Chrome 114 Released With 18 Security Fixes
Chrome 114 stable brings 18 security fixes, including 13 for vulnerabilities reported by external researchers.
The post Chrome 114 Released With 18 Security Fixes appeared first on SecurityWeek.
Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
A backdoor feature found in hundreds of Gigabyte motherboard models can pose a significant supply chain risk to organizations.
The post Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards appeared first on SecurityWeek.
Breaking Enterprise Silos and Improving Protection
When teams have a way to break down enterprise silos and see and understand what is happening, they can improve protection across their increasingly dispersed and diverse environment.
The post Breaking Enterprise Silos and Improving Protection appeared first on SecurityWeek.
Spyware Found in Google Play Apps With Over 420 Million Downloads
Security researchers have discovered spyware code in 101 Android applications that had over 421 million downloads in Google Play.
The post Spyware Found in Google Play Apps With Over 420 Million Downloads appeared first on SecurityWeek.
Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
A decade-old critical vulnerability in Jetpack was force-patched on five million WordPress sites over the past few days.
The post Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability appeared first on SecurityWeek.
Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
The recently discovered Barracuda zero-day vulnerability CVE-2023-2868 has been exploited to deliver malware and steal data since at least October 2022.
The post Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery appeared first on SecurityWeek.
PyPI Enforcing 2FA for All Project Maintainers to Boost Security
PyPI will require all accounts that maintain a project to enable two-factor authentication (2FA) by the end of 2023.
The post PyPI Enforcing 2FA for All Project Maintainers to Boost Security appeared first on SecurityWeek.
Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack
Dental benefits manager MCNA is informing roughly 9 million individuals that their personal data was compromised in a data breach.
The post Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack appeared first on SecurityWeek.
Many Vulnerabilities Found in PrinterLogic Enterprise Software
Multiple vulnerabilities in PrinterLogic’s enterprise management printer solution could expose organizations to various types of attacks.
The post Many Vulnerabilities Found in PrinterLogic Enterprise Software appeared first on SecurityWeek.
Industrial Giant ABB Confirms Ransomware Attack, Data Theft
Industrial giant ABB has confirmed that it has been targeted in a ransomware attack, with the cybercriminals stealing some data.
The post Industrial Giant ABB Confirms Ransomware Attack, Data Theft appeared first on SecurityWeek.
Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
The recently identified Buhti operation uses LockBit and Babuk ransomware variants to target Linux and Windows systems.
The post Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation appeared first on SecurityWeek.
Google Cloud Users Can Now Automate TLS Certificate Lifecycle
Google makes ACME API available to all Google Cloud users to allow them to automatically acquire and renew TLS certificates for free.
The post Google Cloud Users Can Now Automate TLS Certificate Lifecycle appeared first on SecurityWeek.
Zyxel Firewalls Hacked by Mirai Botnet
A Mirai botnet has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls.
The post Zyxel Firewalls Hacked by Mirai Botnet appeared first on SecurityWeek.
Watch Now: Threat Detection and Incident Response Virtual Summit
Join thousands of attendees as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack. (Login Now)
The post Watch Now: Threat Detection and Incident Response Virtual Summit appeared first...
NCC Group Releases Open Source Tools for Developers, Pentesters
NCC Group announces new open source tools for finding hardcoded credentials and for distributing cloud workloads.
The post NCC Group Releases Open Source Tools for Developers, Pentesters appeared first on SecurityWeek.
Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
Website impersonation detection and prevention company Memcyco raises $10 million in seed funding.
The post Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation appeared first on SecurityWeek.
New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grid
Mandiant has analyzed a new Russia-linked ICS malware named CosmicEnergy that is designed to cause electric power disruption.
The post New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grid appeared first on SecurityWeek.
Security Pros: Before You Do Anything, Understand Your Threat Landscape
Regardless of the use case your security organization is focused on, you’ll likely waste time and resources and make poor decisions if you don’t start with understanding your threat landscape.
The post Security Pros: Before You Do Anything, Understand Your...
Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised
The second-largest health insurer in Massachusetts was the victim of a ransomware attack in which sensitive personal information as well as health information of current and past members may have been compromised.
The post Major Massachusetts Health Insurer Hit by...
Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches
Apria Healthcare is informing 1.86 million individuals of personal information compromise in 2019 and 2021 data breaches.
The post Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches appeared first on SecurityWeek.
We need to refine and secure AI, not turn our backs on the technology
While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites
WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
Feds, you’ll need a warrant for that cellphone border search
Here's a story with a twist A federal district judge has ruled that authorities must obtain a warrant to search an American citizen's cellphone at the border, barring exigent circumstances.…
