Microsoft is warning Android application users and developers about a recently uncovered attack method that can allow threat actors to take control of apps and obtain sensitive data. The issue has been named Dirty Stream and described by the tech giant as a vulnerability pattern related to path traversal. The company disclosed the details of Dirty Stream this week, focusing on its impact on the … [Read more...]
White House Issues National Security Memorandum for Critical Infrastructure
The White House this week issued a new national security memorandum (NSM) focusing on the security and resilience of critical infrastructure against cyber and physical threats. The memo replaces a decade-old presidential policy on critical infrastructure protection, which focused on threats such as terrorism. The new NSM takes into account the shift of the threat environment towards … [Read more...]
Ukrainian REvil Ransomware Affiliate Gets 13 Years in US Prison
A Ukrainian national was sentenced to 13 years and seven months in prison in the US for his role in the REvil ransomware operation. The man, Yaroslav Vasinskyi, 24, was arrested in Poland in October 2021, roughly four months after REvil, also known as Sodinokibi, was used in the massive attack on IT management software maker Kaseya, which impacted over 1,500 organizations. Vasinskyi was accused of … [Read more...]
Ransomware Defense Startup Mimic Raises Hefty $27M Seed Round
A new Silicon Valley startup called Mimic is coming out of the shadows with a hefty $27 million seed-stage funding round and ambitious plans to disrupt the ransomware detection and recovery business. The company said the seed financing was provided by Ballistic Ventures, Menlo Ventures, Team8, Wing Venture Capital and Shield Capital. The brainchild of former Shape Security chief executive Derek … [Read more...]
Building the Right Vendor Ecosystem – a Guide to Making the Most of RSA Conference
This year’s RSA Conference (RSAC) is taking place from May 6 to 9 at the Moscone Center in San Francisco. The conference serves as the epicenter for the global cybersecurity community to converge, gain valuable insights, engage in deep conversations, and discover transformative solutions that can change their business model. The Expo also reveals the latest advances in cybersecurity technology … [Read more...]
AI Security Startup Apex Emerges From Stealth With Funding From OpenAI CEO
Israeli AI security startup Apex on Thursday announced emerging from stealth mode with $7 million in seed funding. The funding round was led by Sequoia Capital and Index Ventures, with participation from angel investors. Angel investors reportedly include Sam Altman, the CEO of ChatGPT maker OpenAI. Apex aims to address the security issues introduced by the increasing use of generative-AI by … [Read more...]
Startup Dealflow: New Investments at Resonance, RunReveal, StepSecurity, Insane Cyber
Four cybersecurity startups kicked off the month of May with pre-seed, seed, and early-stage funding rounds to tackle cybersecurity problems in critical infrastructure, information technology systems, and CI/CD pipelines. The pre-RSA dealflow announcements include funding for Insane Cyber, a San Antonio, Texas-based startup focused on industrial cybersecurity. The company said it closed a $4.2 … [Read more...]
Network Security Firm Corelight Raises $150 Million
Network detection and response (NDR) company Corelight this week announced that it has raised $150 million in a Series E funding round that brings the total raised to $310 million. The new investment round was led by Accel, with additional support from Cisco Investments and CrowdStrike Falcon Fund. The San Francisco-based company provides a network traffic analysis platform that helps … [Read more...]
Verizon DBIR 2024 Shows Surge in Vulnerability Exploitation, Confirmed Data Breaches
Verizon on Wednesday published its 2024 Data Breach Investigations Report (DBIR), which shows that vulnerability exploitation surged last year. The DBIR is one of the cybersecurity industry’s most anticipated reports due to the fact that it’s based on the analysis of a significant number of real-world incidents. For the 2024 DBIR, Verizon analyzed more than 30,000 security incidents and over … [Read more...]
Japan’s Kishida Unveils a Framework for Global Regulation of Generative AI
Japanese Prime Minister Fumio Kishida unveiled an international framework for regulation and use of generative AI on Thursday, adding to global efforts on governance for the rapidly advancing technology. Kishida made the announcement in a speech at the Paris-based Organization for Economic Cooperation and Development. “Generative AI has the potential to be a vital tool to further enrich the … [Read more...]
