US Accuses Venezuelan Doctor of Creating and Selling Ransomware
A citizen of France and Venezuela has been charged in the United States for allegedly creating, using, and selling ransomware.
read more
A citizen of France and Venezuela has been charged in the United States for allegedly creating, using, and selling ransomware.
read more
A citizen of France and Venezuela has been charged in the United States for allegedly creating, using, and selling ransomware.
read more
Security researchers at NCC Group have created a new tool capable of launching a new type of Bluetooth Low Energy (BLE) relay attack that bypasses existing protections and mitigations.
read more
Security researchers at NCC Group have created a new tool capable of launching a new type of Bluetooth Low Energy (BLE) relay attack that bypasses existing protections and mitigations.
read more
A new variant of the Sysrv botnet has added a recent Spring Cloud Gateway vulnerability to its exploit portfolio, Microsoft warns.
The Sysrv botnet has been active since at least late 2020, looking to exploit known security bugs in access interfaces in…
SonicWall has released patches for multiple vulnerabilities in its Secure Mobile Access (SMA) series appliances, including a high-severity issue that could lead to unauthorized access.
read more
The Iran-linked hacking group OilRig was observed using a new backdoor in an attack against a government official within Jordan’s foreign ministry, according to new research published this week.
read more
devOcean has emerged from stealth mode with a cloud-native security operations platform and $6 million in funding. The company’s seed round was led by Glilot Capital Partners, with participation from angel investors.
read more
CrowdStrike has detailed a new post-exploitation framework that could be the work of a state-sponsored threat actor, one likely linked to China.
read more
A Ukrainian national has been sentenced to four years in a US prison for decrypting stolen usernames and passwords and selling them on a dark web marketplace.
read more
Proofpoint’s security researchers have documented a new remote access trojan (RAT) being used in a series of recent attacks targeting various industries in multiple European countries.
read more
Application security startup StackHawk today announced that it has raised $20.7 million in Series B funding, which brings the total investment in the company to $35.3 million.
The funding round was co-led by Sapphire Ventures and Costanoa Ventures, wit…
Over the past several months, Iran-linked cyberespionage group Charming Kitten has been engaging in financially-motivated activities, the Secureworks Counter Threat Unit (CTU) reports.
read more
HP on Wednesday announced the release of patches for two high-severity vulnerabilities that impact the UEFI firmware of more than 200 laptops, workstations, and other products.
read more
Intel on Tuesday announced the release of patches for multiple vulnerabilities across its product portfolio, including a series of high-severity vulnerabilities in the BIOS firmware of several processor models.
read more
Google this week announced the release of a Chrome browser update that resolves a total of 13 vulnerabilities, including nine that were reported by external researchers.
Of the externally reported security holes, seven are use-after-free bugs – these t…
Healthcare technology company Omnicell revealed in a filing with the United States Securities and Exchange Commission (SEC) that it recently fell victim to a ransomware attack.
read more
As part of its May 2022 Security Patch Day, SAP announced on Tuesday the release of eight new and four updated security notes, including three that address the recent Spring4Shell vulnerability in more products.
read more
The number of attacks targeting Windows Print Spooler vulnerabilities has been increasing, according to cybersecurity firm Kaspersky.
read more
Microsoft on Monday shared information on patches and mitigations for a vulnerability impacting Azure Data Factory and Azure Synapse Pipelines.
read more
Agricultural equipment giant AGCO says its business operations have been impacted after falling victim to a ransomware attack last week.
AGCO designs, makes, and distributes agricultural machinery and precision technology, offering equipment under bran…
RubyGems has addressed a critical vulnerability that could have allowed any RubyGems.org user to remove and replace certain Ruby gems.
A package hosting service for the Ruby programming language, RubyGems.org hosts more than 170,000 gems. RubyGems also…
Zero trust enterprise VPN provider Tailscale this week announced that it has closed a $100 million Series B funding round that brings the total raised by the company to $115 million.
