Three vulnerabilities in the Lamassu Douro bitcoin ATMs could allow an attacker with physical access to take over devices and steal user assets, cybersecurity firm IOActive reports. Due to the identified security defects, which are tracked as CVE-2024-0175, CVE-2024-0176, and CVE-2024-0177, an attack could be executed using the same level of physical access that a regular customer would have. The … [Read more...]
AI Testing Startup RagaAI Emerges From Stealth With $4.7M in Seed Funding
Artificial intelligence (AI) testing platform RagaAI today announced that it has emerged from stealth mode with $4.7 million in seed funding. The funding round was led by pi Ventures, with additional funding from Anorak Ventures, Arka Ventures, Exfinity Venture Partners, Mana Ventures, and TenOneTen Ventures. Founded in 2022 by Nvidia and Ola tech veteran Gaurav Agarwal, the San Francisco-based … [Read more...]
High-Severity Vulnerability Patched in Splunk Enterprise
Splunk on Monday announced patches for multiple vulnerabilities in Splunk Enterprise, including a high-severity bug affecting Windows instances. Tracked as CVE-2024-23678, the high-severity flaw is described as an issue related to incorrect sanitization of path input data resulting in “the unsafe deserialization of untrusted data from a separate disk partition on the machine”. Deserialization of … [Read more...]
Aircraft Lessor AerCap Confirms Ransomware Attack
Aircraft leasing giant AerCap has confirmed falling victim to ransomware after an emerging cybercrime gang claimed responsibility for the attack. The intrusion, the company said in a Form 6-K filing with the US Securities and Exchange Commission, occurred on January 17. “We have full control of all of our IT systems and to date, we have suffered no financial loss related to this incident,” the … [Read more...]
Doppel Secures $14M for AI-Powered Brand Protection Technology
Doppel, a San Francisco startup working on technology in the digital risk protection space, has snagged $14 million in an early stage funding round led by Andreesen Horowitz (a16z). Doppel said the Series A also included investments from Strategic Cyber Ventures, Script Capital, South Park Commons, and SVAngel. “While the threat of AI impersonation, phishing, and disinformation campaigns continues … [Read more...]
Identity Security Firm Silverfort Lands $116 Million Investment
Israeli late-stage startup Silverfort on Tuesday said it raised a whopping $116 million in new financing to scale its ambitions in the identity security space. The Tel Aviv company, which markets technology to secure authentication and access policies across corporate networks and cloud environments, said the Series D funding round was led by Brighton Capital. Silverfort said existing … [Read more...]
SEC Says X Account Hacked via SIM Swapping
The US Securities and Exchange Commission on Monday revealed that hackers used SIM swapping to take over its X (formerly Twitter) account. The hack occurred on January 9, when a post sent from the agency’s @SECGov account on the social platform announced that a long-awaited bitcoin exchange-traded fund (ETF) was approved. The post caused the price of bitcoin to spike more than $1,000. Shortly … [Read more...]
Russian Hackers Suspected of Sweden Cyberattack
Online services at some Swedish government agencies and shops have been disrupted in a ransomware attack believed to have been carried out by a Russian hacker group, IT consultancy Tietoevry said. The Swedish-Finnish group, which provides online security systems, said the problem could take weeks to fix. It said one of its data centers in Sweden was attacked overnight Friday to Saturday, knocking … [Read more...]
F5 Names Samir Sherif as New CISO
Application delivery and security firm F5 (NASDAQ: FFIV) announced this week that Samir Sherif has been named Senior Vice President and Chief Information Security Officer (CISO). In this role, Sherif will lead Seattle-based F5’s enterprise cybersecurity strategy and security culture and oversee cybersecurity standards and programs for F5’s products and services. Sherif previously served as … [Read more...]
Subway Sandwich Chain Investigating Ransomware Group’s Claims
Sandwich chain Subway has launched an investigation after the notorious LockBit ransomware group claimed over the weekend that it hacked into the company’s systems and stole vast amounts of information. “The biggest sandwich chain is pretending that nothing happened,” the LockBit gang said in a message posted on its website. “We exfiltrated their SUBS internal system which includes hundreds … [Read more...]