1,400 GitLab Servers Impacted by Exploited Vulnerability
A critical vulnerability in GitLab’s email verification process, which can lead to password hijacking, is being exploited in the wild, the US cybersecurity agency CISA warns. Tracked as CVE-2023-7028 (CVSS score of 10/10), the flaw allows for password reset messages to be sent to email addresses that have not been verified, enabling attackers to hijack the password reset process and take over … [Read more...]
Russian Hackers Target Industrial Systems in North America, Europe
Government agencies from the United States, Canada and the United Kingdom are providing recommendations to critical infrastructure organizations following a series of attacks launched by apparent pro-Russia hacktivists against industrial control systems (ICS) and other operational technology (OT) systems. A fact sheet authored by the cybersecurity agency CISA and its partners reveals that … [Read more...]
Dropbox Data Breach Impacts Customer Information
Dropbox on Wednesday disclosed a data breach impacting customers of Sign, the company’s electronic signature service. Dropbox Sign, formerly known as HelloSign, enables users to send, receive and manage legally binding e-signatures. According to Dropbox, a threat actor gained access to the Sign production environment and accessed customer information, including email addresses, usernames, … [Read more...]
Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says
The Change Healthcare cyberattack that disrupted health care systems nationwide earlier this year started when hackers entered a server that lacked a basic form of security: multifactor authentication. UnitedHealth CEO Andrew Witty said Wednesday in a U.S. Senate hearing that his company, which owns Change Healthcare, is still trying to understand why the server did not have the additional … [Read more...]
Deepfake of Principal’s Voice Is the Latest Case of AI Being Used for Harm
The most recent criminal case involving artificial intelligence emerged last week from a Maryland high school, where police say a principal was framed as racist by a fake recording of his voice. The case is yet another reason why everyone — not just politicians and celebrities — should be concerned about this increasingly powerful deep-fake technology, experts say. “Everybody is vulnerable to … [Read more...]
Oasis Security Raises $35 Million to Tackle Non-Human Identity Management
Identity management startup Oasis Security has deposited $35 million in a Series A extension round that brings the total raised by the company to $75 million. The funding round, announced just three months after the company emerged from stealth mode, was led by Accel, Cyberstarts and Sequoia Capital. The New York-based startup is working on technology to help organizations manage Non-Human … [Read more...]
Traceable AI Raises $30 Million to Safeguard Cloud APIs
Traceable AI, a San Francisco startup building technology to help businesses secure cloud API connections, has raised $30 million in new venture capital as investors continue to look for profits in the enterprise data security space. The company described the financing as a strategic investment from a group of investors that include Citi Ventures (Citigroup’s VC arm), IVP, Geodesic Capital, … [Read more...]
Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push
Google Mobile VRP Google on Tuesday announced that the bug bounty rewards offered as part of its Mobile VRP launched last year have been increased ten-fold. Close to $100,000 has been handed out in bug bounty rewards as part of the program, which kicked off in May 2023 to include Google’s own mobile applications, along with apps from Developed with Google, Research at Google, Google Samples, Red … [Read more...]
Adobe Adds Content Credentials and Firefly to Bug Bounty Program
Adobe on Wednesday announced an expansion of its bug bounty program to include its implementation of Content Credentials and Adobe Firefly. The company is providing incentives for bug bounty hackers to search for and report security defects specific to Adobe’s implementation of Content Credentials and Adobe Firefly, as part of the company’s bug bounty program running on HackerOne. Relying on the … [Read more...]
Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data
Malware hunters at Lumen’s Black Lotus Labs have set eyes on a new malware platform roaming around enterprise-grade and small office/home office (SOHO) routers capable of covertly harvesting public cloud authentication data from internet traffic. The platform, tagged as Cuttlefish, is designed to steal authentication material found in web requests that transit the router from the adjacent local … [Read more...]
- « Previous Page
- 1
- …
- 4
- 5
- 6
- 7
- 8
- …
- 146
- Next Page »