Mandiant revealed on Wednesday that its account on the social media platform X, formerly Twitter, was hacked as part of a cryptocurrency theft campaign that generated at least $900,000 for cybercriminals. The X account of Mandiant, which is part of Google Cloud, was hijacked in early January and abused to promote a link to a fake website claiming to be affiliated with the legitimate Phantom … [Read more...]
Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days
Malware hunters at Volexity on Wednesday warned that suspected Chinese nation-state hackers are actively exploiting a pair of unauthenticated remote zero-day vulnerabilities in Ivanti Connect Secure VPN devices. The vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, affect fully patched Internet-facing Ivanti Connect Secure VPN appliances (formerly known as Pulse Secure) and were … [Read more...]
ExtraHop Banks $100M in Growth Funding, Adds New Execs
ExtraHop, a company in the IT analytics and network detection and response business, on Wednesday announced it had secured $100 million in growth funding from existing investors and key new additions to its executive team. The Seattle-based company, which was acquired by a pair of private equity firms in 2021, said the new investment comes at a time when it doubled ARR (annual recurring revenue) … [Read more...]
HMG Healthcare Says Data Breach Impacts 40 Facilities
Healthcare services provider HMG Healthcare has disclosed a data breach impacting the personal health information of employees and residents at 40 affiliated nursing facilities. According to a notice from the organization, the incident was identified in November 2023 but an investigation determined that the data breach occurred in August 2023. “The incident involved hackers gaining access to our … [Read more...]
French Computer Hacker Jailed in US
A computer hacker who was part of a criminal gang that stole data from hundreds of millions of people and sold it on the dark web was jailed in the United States on Tuesday. Frenchman Sebastien Raoult created fake login pages as part of the ShinyHunters hacking group, which were used to raid the personal and financial information of unsuspecting users. “For over two years, Mr. Raoult participated … [Read more...]
Anecdotes Raises $25 Million for Enterprise GRC Platform
Enterprise governance, risk management and compliance (GRC) solutions provider Anecdotes this week announced raising $25 million in a Series B funding round. The latest funding, which brings the total investment in the company to $55 million, was led by Glilot Capital Partners, with participation from Red Dot Capital Partners, Vintage Investment Partners, and Shasta Ventures. Anecdotes previously … [Read more...]
Kyocera Device Manager Vulnerability Exposes Enterprise Credentials
Organizations have been warned of a vulnerability in Kyocera Device Manager that can be exploited to capture credentials and gain access to accounts and devices. A web-based application, the Kyocera Device Manager is used for the management of multiple Kyocera printers and multifunction devices within an organization’s environment, offering support for application deployment, setting up alerts, … [Read more...]
SAP’s First Patches of 2024 Resolve Critical Vulnerabilities
Enterprise software maker SAP this week announced the release of 10 new and two updated security notes as part of its first Security Patch Day of 2024. Rated ‘hot news’, the highest rating in SAP’s notebook, two of the new and one of the updated security notes deal with critical-severity escalation of privilege vulnerabilities in several products, SAP explains in its advisory (PDF). The first hot … [Read more...]
Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report
A Dutch engineer recruited by the country’s intelligence services used a water pump to deploy the now-infamous Stuxnet malware in an Iranian nuclear facility, according to a two-year investigation conducted by Dutch newspaper De Volkskrant. Stuxnet, whose existence came to light in 2010, is widely believed to be the work of the United States and Israel, its goal being to sabotage Iran’s nuclear … [Read more...]
China Says State-Backed Experts Crack Apple’s AirDrop
Chinese state-backed experts have found a way to identify people who use Apple’s encrypted AirDrop messaging service, according to the Beijing municipal government. AirDrop allows users to send content to Apple devices in close proximity without an internet connection, encoded so they cannot be viewed by other people. The service was widely used by participants in pro-democracy protests in Hong … [Read more...]
Android’s January 2024 Security Update Patches 58 Vulnerabilities
Google kicked off 2024 with the release of patches for 58 vulnerabilities in the Android platform, along with fixes for three security bugs in Pixel devices. The first part of Android’s January 2024 update, which arrives on devices as the 2024-01-01 security patch level, addresses ten security holes in the Framework and System components, all rated ‘high severity’. “The most severe of these issues … [Read more...]