The investment round was led by CRV and Insight Partners, with partic…
Platform-as-a-service company Heroku this week shared additional details on an April cyberattack that resulted in unauthorized access to multiple customers’ GitHub repositories.
read more
Apple, Google, and Microsoft announce support for passwordless sign-in via FIDO open authentication standard
read more
Code hosting platform GitHub on Wednesday said it would make it mandatory for software developers to use at least one form of two-factor authentication (2FA) by the end of 2023.
read more
Google this week announced the release of patches for 36 vulnerabilities as part of its May 2022 security updates for Android, including one that appears to have been exploited.
read more
The Federal Bureau of Investigation says business email compromise (BEC) and email account compromise (EAC) losses have surpassed $43 billion globally.
read more
Cisco on Wednesday announced patches to address severe vulnerabilities in Enterprise Network Function Virtualization Infrastructure Software (NFVIS), including a critical bug that allows attackers to escape from a guest virtual machine (VM).
read more
…
Threat hunters at Kaspersky are publicly documenting a malicious campaign that abuses Windows event logs to store fileless last stage Trojans and keep them hidden in the file system.
read more
Researchers at Google’s Threat Analysis Group (TAG) say the number of advanced threat actors using Ukraine war-related themes in cyberattacks went up in April with a surge in malware attacks targeting critical infrastructure.
read more
Application security firm ShiftLeft on Tuesday announced that it has received $29 million in expansion capital funding, which brings the total raised by the company to over $58 million.
The new funding round was led by Blackstone Innovations Investment…
Researchers at cybersecurity firm SentinelOne have observed a Chinese hacking group taking a trial-and-error approach to abusing antivirus applications for the sideloading of malicious DLLs.
read more
Security researchers at Mandiant are documenting the discovery of a new hacking group focused on cyberespionage targeting employees responsible for corporate development, large corporate transactions, and mergers and acquisitions.
read more
The US Department of Defense (DoD) on Monday announced the conclusion of a 12-month pilot Defense Industrial Base-Vulnerability Disclosure Program (DIB-VDP) aimed at finding flaws in contractor networks.
read more
A California man was convicted last week for his role in a multi-million dollar phishing scheme targeting the US Department of Defense (DoD).
read more
Russian cyberespionage group APT29 has been observed using new malware and techniques in phishing campaigns targeting diplomatic organizations in Europe, the Americas, and Asia, Mandiant reports.
read more
Google has taken another step toward enabling new privacy-focused advertising solutions on Android, with the release of Privacy Sandbox in developer preview.
read more
Microsoft-owned code hosting platform GitHub says the recent cyberattack that resulted in the cloning of private repositories was highly targeted in nature.
read more
Certificate management startup Smallstep Labs announced that it has raised $26 million in funding from several venture capital firms.
read more
In an effort to improve the security of its mobile operating system, Google has temporarily increased the bug bounty payouts for vulnerabilities identified in Android 13 beta.
read more
Cybersecurity companies have analyzed “Bumblebee,” a relatively new custom malware downloader that appears to have been used by several cybercrime groups.
read more
The Open Source Security Foundation (OpenSSF) has announced a new project whose goal is to help identify malicious packages in open source repositories.
read more
Rapid7 security researchers have identified 2,000 internet-exposed Linux servers that appear to be impacted by a Redis vulnerability that has been exploited in attacks.
read more
Data security company Veza has emerged from stealth mode after raising more than $110 million in funding.
The investment came from venture firms such as Accel, Ballistic Ventures, Bain Capital, Norwest Venture Partners, GV, and True Ventures, as well a…
Cisco this week announced the release of its April 2022 bundle of security advisories for Cisco Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC).
read more
Security and web performance services provider Cloudflare recently mitigated the largest HTTPS distributed denial-of-service (DDoS) attack it has seen to date.
read more
Cybersecurity firm Group-IB identified more than 91,000 publicly-exposed databases in the first quarter of 2022, significantly more than in the previous year.
read more
Risk intelligence startup Strider Technologies today announced that it has raised $45 million in Series B funding, which brings the total investment in the company to $57 million.
