things (IoT) devices into a botnet, Palo Alto Networks reports. Following the successful exploitation of the targeted security flaws, the malware takes full control of the vulnerable devices and then abuses them to conduct various types of malicious activities, … [Read more...]
Critical Vulnerability Patched in Cisco Security Products
Cisco on Wednesday announced updates for endpoint, cloud, and web security products to address a critical vulnerability in third-party scanning library ClamAV. An open-source cross-platform antimalware toolkit, ClamAV can detect trojans, viruses, and other types of malware. On February 15, ClamAV’s maintainers announced critical patches that address two vulnerabilities in the library, the most … [Read more...]
Surge in ESXiArgs Ransomware Attacks as Questions Linger Over Exploited Vulnerability
There has been a surge in ESXiArgs ransomware attacks in the past days, but it’s still not clear exactly which vulnerability is being exploited by threat actors. In fact, questions linger over several aspects of these attacks, including who may be behind them and the origins of the malware delivered by the hackers. In ESXiArgs attacks, an unidentified threat group has been delivering … [Read more...]
PE Firm Francisco Partners to Take Sumo Logic Private in $1.7B Deal
Cloud monitoring, log management and SIEM solutions provider Sumo Logic is set to become a private company after it has entered into a definitive agreement to be acquired by affiliates of private equity firm Francisco Partners for $1.7 billion. Francisco Partners is prepared to pay $12.05 per share in cash. The law firm Kahn Swick & Foti has announced that it’s investigating the deal to … [Read more...]
- « Previous Page
- 1
- …
- 134
- 135
- 136
- 137
- 138
- …
- 140
- Next Page »