A Sanction Has Been Imposed on a Hacker Who Released Australian Health Insurer Client Data
A Russian national has been sanctioned by the Australian government for his role in a cyber attack that compromised the personal information of more than 10 million Australians. In October 2022, client data from Medibank, Australia’s largest health insurer, was released by an extortionist, including details of HIV diagnoses and drug abuse treatments, after the company refused to pay a ransom for … [Read more...]
Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation
Apple is pushing out fresh versions of its flagship iOS and macOS platforms with patches for multiple WebKit vulnerabilities being exploited as zero-day in the wild. The device maker said the newest iOS 17.3 and macOS Sonoma 14.3 updates fix at least 16 documented vulnerabilities that expose Apple users to code execution, denial-of-service and data exposure attacks. The Cupertino company called … [Read more...]
Security Experts Describe AI Technologies They Want to See
The cybersecurity business runs on technology hype cycles and buzzwords. From zero trust to blockchain, digital transformation to posture management, defenders have been on a constant search for transformational, leapfrog technologies to stem the flow of cyberattacks. Over the last year, Artificial Intelligence (AI) and Large Language Models (LLMs) have exploded as the most exciting frontier for … [Read more...]
Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure
Attempts to exploit a critical Atlassian Confluence vulnerability tracked as CVE-2023-22527 started just days after the existence of the flaw came to light. An advisory published by Atlassian on January 16 informed customers that out-of-date versions of Confluence Data Center and Server are affected by a critical security hole that allows an unauthenticated attacker to achieve remote code … [Read more...]
LoanDepot Breach: 16.6 Million People Impacted
Lending giant LoanDepot (NYSE: LDI) said Monday that roughly 16.6 million individuals were impacted as a result of a ransomware attack originally disclosed earlier this month. In a Form 8-K filing with the Securities and Exchange Commission (SEC) on January 4th, the company said it “has determined that the unauthorized third party activity included access to certain company systems and the … [Read more...]
New NTLM Hash Leak Attacks Target Outlook, Windows Programs
Data security firm Varonis has disclosed a new vulnerability and three attack methods for obtaining NTLM v2 hashes by targeting Microsoft Outlook and two Windows programs. The new vulnerability is tracked as CVE-2023-35636. It has been assigned an ‘important’ severity rating by Microsoft, which fixed it with its December 2023 Patch Tuesday updates. The remaining issues have been assigned a … [Read more...]
Owner of Cybercrime Website BreachForums Sentenced to Supervised Release
Conor Brian Fitzpatrick, the owner of the infamous cybercrime website BreachForums, was sentenced last week to time served and 20 years of supervised release. The man, Conor Brian Fitzpatrick, of Peekskill, New York, known online as ‘Pompompurin’, was arrested in March 2023. In April, he pleaded guilty to conspiracy to commit device fraud, access device fraud, and possession of child … [Read more...]
Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021
Evidence suggests that a Chinese cyberespionage group had been exploiting a recent VMware vCenter Server vulnerability as a zero-day since 2021, Mandiant reports. The flaw, tracked as CVE-2023-34048 (CVSS score of 9.8), is an out-of-bounds write bug in VMware’s implementation of the DCERPC protocol that could allow an attacker with network access to execute arbitrary code remotely. VMware released … [Read more...]
France Fines Yahoo 10 Mn Euros Over Cookie Abuses
France’s data protection watchdog said Thursday that it had fined Yahoo 10 million euros for not respecting users’ refusals of internet-tracking “cookies” or implying they would lose access to email accounts if they did. The fine imposed in December, equivalent to $10.9 million, came after the CNIL authority received complaints and carried out investigations in October 2020 and June 2021. It found … [Read more...]
In Other News: WhatsApp Privacy Issue, Spying via Ambient Light Sensor, Bigpanzi Botnet
SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy … [Read more...]
- « Previous Page
- 1
- …
- 33
- 34
- 35
- 36
- 37
- …
- 140
- Next Page »