The new funding round was led by Valor Equity Partners, with additional …
A China-linked state-sponsored cyberespionage group has started targeting the Russian military in recent attacks, which aligns with China’s interests in the Russia-Ukraine war, Secureworks reports.
read more
Google this week announced that Chrome 101 was released to the stable channel with 30 security fixes inside, including 25 for vulnerabilities identified by external security researchers.
read more
German wind turbine giant Deutsche Windtechnik has issued a notification to warn that some of its IT systems were impacted in a targeted professional cyberattack earlier this month.
read more
Source Defense, a provider of web application client-side protection, says it pocketed $27 million in Series B funding, bringing the total investment raised by the company to $47 million.
read more
As part of a recent cyberattack, threat actors deployed ransomware less than four hours after compromising the victim’s environment, according to researchers with The DFIR Report.
read more
Facebook parent company Meta today announced that its bug bounty program will cover vulnerabilities that can be exploited to bypass integrity safeguards.
read more
Drupal on Wednesday announced the release of security updates to resolve a couple vulnerabilities that could lead to access bypass and data overwrite.
read more
Cisco on Wednesday announced the release of patches for several high-severity vulnerabilities in its products, including a bug reported by the National Security Agency (NSA).
read more
The Federal Bureau of Investigation (FBI) this week published indicators of compromise (IOCs) associated with the BlackCat Ransomware-as-a-Service (RaaS).
read more
A newly identified variant of the BotenaGo malware is specifically targeting security cameras manufactured by Taiwan-based Lilin, warns OT and IoT security firm Nozomi Networks.
read more
Zero Trust endpoint security provider ThreatLocker this week announced that it has raised $100 million in Series C funding, which brings the total investment in the company to $124.4 million.
The new funding round was led by General Atlantic, with addi…
Hot patches made available by Amazon Web Services (AWS) in response to the recent Log4j vulnerabilities could be exploited for privilege escalation or to escape containers, according to Palo Alto Networks.
read more
Oracle on Tuesday announced the release of 520 security fixes as part of its April 2022 Critical Patch Update (CPU), including nearly 300 for vulnerabilities that can be exploited remotely without authentication.
read more
Computer maker Lenovo has started pushing security patches to address three vulnerabilities impacting the UEFI firmware of more than 110 laptop models.
read more
NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) on Tuesday kicked off the thirteen installment of Locked Shields, its annual live-fire cyber defense exercise.
read more
Online fraud prevention startup SEON today announced that it has closed a $94 million Series B funding round that brings the total investment in the company to $107 million.
The funding round was led by IVP, with additional investment from Creandum and…
North Korean state-sponsored hacking group Lazarus continues to target blockchain and cryptocurrency organizations in recent campaigns, the United States government warns.
read more
Cisco’s enterprise-facing Webex video conferencing and messaging utility monitors the microphone at all times, even when the user’s microphone is muted in the software, according to warning from a group of academic researchers.
read more
The Federal Bureau of Investigation (FBI) has issued an alert on a new phishing scheme aimed at tricking victims into making money transfers to accounts controlled by cybercriminals.
read more
GitHub has sounded the alarm on a cyberattack that resulted in the private repositories of dozens of organizations being downloaded by an unauthorized party abusing stolen OAuth user tokens.
The incident was identified on April 12, when the code hostin…
Juniper Networks this week announced the release of patches for more than 30 vulnerabilities across its portfolio, including severe flaws in Contrail Networking and Junos OS.
read more
The Conti ransomware gang has claimed responsibility for a cyberattack that forced wind turbine giant Nordex to shut down internal systems on March 31.
The incident, the company revealed in early April, was identified at an early stage, but resulted in…
A recently identified DDoS botnet has targeted several router models and various types of web servers by exploiting known vulnerabilities, Fortinet warns.
read more
A Chrome 100 update that Google announced on Thursday resolves two vulnerabilities in the popular browser, including one already exploited in the wild.
read more
Cloud data security startup DoControl has closed a $30 million Series B funding round that brings the total raised by the company to $43 million.
The financing round was led by Insight Partners, with additional investments from Cardumen Capital, CrowdS…
A critical vulnerability addressed in the Elementor WordPress plugin could allow authenticated users to upload arbitrary files to affected websites, potentially leading to code execution.
