Wednesday, October 27, 2021
SecurityWeek

150 People Arrested in US-Europe Darknet Drug Probe

Law enforcement officials in the U.S. and Europe have arrested 150 people and seized more than $31 million in an international drug trafficking investigation stemming from sales on the darknet, the Justice Department said Tuesday. read more
SecurityWeek

Adobe Patches Gaping Security Flaws in 14 Software Products

Adobe on Tuesday released a slew of urgent patches with fixes for more than 90 documented vulnerabilities that expose Windows, macOS and Linux users to malicious hacker attacks. The security defects affect a wide range of popular products, including Adobe...
SecurityWeek

Illumio Brings Visibility, Zero Trust Principles to Hybrid Cloud

A new product seeks to solve the two primary security issues that come with moving to the cloud: the danger of accidental misconfigurations and the loss of visibility.  read more
SecurityWeek

Iran Blames Cyberattack as Fuel Supply Hit

Iranian authorities on Tuesday blamed a mysterious cyber attack for unprecedented disruption to the country's fuel distribution network. read more
SecurityWeek

Mozilla Blocks Malicious Firefox Add-Ons Abusing Proxy API

The open-source Mozilla Foundation says it blocked a series of malicious Firefox add-ons that misused the proxy API that extensions use to proxy web requests. The API allows add-ons to control the manner in which the browser connects to the...
SecurityWeek

Researcher Explains Wi-Fi Password Cracking at Scale

A security researcher at CyberArk was able to easily break more than 70 percent of Wi-Fi passwords he sniffed using relatively simple, cheap equipment. read more
SecurityWeek

Targets and Prizes Announced for 2022 ICS-Themed Pwn2Own

The Zero Day Initiative (ZDI) on Monday announced the targets and prizes for the next Pwn2Own Miami hacking contest, which focuses on industrial control system (ICS) products and associated protocols. read more
SecurityWeek

Cloud Security Company Sonrai Raises $50 Million

Public cloud security provider Sonrai Security today announced that it has raised $50 million in Series C funding, which brings the total raised by the company to $88.5 million. The new funding round was led by ISTARI, but existing investors...
SecurityWeek

Enterprise Data Privacy Startup Piiano Emerges From Stealth Mode

Tel Aviv, Israel-based Piiano emerged from stealth mode on Tuesday with $9 million in seed funding and a data engineering solution designed to help enterprises centralize and secure personal and other sensitive information. read more
SecurityWeek

BillQuick Billing Software Exploited to Hack U.S. Engineering Company

Hackers abused the BillQuick Web Suite billing software to compromise the network of an engineering company in the United States and deploy ransomware, threat detection firm Huntress reports. read more
SecurityWeek

UK Spy Chiefs Seal Cloud Data Deal With Amazon: FT

UK intelligence agencies have entrusted classified data to Amazon's cloud computing arm AWS in a deal designed to vastly speed up their espionage capabilities, the Financial Times reported on Tuesday. read more
SecurityWeek

Logging and Security Analytics Firm Devo Raises $250 Million at $1.5 Billion Valuation

Cambridge, MA-based cloud-native logging, SIEM and security analytics company Devo Technology on Tuesday announced that it has achieved unicorn status after raising $250 million. read more
SecurityWeek

US State Department Sets Up Cyber Bureau, Envoy Amid Hacking Alarm

US Secretary of State Antony Blinken announced Monday that the State Department will establish a new bureau and envoy to handle cyber policy, revamping amid alarm over rising hacking attacks. In a memo to staff, Blinken said that a review...
SecurityWeek

Kansas Man Admits Hacking Public Water Facility

Roughly seven months after being indicted for his actions, a Kansas man admitted in court to tampering with the systems at the Post Rock Rural Water District. read more
SecurityWeek

CISA Raises Alarm on Critical Vulnerability in Discourse Forum Software

The United States Cybersecurity and Infrastructure Security Agency (CISA) over the weekend issued an alert on a critical vulnerability in open source discussion platform Discourse. read more
SecurityWeek

Russia-Linked SolarWinds Hackers Continue Launching Supply Chain Attacks

The Russia-linked cyberespionage group that hacked IT management solutions provider SolarWinds continues to launch supply chain attacks, Microsoft warned on Monday. read more
SecurityWeek

Changing Approaches to Preventing Ransomware Attacks

Conducting scaled and cost-effective attack surface and digital threat monitoring gives organizations of all sizes the best chance of identifying and defeating their adversaries   read more
SecurityWeek

Cybersecurity M&A Roundup for October 11-24, 2021

A total of 15 cybersecurity-related acquisitions were announced October 11-24, 2021. read more
SecurityWeek

Researcher Earns $2 Million for Critical Vulnerability in Polygon

Security researcher Gerhard Wagner earned a $2 million bug bounty reward for a critical vulnerability in Polygon’s Plasma Bridge that could have allowed a malicious user to submit the same withdrawal transaction 224 times, with different exit IDs. read more
SecurityWeek

Facebook Sues Ukrainian for Scraping, Selling Data of 178 Million Users

Facebook last week filed a lawsuit against a Ukrainian national who allegedly scraped the information of 178 million of its users and then sold the obtained information on hacker forums. read more
The Register

China Telecom booted out of USA as Feds worry it could disrupt or spy on local networks

FCC urges more action against Huawei and DJI, too The US Federal Communications Commission (FCC) has terminated China Telecom's authority to provide communications services in the USA.…
SecurityWeek

150 People Arrested in US-Europe Darknet Drug Probe

Law enforcement officials in the U.S. and Europe have arrested 150 people and seized more than $31 million in an international drug trafficking investigation stemming from sales on the darknet, the Justice Department said Tuesday. read more

Free Tool Helps Security Teams Measure Their API Attack Surface

Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.

SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike

Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.

North Korea's Lazarus Group Turns to Supply Chain Attacks

State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.