SEC Chair Says Account on X Was Hacked
The Securities and Exchange Commission said Tuesday that a post sent from the agency’s account on the social platform X announcing the approval of a long-awaited bitcoin exchange-traded fund was “unauthorized,” and that the agency’s account was hacked. The price of bitcoin briefly spiked more than $1,000 after the post on X, formerly known as Twitter, claimed “The SEC grants approval for #Bitcoin … [Read more...]
Hewlett Packard Enterprise to Acquire Juniper Networks for $14 Billion
In the first mega tech deal of 2024, Hewlett Packard Enterprise (HPE) announced late Tuesday that it has agreed to acquire network equipment maker Juniper Networks for $14 billion in cash. The acquisition is expected to double HPE’s networking business and expand its portfolio with AI-native networking offerings, marking a significant shift in HPE’s portfolio towards more dynamic, high-margin … [Read more...]
Microsoft Ships Urgent Fixes for Critical Flaws in Windows Kerberos, Hyper-V
Microsoft hit the ground running with the first Patch Tuesday release for 2024, rolling out security fixes for at least 49 security defects in a wide range of Windows OS and software components. The company called special attention to a pair of flaws with severe remote code execution risks, urging Windows fleet administrators to prioritize a feature bypass issue in Windows Kerberos and a race … [Read more...]
Delinea Acquires Authomize to Tackle Identity-Based Threats
Silicon Valley access management vendor Delinea on Tuesday announced the acquisition of Israeli startup Authomize, a deal that adds identity threat detection and response (IDTR) technologies to its product portfolio. Financial teams of the acquisition were not released but published reports out of Israel peg the price tag as “several tens of millions of dollars.” The private equity-owned Delinea, … [Read more...]
CISA Warns of Apache Superset Vulnerability Exploitation
The US cybersecurity agency CISA on Monday announced that it has added six more entries to its Known Exploited Vulnerabilities (KEV) catalog, including an Apache Superset bug disclosed in April 2023. Apache Superset is an open source application written in Python that allows users to explore and visualize large amounts of data. Superset is based on the Flask web framework and it relies on session … [Read more...]
Adobe Patches Code Execution Flaws in Substance 3D Stager
Software maker Adobe on Tuesday shipped patches for a half-dozen security defects in the Substance 3D Stager product and warned that hackers can target the vulnerabilities to launch code execution attacks. Adobe tagged the vulnerabilities with an ‘important-severity’ rating and urged users on both macOS and Windows platforms to immediately apply the updates. In the first Patch Tuesday updates for … [Read more...]
Siemens, Schneider Electric Release First ICS Patch Tuesday Advisories of 2024
On the first Patch Tuesday of 2024, industrial giants Siemens and Schneider Electric have released a total of only seven new security advisories, announcing fixes for 22 vulnerabilities. Siemens has published six new advisories covering 21 vulnerabilities. The most serious, based on its CVSS score of 10, is a vulnerability in Simatic IPCs, specifically the Redfish server component of MaxView … [Read more...]
Turkish Hackers Target Microsoft SQL Servers in Americas, Europe
Financially motivated threat actors believed to be operating out of Turkey have been caught targeting Microsoft SQL Server databases in attacks leading to the deployment of ransomware, cybersecurity firm Securonix warns in a new report. The attack campaign appears aimed at organizations in the US, Europe, and Latin America, with the attacks ending either in a Mimic ransomware infection or in … [Read more...]
Continuity in Chaos: Applying Time-Tested Incident Response to Modern Cybersecurity
Incident response is foundational to every security program, yet many companies still struggle with adoption and testing. At Blackhat 2004, the founder of Red Cliff Consulting presented a talk titled “The Evolution of Incident Response”. He enumerated the top challenges of incident response at the time which were 1) Increasing complexity and sophistication of computer attacks 2) Incident … [Read more...]
- « Previous Page
- 1
- …
- 37
- 38
- 39
- 40
- 41
- …
- 141
- Next Page »