A decade ago, SD-WAN emerged as a revolutionary technology. It abstracted away network hardware from its control mechanism, enabling centralized, dynamic management and network automation for greater operational efficiency and cost optimization. Being transport agnostic, SD-WAN utilized multiple network paths — private, managed, and public internet connections — promising greater agility and cost … [Read more...]
New Password Cracking Analysis Targets Bcrypt
Cybersecurity firm Hive Systems has released the results of its latest annual analysis on cracking passwords through brute-force attacks. Hive has been conducting this study for several years and until now it has targeted passwords hashed with the widely used MD5 algorithm. However, MD5 hashes can in many cases be easily cracked and organizations have increasingly turned to more secure algorithms, … [Read more...]
Prophet Security Emerges From Stealth Mode With $11 Million in Funding
Prophet Security, a startup that automates the triage, investigation, and response to security alerts, on Tuesday announced that it has emerged from stealth mode with $11 million in seed funding. The investment round was led by Bain Capital Ventures, with additional support from several angel investors. Founded in 2023, the Silicon Valley startup leverages AI to analyze alerts in seconds and help … [Read more...]
$10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense Contractors
Four Iranian nationals were indicted in Manhattan federal court on Tuesday, charged with conducting a sophisticated cyber-espionage campaign targeting U.S. government departments, defense contractors, and private firms. The accused, still at large, are accused of targeting and hacking into critical systems at the Departments of Treasury and State and more than a dozen private US companies … [Read more...]
Spain Reopens a Probe Into a Pegasus Spyware Case After a French Request to Work Together
A Spanish judge has reopened a probe into the suspected spying on the cellphone of Spain’s prime minister after receiving a request to collaborate with a similar investigation in France. The judge with Spain’s National Court said Tuesday there is reason to believe that the new information provided by France can “allow the investigations to advance.” Both probes concern the alleged use of Pegasus … [Read more...]
The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success
Mandiant’s annual analysis of adversarial attack activity – the M-Trends report –highlights some defender improvements, but shows the outlook remains challenging. The statistics reported in the latest annual Mandiant M-Trends report are based on the company’s investigations into targeted attacks between January 1, 2023, and December 31, 2023. They reflect Mandiant’s own telemetry and do not … [Read more...]
Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations
Russia-linked cyberespionage group APT28 has been observed exploiting Windows Print Spooler vulnerabilities to deploy a custom post-exploitation tool against numerous organizations in the US, Ukraine, and Western Europe, Microsoft reports. Dubbed GooseEgg, the unique tool is a simple launcher application that can spawn other programs with elevated privileges, providing the attackers with … [Read more...]
UnitedHealth Says Patient Data Exposed in Change Healthcare Cyberattack
Change Healthcare parent company UnitedHealth Group on Monday confirmed that personally identifiable information (PII) and protected health information (PHI) was stolen in a February ransomware attack. According to the company, the data breach likely impacts “a substantial proportion of people” in the US, but the investigation into the full scope of the incident continues. “Based on initial … [Read more...]
Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability
The recently disclosed Palo Alto Networks firewall vulnerability tracked as CVE-2024-3400, which has been exploited in attacks for at least one month, has been found to impact one of Siemens’ industrial products. In an advisory published late last week, Siemens revealed that its Ruggedcom APE1808 devices configured with a Palo Alto Networks virtual next-generation firewall (NGFW) could be affected … [Read more...]
Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor
The LockBit ransomware gang has leaked 1Gb of data allegedly stolen from the District of Columbia’s Department of Insurance, Securities and Banking (DISB). The group claims to be in the possession of 800Gb of data pertaining to DISB, the US Securities and Exchange Commission (SEC), Delaware banking institutions, and other financial entities, and threatens to release it unless DISB pays a … [Read more...]
Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services
Microsoft’s PlayReady content access and protection technology is affected by vulnerabilities that could allow rogue subscribers to illegally download movies from popular streaming services, according to Poland-based cybersecurity research company AG Security Research. The research was conducted over a period of several months by Adam Gowdiak, founder and CEO of AG Security Research, formerly … [Read more...]
Research Shows How Attackers Can Abuse EDR Security Products
Endpoint detection and response (EDR) solutions can potentially be repurposed to become malicious offensive tools, a SafeBreach security researcher has demonstrated. Designed to protect devices from malware and various other types of threats, EDR solutions run with high privileges, and their potential compromise would provide threat actors with persistent, stealth access to victim devices. Looking … [Read more...]
Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow
A hack that caused a small Texas town’s water system to overflow in January has been linked to a shadowy Russian hacktivist group, the latest case of a U.S. public utility becoming a target of foreign cyberattacks. The attack was one of three on small towns in the rural Texas Panhandle. Local officials said the public was not put in any danger and the attempts were reported to federal … [Read more...]
CrushFTP Patches Exploited Zero-Day Vulnerability
CrushFTP on Friday released patches for a zero-day vulnerability in the file transfer server, warning customers of its in-the-wild exploitation. Impacting CrushFTP versions 9, 10, and 11, the security defect allows an unauthenticated attacker to escape their virtual file system (VFS) and retrieve system files, potentially opening the door to further exploitation. In its advisory, CrushFTP points … [Read more...]
Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability
There are roughly 6,000 internet-accessible Palo Alto Networks firewalls potentially affected by a recently addressed exploited vulnerability, the Shadowserver Foundation reports. Palo Alto Networks disclosed the flaw on April 12 and started rolling out patches a couple of days later. The issue had been targeted by state-sponsored threat actors and its exploitation surged last week, as … [Read more...]
MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days
MITRE revealed on Friday that one of its R&D networks was hacked a few months ago by a foreign state-sponsored threat actor leveraging zero-day vulnerabilities in an Ivanti product. The attack occurred in early January, but it was only discovered this month. It targeted MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE), an unclassified collaborative network … [Read more...]
Cannes Hospital Cancels Medical Procedures Following Cyberattack
Cannes Hospital Centre – Simone Veil (CHC-SV) shut down its systems in response to a cyberattack it fell victim to last week. Also known as the Broussailles Hospital, the healthcare organization decided to completely cut off computer access to contain the attack, which forced employees to turn to pen and paper to continue providing services to patients. “These procedures are more time-consuming … [Read more...]
BreachRx Raises $6.5M to Revamp Incident Response Reporting Systems
Venture capital investors are making an early-stage $6.5 million bet on BreachRx, a company building technology to revamp corporate incident response reporting systemss and shield cybersecurity executives from personal liability during data breaches. The San Francisco company said the seed-stage financing was provided by SYN Ventures and Overline. The idea is for BreachRx to provide “operational … [Read more...]
Threat-Intelligence Startup VulnCheck Closes $8M Seed Financing
VulnCheck, an early stage startup that styles itself as an exploit intelligence company, has closed an $8 million seed-stage funding round led by Sorenson Ventures. Based in Lexington, Mass., VulnCheck is building technology that promises exploit intelligence for vulnerability prioritization and an early-warning system for in-the-wild software exploitation activity. Since coming out of stealth … [Read more...]
In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm Attack
SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, ranging from … [Read more...]
- « Previous Page
- 1
- …
- 3
- 4
- 5
- 6
- 7
- …
- 142
- Next Page »