Secure enterprise microservices development startup Codezero this week announced that it has raised $3.5 million in a seed funding round led by Ballistic Ventures, with additional funding from angel investors. …
Author: SecurityWeek
Thousands of WordPress websites are potentially at risk of takeover due to a critical-severity vulnerability in two MiniOrange plugins that were discontinued recently, the Wordfence team at WordPress security company …
The Federal Trade Commission has announced a $26 million settlement with two tech support firms that duped consumers into paying for unnecessary antivirus and computer repair services.
According to an …
A recent data breach at France’s government unemployment agency could impact as many as 43 million people, authorities announced this week.
The affected agency, France Travail, formerly known as Pole …
Cloud account attacks, increasing Mac malware, malvertising morphing from the distribution of adware to more dangerous malware, and more, are all discussed by Red Canary in its 2024 Threat Detection …
Google today announced that the standard Safe Browsing protections in the Chrome browser can now identify bad sites in real time.
The real-time protection was previously available if the Enhanced …
Web traffic management firm BotGuard OU on Wednesday announced raising €12 million (~$13.1 million) in a Series A funding round that brings the total investment to approximately $13.7 million.
The …
Microsoft announced on Wednesday that its Copilot for Security solution will become generally available worldwide on April 1, 2024.
Microsoft Copilot for Security, which has been available to some users …
Cisco on Wednesday announced patches for multiple vulnerabilities in IOS RX software, including three high-severity flaws leading to denial-of-service (DoS) and elevation of privilege.
The most severe of the high-severity …
Since OpenAI’s release of ChatGPT in November 2022, the number of products using Generative AI has skyrocketed. Right now there are some 12,000 AI tools available promising to help with …
TikTok once again finds itself in a precarious position as lawmakers in Washington move forward with a bill that could lead to a nationwide ban on the platform.
The House …
The exploitation of a high-severity Kubernetes vulnerability can lead to arbitrary code execution with System privileges on all Windows endpoints in a cluster, Akamai warns.
The issue, tracked as CVE-2023-5528 …
The US Department of Health and Human Services’ Office for Civil Rights (OCR) is launching an investigation to determine whether protected health information was compromised in the recent Change Healthcare …
European Union lawmakers gave final approval to the 27-nation bloc’s artificial intelligence law Wednesday, putting the world-leading rules on track to take effect later this year.
Lawmakers in the European …
Chipmakers Intel and AMD have published 10 new security advisories this Patch Tuesday to inform customers about vulnerabilities impacting their products.
Intel published eight new advisories, including two that describe …
Healthcare has long been a primary target for ransomware attacks. This is not changing and is not likely to change. Claroty/Team82’s State of CPS Security – Healthcare 2023 discusses the …
The White House has published its $7.3 trillion budget proposal for fiscal year 2025 and the administration again wants to increase cybersecurity spending.
Several sections of President Biden’s budget plan …
API security firm Salt Security has conducted an analysis of ChatGPT plugins and found several types of vulnerabilities that could have been exploited to obtain potentially sensitive data and take …
Stanford University has started notifying 27,000 individuals that their personal information was stolen in a ransomware attack on its Department of Public Safety (DPS).
The incident was discovered on September …
A team of researchers from IBM and the VU Amsterdam university in the Netherlands on Tuesday disclosed the details of a new type of data leakage attack impacting all major …
Fortinet on Tuesday announced patches for multiple vulnerabilities in its network security and management products, including critical-severity flaws leading to code execution.
The first critical bug is CVE-2023-42789, an out-of-bounds …
The United States is spearheading the first United Nations resolution on artificial intelligence, aimed at ensuring the new technology is “safe, secure and trustworthy” and that all countries, especially those …
Enterprise software maker SAP on Tuesday released 10 new and two updated security notes as part of its March 2024 Security Patch Day, calling attention to serious bugs in business-facing …
Siemens and Schneider Electric have published their March 2024 Patch Tuesday security advisories, which cover more than 200 vulnerabilities affecting their products.
