Security

Updates

Kaspersky Study: Devices Infected With Data-Stealing Malware Increased by 7 Times Since 2020
Nearly 10 million devices were infected with data-stealing malware in 2023, with criminals stealing an average of 50.9 credentials per device.
18-04-2024 16:26

SAP Applications Increasingly in Attacker Crosshairs, Report Shows
Malicious hackers are targeting SAP applications at an alarming pace, according to warnings from Onapsis and Flashpoint. The post appeared first on .
18-04-2024 16:06

Watch Now: Ransomware Resilience & Recovery Summit Sessions Now on Demand
Join this one-day virtual summit as we shine the spotlight on the shadowy dynamics of ransomware attacks and how you can best prepare your organization to defend against and recover from these relentless attacks. The post appeared first on .
18-04-2024 16:04

Multi-Data Platform SIEM Anvilogic Raises $45 Million
Silicon Valley startup Anvilogic has raised $45 million in a Series C funding round led by Evolution Equity Partners. The post appeared first on .
18-04-2024 14:55

United Nations Agency Investigating Ransomware Attack Involving Data Theft
United Nations Development Programme (UNDP) investigating a ransomware attack in which hackers stole sensitive data. The post appeared first on .
18-04-2024 14:21

Five Eyes Agencies Release New AI Security Guidance
Five Eyes cybersecurity agencies have released joint guidance on securely deploying and operating AI systems.  The post appeared first on .
18-04-2024 13:15

TechRepublic’s Review Methodology for Password Managers
Our review methodology for password managers involves extensive research, expert analysis and first-hand experience.
18-04-2024 11:46

Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability
Cisco patches a high-severity Integrated Management Controller vulnerability for which PoC exploit code is available. The post appeared first on .
18-04-2024 11:42

180k Impacted by Data Breach at Michigan Healthcare Organization
Cherry Health says the personal information of over 180,000 individuals was stolen in a ransomware attack. The post appeared first on .
18-04-2024 11:30

Phishing Platform LabHost Shut Down by Law Enforcement
LabHost, a major phishing-as-a-service platform, has been shut down as part of a major law enforcement operation.  The post appeared first on .
18-04-2024 10:44

Cisco Unveils AI-Native Enterprise Security Solution Hypershield
Cisco announces Hypershield, an AI-native and cloud-native enterprise security solution with a wide range of capabilities. The post appeared first on .
18-04-2024 09:07

Kapeka: A New Backdoor in Sandworm’s Arsenal of Aggression
Kapeka is a new backdoor that may be a new addition to Russia-link Sandworm’s malware arsenal and possibly a successor to GreyEnergy. The post appeared first on .
17-04-2024 19:00

Data Encryption Policy
The Data Encryption Policy’s purpose is to define for employees, computer users and IT department staff the encryption requirements to be used on all computer, device, desktop, laptop, server, network storage and storage area network disks, and drives th
17-04-2024 16:00

Miggo Security Gets $7.5 Million Seed Funding to Build ADR Technology
YL Ventures leads an early stage funding round for Miggo Security, a Tel Aviv startup working on application detection and response technology. The post appeared first on .
17-04-2024 14:54

Is a VPN Really Worth It in 2024?
Learn about the benefits of using a VPN and how to choose the right one for your business needs.
17-04-2024 14:22

Armis Acquires Silk Security for $150 Million
Armis has acquired cyber risk prioritization and remediation company Silk Security for $150 million.  The post appeared first on .
17-04-2024 14:06

Atlas VPN Free vs. Premium: Which Plan Is Best For You?
Atlas VPN will shut down its services on April 24, 2024, with all premium users to be migrated to sister company NordVPN on the same day.
17-04-2024 14:02

ProtonVPN vs. AtlasVPN (2024): Which VPN Should You Use?
Atlas VPN will shut down on April 24, with its paid users migrated to NordVPN. In this matchup, we recommend Proton VPN given its privacy-focused feature set.
17-04-2024 14:00

Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks
Cisco has observed an increase in brute-force attacks targeting web application authentication, VPNs, and SSH services. The post appeared first on .
17-04-2024 12:59

Ivanti Patches 27 Vulnerabilities in Avalanche MDM Product
Ivanti releases patches for 27 vulnerabilities in the Avalanche MDM product, including critical flaws leading to command execution. The post appeared first on .
17-04-2024 12:24

