Thursday, June 1, 2023
SecurityWeek

Chrome 114 Released With 18 Security Fixes

Chrome 114 stable brings 18 security fixes, including 13 for vulnerabilities reported by external researchers. The post Chrome 114 Released With 18 Security Fixes appeared first on SecurityWeek.
SecurityWeek

Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards

A backdoor feature found in hundreds of Gigabyte motherboard models can pose a significant supply chain risk to organizations. The post Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards appeared first on SecurityWeek.
SecurityWeek

Breaking Enterprise Silos and Improving Protection

When teams have a way to break down enterprise silos and see and understand what is happening, they can improve protection across their increasingly dispersed and diverse environment. The post Breaking Enterprise Silos and Improving Protection appeared first on SecurityWeek.
SecurityWeek

Spyware Found in Google Play Apps With Over 420 Million Downloads

Security researchers have discovered spyware code in 101 Android applications that had over 421 million downloads in Google Play. The post Spyware Found in Google Play Apps With Over 420 Million Downloads appeared first on SecurityWeek.
SecurityWeek

Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability

A decade-old critical vulnerability in Jetpack was force-patched on five million WordPress sites over the past few days. The post Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability appeared first on SecurityWeek.
SecurityWeek

Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery

The recently discovered Barracuda zero-day vulnerability CVE-2023-2868 has been exploited to deliver malware and steal data since at least October 2022. The post Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery appeared first on SecurityWeek.
SecurityWeek

PyPI Enforcing 2FA for All Project Maintainers to Boost Security

PyPI will require all accounts that maintain a project to enable two-factor authentication (2FA) by the end of 2023. The post PyPI Enforcing 2FA for All Project Maintainers to Boost Security appeared first on SecurityWeek.
SecurityWeek

Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack

Dental benefits manager MCNA is informing roughly 9 million individuals that their personal data was compromised in a data breach. The post Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack appeared first on SecurityWeek.
SecurityWeek

Many Vulnerabilities Found in PrinterLogic Enterprise Software

Multiple vulnerabilities in PrinterLogic’s enterprise management printer solution could expose organizations to various types of attacks. The post Many Vulnerabilities Found in PrinterLogic Enterprise Software appeared first on SecurityWeek.
SecurityWeek

Industrial Giant ABB Confirms Ransomware Attack, Data Theft

Industrial giant ABB has confirmed that it has been targeted in a ransomware attack, with the cybercriminals stealing some data. The post Industrial Giant ABB Confirms Ransomware Attack, Data Theft appeared first on SecurityWeek.
SecurityWeek

Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation

The recently identified Buhti operation uses LockBit and Babuk ransomware variants to target Linux and Windows systems. The post Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation appeared first on SecurityWeek.
SecurityWeek

Google Cloud Users Can Now Automate TLS Certificate Lifecycle

Google makes ACME API available to all Google Cloud users to allow them to automatically acquire and renew TLS certificates for free. The post Google Cloud Users Can Now Automate TLS Certificate Lifecycle appeared first on SecurityWeek.
SecurityWeek

Zyxel Firewalls Hacked by Mirai Botnet

A Mirai botnet has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls. The post Zyxel Firewalls Hacked by Mirai Botnet appeared first on SecurityWeek.
SecurityWeek

Watch Now: Threat Detection and Incident Response Virtual Summit

Join thousands of attendees as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack. (Login Now) The post Watch Now: Threat Detection and Incident Response Virtual Summit appeared first...
SecurityWeek

NCC Group Releases Open Source Tools for Developers, Pentesters

NCC Group announces new open source tools for finding hardcoded credentials and for distributing cloud workloads. The post NCC Group Releases Open Source Tools for Developers, Pentesters appeared first on SecurityWeek.
SecurityWeek

Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation

Website impersonation detection and prevention company Memcyco raises $10 million in seed funding. The post Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation appeared first on SecurityWeek.
SecurityWeek

New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grid

Mandiant has analyzed a new Russia-linked ICS malware named CosmicEnergy that is designed to cause electric power disruption. The post New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grid appeared first on SecurityWeek.
SecurityWeek

Security Pros: Before You Do Anything, Understand Your Threat Landscape

Regardless of the use case your security organization is focused on, you’ll likely waste time and resources and make poor decisions if you don’t start with understanding your threat landscape. The post Security Pros: Before You Do Anything, Understand Your...
SecurityWeek

Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised

The second-largest health insurer in Massachusetts was the victim of a ransomware attack in which sensitive personal information as well as health information of current and past members may have been compromised. The post Major Massachusetts Health Insurer Hit by...
SecurityWeek

Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches

Apria Healthcare is informing 1.86 million individuals of personal information compromise in 2019 and 2021 data breaches. The post Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches appeared first on SecurityWeek.
SC Magazine

We need to refine and secure AI, not turn our backs on the technology 

While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
The Hacker News

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
The Hacker News

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
The Register

Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims

Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
The Register

Feds, you’ll need a warrant for that cellphone border search

Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…