Data security firm Cohesity will buy Veritas’ data protection business, the two firms announced Jan. 8th, creating a data security and management giant valued at roughly $7 billion. According to Cohesity, “the new company will continue to invest in and advance the roadmap and strategy of all Cohesity products and services, as well as Veritas NetBackup, NetBackup appliances, and Alta data … [Read more...]
UN Experts Investigating 58 Suspected North Korean Cyberattacks Valued at About $3 Billion
U.N. experts say they are investigating 58 suspected North Korean cyberattacks between 2017 and 2023 valued at approximately $3 billion, with the money reportedly being used to help fund its development of weapons of mass destruction. And the high volume of cyberattacks by North Korean hacking groups who report to the Reconnaissance General Bureau, North Korea’s primary foreign intelligence … [Read more...]
Lawmakers Want Clampdown on American VCs Funding Chinese Tech Companies
A bi-partisan congressional investigation has found that US venture capital firms invested billions in Chinese technology companies in semiconductor, AI and cybersecurity, sectors that present a threat to US national security. According to a report released Thursday by the House Select Committee on China, five prominent venture firms — GGV Capital, GSR Ventures, Qualcomm Ventures, Sequoia Capital … [Read more...]
In Other News: $350 Million Google Settlement, AI-Powered Fraud, Cybersecurity Funding
SecurityWeek’s cybersecurity roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, ranging from the … [Read more...]
New macOS Backdoor Linked to Prominent Ransomware Groups
A newly identified macOS backdoor written in Rust appears linked to the prominent ransomware families Black Basta and Alphv/BlackCat, cybersecurity firm Bitdefender reports. The malware, dubbed RustDoor, impersonates Visual Studio, supports both Intel and Arm architectures, and appears to have been circulating since November 2023, remaining undetected for roughly three months. Bitdefender has … [Read more...]
Ivanti Patches High-Severity Vulnerability in VPN Appliances
Ivanti on Thursday announced patches for a high-severity vulnerability impacting enterprise VPN and network access products. Tracked as CVE-2024-22024 (CVSS score of 8.3) and described as an XML external entity (XXE) issue, the security defect was identified in the SAML component of Ivanti Connect Secure, Policy Secure, and ZTA gateway appliances. According to Ivanti, the successful exploitation … [Read more...]
AnyDesk Shares More Information on Recent Hack
AnyDesk has shared more information on the recent hacker attack, including when threat actors first breached its systems and the impact of the incident. According to the developer of the popular remote access software, the intrusion was discovered in mid-January and a forensic investigation showed that the hackers first breached its systems in late December 2023. The investigation revealed … [Read more...]
US Offers $10M Reward for Information on Hive Ransomware Leaders
The US Department of State on Thursday announced a $10 million reward for information on leaders of the Hive ransomware cybergang. The announcement comes roughly one year after law enforcement took down the Hive ransomware operation and seized the group’s Tor-based website. Launched in June 2021, the Hive ransomware made over 1,500 victims. Its administrators and affiliates likely received over … [Read more...]
Fortinet Warns of New FortiOS Zero-Day
Fortinet on Thursday announced patches for a critical remote code execution vulnerability in FortiOS that may have been exploited in the wild. The security hole, tracked as CVE-2024-21762, impacts FortiOS versions 6.0, 6.2, 6.4, 7.0, 7.2 and 7.4. Patches have been released for each impacted version, except for 6.0 — 6.0 users are being advised to migrate to a newer version. FortiOS 7.6 is … [Read more...]
Ransomware Payments Surpassed $1 Billion in 2023: Analysis
The payments made by victims of ransomware attacks doubled in 2023 compared to the previous year, exceeding $1 billion, according to blockchain analysis firm Chainalysis. The company has looked at the cryptocurrency wallets known to be used by cybercrime groups to receive ransom payments from victims and found a total of $1.1 billion, up from $557 million in 2022. It’s worth noting that … [Read more...]
Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: Microsoft
In the context of the Israel-Hamas conflict, Iran’s offensive operations against Israel were initially reactive and chaotic, but quickly ramped up and expanded in scope, Microsoft says. Immediately after October 7, Iranian threat actors were seen ‘leaking’ old material and using pre-existing access to networks, with their rather chaotic activities suggesting little or no coordination with Hamas, … [Read more...]
LimaCharlie Lands $10.2 Million Series A Funding
LimaCharlie, an early stage startup selling pay-as-you-use technology in the security operations space, has banked $10.2 million in Series A funding round led by Sands Capital. The California company said the investment included equity stakes for CoFound Partners, Long Journey Ventures, Lytical Ventures, Myriad Venture Partners, StoneMill Ventures, and Strategic Cyber Ventures. LimaCharlie … [Read more...]
Fortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure Attacks
Fortinet warned organizations on Wednesday that APTs linked to China and other countries have been exploiting two known FortiOS vulnerabilities in attacks aimed at various sectors, including critical infrastructure. One of the exploited vulnerabilities is CVE-2022-42475, which Fortinet patched in December 2022, when it warned that it had been aware of in-the-wild exploitation. Chinese threat … [Read more...]
Federal Cybersecurity Agency Launches Program to Boost Support for State, Local Election Offices
The nation’s cybersecurity agency has launched a program aimed at boosting election security in the states, shoring up support for local offices and hoping to provide reassurance to voters that this year’s presidential elections will be safe and accurate. Officials with the U.S. Cybersecurity and Infrastructure Security Agency planned to introduce its new election security adviser program Thursday … [Read more...]
Cisco Patches Critical Vulnerabilities in Enterprise Communication Devices
Cisco on Wednesday announced patches for two critical-severity vulnerabilities in its Expressway series devices that could be exploited remotely, without authentication, to launch cross-site request forgery (CSRF) attacks. Impacting the API of Expressway series enterprise communication and collaboration devices and tracked as CVE-2024-20252 and CVE-2024-20254 (CVSS score of 9.6), the two security … [Read more...]
Google Announces Enhanced Fraud Protection for Android
Google this week announced a pilot feature designed to improve Android’s protections against financial fraud attacks. Part of Google Play Protect, the enhanced fraud protection will block the installation of sideloaded applications that request sensitive runtime permissions that are frequently abused by fraudsters. The feature will analyze attempts to install applications from internet-sideloading … [Read more...]
How to Predict Your Patching Priorities
While a robust suite of security technology undoubtedly plays a starring role in every organization’s risk management strategy, implementing a smart and timely approach to patching remains one of the primary ways for organizations to protect their networks from attackers. Patching vulnerabilities addresses known security weaknesses, preventing potential exploits that malicious actors could use to … [Read more...]
Were 3 Million Toothbrushes Really Used for a DDoS Attack?
It has been reported that three million electric toothbrushes have been hacked and abused for a highly disruptive distributed denial-of-service (DDoS) attack, but cybersecurity experts have rushed to question the claims. The Swiss German-language daily newspaper Aargauer Zeitung published an article describing the alleged attack on January 30. According to a machine translation of the … [Read more...]
Biden Administration Names a Director of the New AI Safety Institute
The Biden administration on Wednesday named a top White House aide as the director of the newly established safety institute for artificial intelligence. Elizabeth Kelly will lead the AI Safety Institute at the National Institute for Standards and Technology, which is part of the Commerce Department. Currently an economic policy adviser for President Joe Biden, Kelly played an integral role in … [Read more...]
CISA: China’s Volt Typhoon Hackers Planning Critical Infrastructure Disruption
The US government’s cybersecurity agency CISA is ramping up the pressure on defenders to find and remove malware artifacts planted by Volt Typhoon, a Chinese state-backed hacking group that has burrowed deep into thousands of organizations around the world. “[We] have confirmed that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations in the … [Read more...]
- « Previous Page
- 1
- …
- 32
- 33
- 34
- 35
- 36
- …
- 146
- Next Page »