Virtual Event Today: Ransomware Resilience & Recovery Summit 
Join this one-day virtual summit as we shine the spotlight on the shadowy dynamics of ransomware attacks and how you can best prepare your organization to defend against and recover from these relentless attacks. The post appeared first on .
17-04-2024 12:13

Chrome 124, Firefox 125 Patch High-Severity Vulnerabilities
Chrome and Firefox security updates resolve over 35 vulnerabilities, including a dozen high-severity bugs. The post appeared first on .
17-04-2024 12:06

Recent OT and Espionage Attacks Linked to Russia’s Sandworm, Now Named APT44
Mandiant summarizes some of the latest operations of Russia’s notorious Sandworm group, which it now tracks as APT44. The post appeared first on .
17-04-2024 11:36

Oracle Patches 230 Vulnerabilities With April 2024 CPU
Oracle releases 441 new security patches to address 230 vulnerabilities as part of its April 2024 Critical Patch Update. The post appeared first on .
17-04-2024 10:30

Exploitation of Palo Alto Firewall Vulnerability Picking Up After PoC Release
Palo Alto Networks firewall vulnerability CVE-2024-3400 increasingly exploited after PoC code has been released.  The post appeared first on .
17-04-2024 09:54

Google Chrome: Security and UI Tips You Need to Know
Google’s Chrome web browser held a 64.41% command of the global browser market share in January 2024. That means more users are working with Chrome in significantly more use cases: mobile, desktop and even business. Because of that, users of all ty
16-04-2024 16:00

Speedify VPN Review: Features, Security & Performance
Speedify VPN offers speed-centered features that may not make up for its lack of security and pricey plan. Find out how this VPN measured up in our review.
16-04-2024 14:15

Private Internet Access VPN Review (2024): How Good is PIA VPN?
When it comes to privacy and security, PIA VPN is among the best. Discover its features, performance, pricing and more with this in-depth review.
16-04-2024 12:00

Atlas VPN Review (Updated for 2024)
Atlas VPN is a budget-friendly VPN that offers a unique IP address swapping feature perfect for privacy enthusiasts.
16-04-2024 09:36

NightVision Raises $5.4 Million for Application Security Testing
NightVision, an early stage startup in the application security testing space, has raised $5.4 million in seed funding. The post appeared first on .
15-04-2024 14:49

Ransomware Group Claims Theft of Data From Chipmaker Nexperia 
The Dark Angels (Dunghill) ransomware group claims to have stolen 1 Tb of data from Nexperia, which is investigating the incident. The post appeared first on .
15-04-2024 14:36

Juniper Networks Publishes Dozens of New Security Advisories
Juniper Networks patches dozens of vulnerabilities in Junos OS, Junos OS Evolved, and other products. The post appeared first on .
15-04-2024 13:42

TechRepublic’s Review Methodology for VPNs
Our review methodology for virtual private networks involves comprehensive research, expert analysis and first-hand experience.
15-04-2024 13:31

Destructive ICS Malware ‘Fuxnet’ Used by Ukraine Against Russian Infrastructure
ICS malware Fuxnet allegedly used by Ukrainian Blackjack group to disrupt industrial sensors and other systems belonging to a Moscow infrastructure firm. The post appeared first on .
15-04-2024 12:51

Two People Arrested in Australia and US for Development and Sale of Hive RAT
Authorities in Australia and the US have arrested and charged two individuals for developing and selling the Hive RAT. The post appeared first on .
15-04-2024 11:13

Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges
Former security engineer Shakeeb Ahmed was sentenced to prison for hacking and defrauding cryptocurrency exchanges. The post appeared first on .
15-04-2024 10:58

Palo Alto Networks Releases Fixes for Firewall Zero-Day as Attribution Attempts Emerge
Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus.  The post appeared first on .
15-04-2024 09:57

House Passes Reauthorization of Key US Surveillance Program After Days of Upheaval Over Changes
The bill was approved on a bipartisan basis, 273-147, though it will still have to clear the Senate to become law. The post appeared first on .
13-04-2024 13:28

State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls
A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks. The post appeared first on .
12-04-2024 19:52

Apple Alerts iPhone Users in 92 Countries to Mercenary Spyware Attacks
Apple recommends that iPhone users install software updates, use strong passwords and 2FA, and don’t open links or attachments from suspicious emails to keep their device safe from spyware.
12-04-2024 16:54

