Wednesday, April 21, 2021
SecurityWeek

Google Chrome Hit in Another Mysterious Zero-Day Attack

Google late Tuesday shipped another urgent security patch for its dominant Chrome browser and warned that attackers are exploiting one of the zero-days in active attacks. read more
SecurityWeek

Pulse Secure Zero-Day Flaw Actively Exploited in Attacks

Multiple threat actors are actively engaged in the targeting of four vulnerabilities in Pulse Secure VPN appliances, including a zero-day identified this month that won't be patched until next month. read more
SecurityWeek

Passwordless Authentication Firm HYPR Raises $35 Million

HYPR, a company that provides cloud-based passwordless authentication platform, has raised $35 million in a Series C financing, doubling the company’s total funding to more than $70 million.  read more
SecurityWeek

Japan Says Chinese Military Likely Behind Cyberattacks

Tokyo police are investigating cyberattacks on about 200 Japanese companies and research organizations, including the country’s space agency, by a hacking group believed to be linked to the Chinese military, the government said Tuesday. read more
SecurityWeek

Firefox 88 Combats Cross-Site Tracking to Improve User Privacy

Mozilla this week released Firefox 88 in the stable channel with patches for a dozen vulnerabilities and with improved user privacy, obtained through isolating the window.name property to the website that created it. read more
SecurityWeek

US Takes Steps to Protect Electric System From Cyberattacks

The Biden administration is taking steps to protect the country’s electric system from cyberattacks through a new 100-day initiative combining federal government agencies and private industry. read more
SecurityWeek

Druva Raises $147 Million at $2 Billion Valuation

California-based cloud data protection and management firm Druva on Monday announced raising another $147 million, which brings the company’s valuation to more than $2 billion. read more
SecurityWeek

SaaS Security Company Grip Security Emerges From Stealth

SaaS security company Grip Security on Tuesday emerged from stealth mode and announced raising $6 million in seed funding. read more
SecurityWeek

Car Insurance Company GEICO Discloses Data Breach

American auto insurance provider GEICO has disclosed a cyber-incident that resulted in driver’s license numbers being compromised. A wholly owned subsidiary of Berkshire Hathaway, the Government Employees Insurance Company (GEICO) is the second largest car insurer in the United States,...
SecurityWeek

Mastercard Acquires Digital Identity Verification Firm Ekata for $850 Million

Mastercard on Monday announced that it’s acquiring digital identity verification company Ekata for $850 million. The acquisition of Seattle-based Ekata is part of Mastercard’s plan to boost its identity verification capabilities. read more
SecurityWeek

Supreme Court Asked to Give Access to Secretive Court’s Work

Civil liberties groups are asking the Supreme Court to give the public access to opinions of the secretive court that reviews bulk email collection, warrantless internet searches and other government surveillance programs. read more
SecurityWeek

Russian Security Vendor Positive Technologies Responds to U.S. Sanctions

Following sanctions announced by the U.S. Department of the Treasury last week, Russian cyber-security firm Positive Technologies says the  accusations are groundless. read more
SecurityWeek

WordPress 5.7.1 Patches XXE Flaw in PHP 8

WordPress has released version 5.7.1 of its popular content management system (CMS), which brings more than 25 bug fixes, including patches for two security vulnerabilities. read more
SecurityWeek

Member of FIN7 Hacking Group Sentenced to US Prison

A Ukrainian national arrested for his role in a hacking group that compromised millions of financial accounts was sentenced to a decade in prison, US prosecutors said Friday. read more
SecurityWeek

Cybersecurity M&A Roundup for April 12-18, 2021

Several cybersecurity-related acquisitions and mergers were announced in the week of April 12-18, 2021. read more
SecurityWeek

FCC to Focus Efforts on 5G, Software and Cloud Service Vulnerabilities

Former Chairman of the Federal Communications Commission (FCC), Ajit Pai, resigned on the day of President Biden’s inauguration. He was replaced by Acting Chairwoman Jessica Rosenworcel, who last month delivered her first major action by fining Texas based telemarketers...
SecurityWeek

Europol Report Highlights Pandemic's Effect on Cybercrime

Europol’s Serious Organized Crime Threat Assessment report 2021 summarizes the criminal threat of the last four years and provides insights into what to expect over the next four years. While focused on Europe, it will not be substantively different...
SecurityWeek

PlexTrac Raises $10 Million for Its Purple Teaming Platform

PlexTrac, a company that provides information security management solutions for security teams, last week announced closing a $10 million Series A funding round led by Noro-Moseley Partners and Madrona Venture Group, with participation from StageDotO Ventures. read more
SecurityWeek

Vulnerabilities in OpENer Stack Expose Industrial Devices to Attacks

Multiple vulnerabilities in the OpENer stack could be exploited in attacks aimed at supervisory control and data acquisition (SCADA) and other industrial systems that use OpENer. read more
SecurityWeek

Vulnerabilities in OpENer Stack Expose Industrial Devices to Attacks

Multiple vulnerabilities in the OpENer stack could be exploited in attacks aimed at supervisory control and data acquisition (SCADA) and other industrial systems that use OpENer. read more
The Hacker News

WARNING: Hackers Exploit Unpatched Pulse Secure 0-Day to Breach Organizations

If the Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability (CVE-2021-22893) that is currently being exploited in the wild and for which there...
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…
The Register

Japan accuses Chinese military of cyber-attacks on its space agency

200 other companies also targeted, but no data lost Japan has accused a member of the Chinese Communist Party of conducting cyber-attacks on its space agency and 200 other local entities.…

Tool links email addresses to Facebook accounts at scale

Enlarge (credit: Getty Images) Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale,...
SC Magazine

With details sparse, vendors scramble to make sense of Biden 100-day grid security plan

The Biden administration launched what it called a “bold” 100-day sprint to improve the cybersecurity of electric utilities on Tuesday. The plan was not released in full to the public, or to many vendors who might be instrumental in...