Siemens
Siemens has published 11 new advisories describing …
The US Government Accountability Office (GAO) has conducted a study focusing on the operational technology (OT) cybersecurity products and services offered by CISA and found that some of the security …
Vulnerabilities affecting Linear building access control products, including a security flaw that has been exploited in the wild, have been patched nearly five years after their initial disclosure.
In May …
Justice Department Beefs up Focus on Artificial Intelligence Enforcement, Warns of Harsher Sentences
The Justice Department is stepping up its focus on artificial intelligence, with officials warning Thursday that companies and people who deliberately misuse the technology to advance a white-collar crime like …
A TeamCity vulnerability disclosed recently in controversial circumstances is being exploited in ransomware attacks, according to the product’s developer and cybersecurity companies.
On March 4, JetBrains, the developer of the …
A financially motivated threat actor has been targeting one-day vulnerabilities in public-facing services to deploy Linux backdoors, Check Point reports.
Tracked as Magnet Goblin, the adversary was seen quickly adopting …
Microsoft says the Russian government-backed hacking team that broke into its corporate network and spied on senior executives also stole source code and may still be poking around its internal …
The US cybersecurity agency CISA has laid out key actions for securing open source software (OSS) following a two-day OSS security summit where it has convened with community leaders.
Steps …
Reach Security, a California startup promising technology to help businesses manage the maze of security tools and products, has raised $20 million in early stage venture capital funding.
The company …
Software startup Defense Unicorns on Thursday announced that it has raised $35 million in a Series A funding round led by Sapphire Ventures and Ansa Capital, which brings the total …
Change Healthcare parent company UnitedHealth Group says it has restored pharmacy services disrupted by a BlackCat ransomware attack more than two weeks ago.
In an incident update on Thursday, the …
A Chinese advanced persistent threat (ATP) actor tracked as Evasive Panda has been observed targeting Tibetans in watering hole and supply chain attacks, cybersecurity firm ESET reports.
Also referred to …
Multiple vulnerabilities in Sceiner firmware allow attackers to manipulate smart locks and open doors, Aleph Research reveals.
Based in China, Sceiner is a technology company that manufactures various smart locks …
A group of 40 state attorneys general have sent a letter to Instagram and Facebook parent company Meta expressing “deep concern” over what they say is dramatic uptick of consumer …
HP announced on Thursday that several of its business PCs now benefit from protection against quantum computer attacks thanks to a new security chip.
The tech giant said the 5th …
France-based Zama, which describes itself as an open source cryptography company, on Thursday announced raising $73 million in a Series A funding round.
The investment, which Zama says is one …
The FBI’s Internet Crime Complaint Center (IC3) has published its annual report for 2023, which reveals that the number of cybercrime complaints received by the agency increased by nearly 10% …
A Nigerian national has pleaded guilty in a US court to his role in a business email compromise (BEC) fraud scheme that caused roughly $200,000 in losses.
Henry Echefu, 32, …
Cisco on Wednesday announced patches for two high-severity vulnerabilities in Secure Client, the enterprise VPN application that also incorporates security and monitoring capabilities.
The first issue, tracked as CVE-2024-20337, impacts …
Organizations in the US have been targeted since at least 2021 in various phishing and business email compromise (BEC) campaigns spoofing government and private businesses, Proofpoint reports.
The attacks, attributed …
Apple is opening small cracks in the iPhone’s digital fortress as part of a regulatory clampdown in Europe that is striving to give consumers more choices — at the risk …
Threat actors started targeting a critical TeamCity vulnerability almost immediately after patches were announced and its details were made public due to what appears to be poor communication during the …
Fidelity Investments Life Insurance Company is informing roughly 28,000 individuals that their personal information was compromised in a data breach at third-party services provider Infosys McCamish System (IMS).
The data …