Wiz Acquires Gem Security, Pushes Security Tools Consolidation
Financial terms of the translation were not disclosed but reports out of Tel Aviv valued the deal in the range of $350 million. The post appeared first on .
12-04-2024 16:18

Sophos Study: 94% of Ransomware Victims Have Their Backups Targeted By Attackers
Research has found that criminals can demand higher ransom when they compromise an organisation’s backup data in a ransomware attack. Discover advice from security experts on how to properly protect your backup.
12-04-2024 15:44

RubyCarp: Insights Into the Longevity of a Romanian Cybercriminal Gang
Operational for at least ten years, RubyCarp has its own botnet, its own tools, and its own community of users that concentrate on cryptomining and credential phishing. The post appeared first on .
12-04-2024 15:15

In Other News: Moscow Sewage Hack, Women in Cybersecurity Report, Dam Security Concerns
Noteworthy stories that might have slipped under the radar: Moscow sewage system hacked, a new women in cybersecurity report, PasteHub domain seized by law enforcement.  The post appeared first on .
12-04-2024 13:48

US-China Competition to Field Military Drone Swarms Could Fuel Global Arms Race
Military planners envision a scenario in which hundreds, even thousands of AI-powered machines engage in coordinated battle. The post appeared first on .
12-04-2024 13:40

Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars
Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar.  The post appeared first on .
12-04-2024 11:24

House Will Try Again on Reauthorization of US Spy Program After Republican Upheaval
Speaker Mike Johnson is expected to bring forward a Plan B that would reform and extend Section 702 of the Foreign Intelligence Surveillance Act for a shortened period of two years. The post appeared first on .
12-04-2024 11:00

Palo Alto Networks Warns of Exploited Firewall Vulnerability
Palo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls. The post appeared first on .
12-04-2024 10:52

Threat Actors Manipulate GitHub Search to Deliver Malware
Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code. The post appeared first on .
12-04-2024 09:55

LastPass Employee Targeted With Deepfake Calls
LastPass this week revealed that one of its employees was targeted in a phishing attack involving deepfake technology. The post appeared first on .
12-04-2024 08:50

US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft
The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts "presents a grave and unacceptable risk to federal agencies." The post appeared first on .
11-04-2024 19:41

Zscaler to Acquire Network Segmentation Tech Startup Airgap Networks
Zscaler announces plans to acquire Airgap Networks, a venture-backed startup selling network segmentation and secure access technologies. The post appeared first on .
11-04-2024 16:38

Checklist: Securing Digital Information
Digital information is generally the lifeblood of any given organization, containing essential company data needed to run the business. Paperless offices have become the norm across industries and remote work depends on the ability to share electronic in
11-04-2024 16:00

Data Access Platform PVML Launches With $8 Million in Funding
Tel Aviv startup banks seed funding for technology to help organizations connect, secure, and provide access to multiple data sources. The post appeared first on .
11-04-2024 15:51

Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets
The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics tools. The post appeared first on .
11-04-2024 15:17

Simbian Emerges From Stealth With $10 Million to Build Autonomous AI-Based Security Platform
Simbian aims to build a fully autonomous security platform that lets humans make the strategic decisions while AI implements those decisions. The post appeared first on .
11-04-2024 14:29

Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks
SecurityWeek speaks to Tom Scholl, VP and distinguished engineer at AWS, on how the organization tackles IP Spoofing and DDoS attacks. The post appeared first on .
11-04-2024 13:53

Knostic Emerges From Stealth With Enterprise Gen-AI Access Controls
Startup Knostic emerges from stealth mode with $3.3 million in funding and a gen-AI access control product for enterprises. The post appeared first on .
11-04-2024 13:47

Why Intelligence Sharing Is Vital to Building a Robust Collective Cyber Defense Program
With automated, detailed, contextualized threat intelligence, organizations can better anticipate malicious activity and utilize intelligence to speed detection around proven attacks. The post appeared first on .
11-04-2024 13:19

US Cyber Force Assisted Foreign Governments 22 Times in 2023
USCYBERCOM’s Cyber National Mission Force participated in 22 foreign hunt forward operations in 2023. The post appeared first on .
11-04-2024 12:47

4 Best Open Source Password Managers for Teams in 2024
Find the best open-source password managers to keep your sensitive information secure and easily accessible. Explore top options for protecting your passwords.
11-04-2024 11:16