Elementor is a drag-and-drop website builder for WordPress that …
Cisco announced on Wednesday that updates released for its Wireless LAN Controller (WLC) software address a critical vulnerability that could allow an attacker to bypass authentication.
read more
Nordex says cyber incident limited to internal IT infrastructure, wind turbine farms unaffected
read more
Managed detection and response (MDR) solutions provider Critical Start on Tuesday announced that it has received more than $215 million in strategic growth funding from private equity firm read more
Read More MDR Provider Critical Start Lands $215 Million Growth InvestmentCitrix this week announced patches for multiple vulnerabilities across its product portfolio, including a high-severity issue in SD-WAN.
read more
German software maker SAP announced on Tuesday that more than 30 new and updated security notes were released on its April 2022 Security Patch Day, including notes that deal with the Spring4Shell vulnerability.
read more
Identity security firm Silverfort on Tuesday announced closing a $65 million Series C funding round that brings the total raised by the company to just over $100 million.
read more
Amazon Web Services (AWS) on Monday announced that it recently addressed a vulnerability in Amazon Relational Database Service (RDS) that could lead to the exposure of internal credentials.
read more
Christie Business Holdings Company (Christie Clinic), a major medical practice in Illinois, is informing roughly 500,000 individuals that their personal information was potentially compromised in a data breach.
read more
The latest Chrome security update started rolling out on Monday with patches for 11 vulnerabilities.
Ten of the addressed vulnerabilities were reported by external researchers. Of these, eight are rated “high severity” and two “medium severity.”
read m…
In an attempt to improve security, the latest Raspberry Pi OS release no longer creates a default “pi” account, requiring users to set up custom accounts instead.
read more
Threat Fabric security researchers have analyzed an Android banking trojan that allows its operators to perform on-device fraud.
read more
Conti ransomware gang claimed responsibility for cyberattack on Wisconsin-based tool maker
read more
A Ukrainian national was sentenced on Thursday to five years in prison in the United States for his role in the infamous FIN7 hacking group.
The man, Denys Iarmak, 32, was a high-level hacker within FIN7, also referred to as a “pen tester,” working wit…
Blockchain security startup CertiK on Thursday announced that it has raised $88 million in a Series B3 funding round, which boosted its valuation above the $2 billion mark. Over the past nine months, the company has raised $230 million.
read more
Google this week announced updated target level API requirements for Android applications in an attempt to improve the overall security of the ecosystem.
read more
Microsoft this week announced Windows Autopatch, a new automatic updates service for Windows 10 and 11 Enterprise E3 customers that will manage all software, firmware, driver, and enterprise app updates.
read more
Over the past couple of months, security researchers identified several applications in Google Play that were designed to download the SharkBot Android trojan.
read more
Video communications giant Zoom this week announced that it paid out roughly $1.8 million in bug bounty rewards in 2021.
The company launched its bug bounty program on the HackerOne platform in 2019, and says it has handed out more than $2.4 million in…
VMware on Wednesday announced patches for several critical and high-severity vulnerabilities affecting Workspace ONE Access and other products.
read more
Microsoft announced this week that on-premises versions of Exchange, SharePoint, and Skype for Business have been added to its Applications and On-Premises Servers Bounty Program.
The tech giant is offering up to $26,000 in rewards for eligible reports…
Google on Tuesday announced that security researchers submitting eligible Google Nest and Fitbit vulnerability reports through its bug bounty program can now receive double the usual bounty payouts.
read more
Coro this week announced that it has raised $60 million in a Series C funding round that brings the total raised over the past six months to $80 million.
The latest funding round was led by Balderton Capital, with participation from Jerusalem Venture P…
Despite recent arrests and convictions, the FIN7 cybercrime operation has continued to evolve, with hackers updating their tools and techniques and changing monetization strategies, according to cybersecurity firm Mandiant.
read more
The Android updates released by Google for April 2022 include patches for 44 vulnerabilities, including several rated “critical severity.”
As usual, the update was split into two parts, with the first of them arriving on devices as the “2022-04-01 secu…
The US Department of State on Monday announced the creation of the Bureau of Cyberspace and Digital Policy (CDP).
The new entity was created to deal with national security challenges, but also with the implications of cyberspace and digital technologie…