Google Patches High-Risk Android Security Flaws
Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks.
The latest Android update provides documentation on 33 security bugs, some serious...
Mismanagement Driving Cybersecurity Skills Gap: Research
“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.”
read more
SAP Customer Survey Reveals False Sense of Security
Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis.
The SAP Security Survey Report 2021 is based on information from over 100 SAP...
Finite State Raises $30 Million in Series B Funding
Connected device security provider Finite State on Monday announced that it has raised $30 million in Series B funding. To date, the company has raised $49.5 million.
The funding round was led by Energize Ventures. Merlin Ventures and Schneider Electric...
Code Execution Flaw Found in Cisco Firepower Device Manager On-Box Software
Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that could be exploited to gain code execution on vulnerable devices.
FDM On-Box is used to configure Cisco Firepower firewalls, providing administrators with both management and diagnostics...
DeadRinger: A Three-Pronged Attack by Chinese Military Actors against Major Telcos
Researchers have discovered three separate Chinese military affiliated advanced threat groups simultaneously targeting and compromising the same Southeast Asian telcos. The attack groups concerned are Soft Cell, Naikon, and a third group, possibly Emissary Panda (also known as APT27).
read...
Potential RCE Flaw Patched in PyPI’s GitHub Repository
A vulnerability in the GitHub Actions workflow for PyPI’s source repository could be exploited to perform a malicious pull request and eventually execute arbitrary code on pypi.org, according to a warning from a Japanese security researcher.
read more
OT Security Firm Nozomi Networks Raises $100 Million
Nozomi Networks, a provider of operational technology (OT) and internet of things (IoT) cybersecurity solutions, said Monday that it has raised $100 million in Series D pre-IPO-funding round.
read more
Chipotle's Email Marketing Account Hacked to Spread Malware
Nobelium-style Phishing Tactics Used to Spread Malware
read more
Cybersecurity M&A Roundup: 38 Deals Announced in July 2021
Nearly 40 cybersecurity-related mergers and acquisitions were announced in July 2021.
read more
Cisco, Sonatype and Others Join Open Source Security Foundation
The Open Source Security Foundation (OpenSSF), the cross-industry forum focused on improving open source software security, has expanded its member list with the addition of names such as Accurics, Anchore, Bloomberg Finance, Cisco Systems, Codethink, Cybertrust Japan, OpenUK, ShiftLeft,...
Amazon Fined 746 Mn Euros in Luxembourg Over Data Privacy
Amazon was fined 746 million euros ($880 million) by Luxembourg authorities over allegations it flouted the EU's data protection rules, the online retail giant said Friday.
read more
NSA Shares Guidance for Government Employees on Securing Wireless Devices in Public
The National Security Agency (NSA) has published a new document to provide a series of recommendations on how governmental agencies in the United States can mitigate the cybersecurity risks associated with the use of wireless devices in public settings.
read...
Flaws in Pneumatic Tube System Can Facilitate Cyberattacks on North American Hospitals
Several serious vulnerabilities discovered in a widely used pneumatic tube system made by Swisslog Healthcare can be highly useful for ransomware attacks aimed at hospitals, according to enterprise IoT security firm Armis.
read more
Zoom to Settle US Privacy Lawsuit for $85 Mn
Zoom, the videoconferencing firm, has agreed to settle a class-action US privacy lawsuit for $85 million, it said Sunday.
The suit charged that Zoom's sharing of users' personal data with Facebook, Google and LinkedIn was a breach of privacy for...
Justice Department Says Russians Hacked Federal Prosecutors
The Russian hackers behind the massive SolarWinds cyberespionage campaign broke into the email accounts of some of the most prominent federal prosecutors’ offices around the country last year, the Justice Department said.
read more
Android Banking Trojan 'Vultur' Abusing Accessibility Services
A newly discovered Android banking Trojan relies on screen recording and keylogging instead of HTML overlays for the capturing of login credentials, according to security researchers at ThreatFabric.
read more
Russia's APT29 Still Actively Delivering Malware Used in COVID-19 Vaccine Spying
The Russian cyberespionage group known as APT29 and Cozy Bear is still actively delivering a piece of malware named WellMess, despite the fact that the malware was exposed and detailed last year by Western governments.
read more
New Chinese Threat Group 'GhostEmperor' Targets Governments, Telecom Firms
A previously undocumented Chinese-speaking threat actor is targeting Microsoft Exchange vulnerabilities in an attempt to compromise high-profile victims, Kaspersky reveals.
Tracked as GhostEmperor, the long-running operation focuses on targets in Southeast Asia and uses a formerly unknown Windows kernel-mode rootkit.
read...
Window of Exposure is Expanding and Hackers Know Exactly Where to Strike
For the last 15 years, researchers have produced an annual State of Application Security report. But in the last 18 pandemic driven months, they told SecurityWeek, “the world has turned on its head.” Both application development and use, and...
Google Patches High-Risk Android Security Flaws
Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks.
The latest Android update provides documentation on 33 security bugs, some serious...
Mismanagement Driving Cybersecurity Skills Gap: Research
“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.”
read more
Linux Kernel Security Done Right
Posted by Kees Cook, Software Engineer, Google Open Source Security TeamTo borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s, the Linux kernel runs well: when driving down the highway,...
Raccoon Stealer Bundles Malware, Propagates Via Google SEO
An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
SAP Customer Survey Reveals False Sense of Security
Many SAP customers have a false sense of security, according to a new report from risk management consultancy Turnkey Consulting and business-critical application security firm Onapsis.
The SAP Security Survey Report 2021 is based on information from over 100 SAP...