CISA Releases Malware Next-Gen Analysis System for Public Use
CISA's Malware Next-Gen system is now available for any organization to submit malware samples and other suspicious artifacts for analysis. The post appeared first on .
10-04-2024 19:40

Cybersecurity: Benefits and Best Practices
Cybercriminal activity is increasing. It is no longer a matter of if an attack will happen, but of when. From small companies to large corporations, public sectors, government and defense sectors, cybersecurity is the only barrier to protecting valuable
10-04-2024 16:00

AT&T Data Breach Update: 51 Million Customers Impacted
The recent AT&T data breach impacts 51 million customers, the company tells Maine's attorney general. The post appeared first on .
10-04-2024 14:29

Researchers Resurrect Spectre v2 Attack Against Intel CPUs
VUSec researchers resurrect Spectre v2 attack, showing that it works against the Linux kernel on the latest-generation Intel CPUs. The post appeared first on .
10-04-2024 13:57

Develop Advanced Cybersecurity Skills for Just $64
If you’re ready to start moving up to higher positions in the lucrative cybersecurity field, this e-learning bundle can help you pass certification exams. Use code ENJOY20 at checkout.
10-04-2024 12:30

Fortinet Patches Critical RCE Vulnerability in FortiClientLinux
Fortinet has released patches for a dozen vulnerabilities, including a critical-severity remote code execution flaw in FortiClientLinux. The post appeared first on .
10-04-2024 12:26

Thousands of LG TVs Possibly Exposed to Remote Hacking
Many LG TVs may be vulnerable to remote hacking due to a series of vulnerabilities found by Bitdefender researchers. The post appeared first on .
10-04-2024 11:52

Sprinto Raises $20 Million for Automated Risk and Compliance Platform
Risk and compliance solutions provider Sprinto has raised $20 million in a Series B funding round led by Accel. The post appeared first on .
10-04-2024 11:20

530k Impacted by Data Breach at Wisconsin Healthcare Organization
The personal information of 500,000 people was compromised in a data breach at Group Health Cooperative of South Central Wisconsin. The post appeared first on .
10-04-2024 11:06

6 Best Open Source Password Managers for Mac in 2024
Explore the top open-source password managers available for Mac users. Find the best one that suits your needs and secure your online accounts effectively.
10-04-2024 10:27

Microsoft Patches Two Zero-Days Exploited for Malware Delivery
Microsoft patches CVE-2024-29988 and CVE-2024-26234, two zero-day vulnerabilities exploited by threat actors to deliver malware. The post appeared first on .
10-04-2024 09:33

Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers
Patch Tuesday: Microsoft warns that unauthenticated hackers can take complete control of Azure Kubernetes clusters. The post appeared first on .
09-04-2024 18:10

Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products
Adobe calls attention to a pair of code execution bugs in Adobe Commerce and Magento Open Source, a product used to manage online stories. The post appeared first on .
09-04-2024 17:01

Cyber Insurance Policy
As the digital landscape becomes more interconnected, it brings with it the growing threat of cyberattacks. The purpose of this policy, written by Maria Carrisa Sanchez for TechRepublic Premium, is to outline the terms and conditions under which the comp
09-04-2024 16:00

Google Cloud Next 2024: New Data Center Chip and Chrome Enterprise Premium Join the Ecosystem
Some Google Cloud customers will be able to run instances on the Arm-based Axion chip later this year.
09-04-2024 15:35

Data Security Firm Cyera Raises $300 Million at $1.4 Billion Valuation
Data security company Cyera’s latest $300 million funding round brings the total raised by the firm to $460 million, at unicorn valuation. The post appeared first on .
09-04-2024 15:31

Asia-Focused Dark Web Threat Intelligence Startup StealthMole Raises $7 Million
Founded in 2022, Singapore-based StealthMole leverages AI to analyze data from the dark web, deep web, and other sources to provide risk assessment and threat monitoring capabilities. The post appeared first on .
09-04-2024 15:30

SAP’s April 2024 Updates Patch High-Severity Vulnerabilities
SAP has released 12 new and updated security notes on April 2024 Security Patch Day, including three notes dealing with high-severity vulnerabilities. The post appeared first on .
09-04-2024 13:33

ICS Patch Tuesday: Siemens Addresses Palo Alto Networks Product Vulnerabilities
Siemens and Schneider Electric release their ICS Patch Tuesday advisories for April 2024, informing customers about dozens of vulnerabilities. The post appeared first on .
09-04-2024 13:22

CVS Group Restoring Systems Impacted by Cyberattack
Veterinary services provider CVS Group is restoring systems after a cyberattack disrupted its UK operations. The post appeared first on .
09-04-2024 11:19

CISO Conversations: Nick McKenzie (Bugcrowd) and Chris Evans (HackerOne)
SecurityWeek discusses cybersecurity leadership with CISOs from crowdsourced hacking organizations Bugcrowd (Nick McKenzie) and HackerOne (Chris Evans) The post appeared first on .
09-04-2024 11:00

DOJ-Collected Information Exposed in Data Breach Affecting 340,000 
Economic analysis and litigation support firm GMA says personal and medical information was stolen in a May 2023 data breach. The post appeared first on .
09-04-2024 10:56

6 Best Open Source Password Managers for Windows in 2024
Discover the top open-source password managers for Windows. Learn about the features and benefits of each to determine which one is the best fit for your needs.
09-04-2024 10:29

Second Ransomware Group Extorting Change Healthcare
RansomHub is extorting Change Healthcare, threatening to release data stolen in a February 2024 BlackCat ransomware attack. The post appeared first on .
09-04-2024 10:18

StrikeReady Raises $12M to Build AI-Powered Security Command Center
The early-stage Silicon Valley startup working on technology to modernize cybersecurity command centers banked $12 million in new financing from 33N Ventures. The post appeared first on .
09-04-2024 10:00

Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices
Unpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild. The post appeared first on .
09-04-2024 08:58

TechRepublic Academy Is Offering Extra 20% Off Most Deals Through April 16
By using code ENJOY20 at checkout, you will unlock an additional 20% off most deals at TechRepublic Academy. This fantastic offer is available from April 8–16.
09-04-2024 08:42

XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor
Read about a supply chain attack that involves XZ Utils, a data compressor widely used in Linux systems, and learn how to protect from this threat.
08-04-2024 18:47

Australian IT Skills Shortage: 2024 Is The Year To Self-Upskill
Find out why IT pros in Australia need to take the initiative to self-upskill, and learn how this could lead to salary increases and promotions.
08-04-2024 18:00

Building a Cyber Threat Hunting Team: Methods, Strategies and Technologies
Cyber threat hunting combines strategies, advanced technologies and skilled analysts to methodically examine networks, endpoints and data repositories. Its objective is to uncover stealthy malicious activities, reduce dwell time for undetected threats an
08-04-2024 16:00

Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability
Researchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution. The post appeared first on .
08-04-2024 14:41

Healthcare IT Help Desk Employees Targeted in Payment-Hijacking Attacks
The US Department of Health warns of financially motivated social engineering attacks targeting healthcare organizations. The post appeared first on .
08-04-2024 13:29

Key Lawmakers Float New Rules for Personal Data Protection; Bill Would Make Privacy a Consumer Right
The American Privacy Rights Act would preempt most state privacy laws — though it wouldn’t impact certain states’ laws already on the books that protect financial, health or employee data. The post appeared first on .
08-04-2024 13:23

Confidential VMs Hacked via New Ahoi Attacks
New Ahoi attacks Heckler and WeSee target AMD SEV-SNP and Intel TDX with malicious interrupts to hack confidential VMs. The post appeared first on .
08-04-2024 13:16

Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits
Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days. The post appeared first on .
08-04-2024 11:30

Google Adds V8 Sandbox to Chrome
Google fights Chrome V8 engine memory safety bugs with a new sandbox and adds it to the bug bounty program. The post appeared first on .
08-04-2024 11:08

Learn how to Protect Your Business With this $28 Cybersecurity Training
This extensive bundle includes eight courses from leading instructors covering certification exams from CompTIA and Cisco to set you up for success. Use code ENJOY20 at checkout through April 16.
08-04-2024 11:00

NSA Appoints Dave Luber as Cybersecurity Director 
US National Security Agency appoints Dave Luber as its new cybersecurity director following the retirement of Rob Joyce. The post appeared first on .
08-04-2024 09:47

What Is a VPN Kill Switch and Why Do You Need One?
Dead and loving it? Discover the definition, the benefits, drawbacks, recommended vendors and more.
08-04-2024 09:40

source : hackernews, securityweek, techrepublicsecurity, welivesecurity


Ads