SecurityWeek

Cisco Duo warns that breach exposed phone numbers, phone carriers, metadata and other logs that could lead to downstream social engineering attacks.

The post Cisco Duo Says Hack at Telephony Supplier Exposed MFA SMS Logs appeared first on SecurityWeek.

NightVision, an early stage startup in the application security testing space, has raised $5.4 million in seed funding.

The post NightVision Raises $5.4 Million for Application Security Testing appeared first on SecurityWeek.

The Dark Angels (Dunghill) ransomware group claims to have stolen 1 Tb of data from Nexperia, which is investigating the incident.

The post Ransomware Group Claims Theft of Data From Chipmaker Nexperia  appeared first on SecurityWeek.

Juniper Networks patches dozens of vulnerabilities in Junos OS, Junos OS Evolved, and other products.

The post Juniper Networks Publishes Dozens of New Security Advisories appeared first on SecurityWeek.

ICS malware Fuxnet allegedly used by Ukrainian Blackjack group to disrupt industrial sensors and other systems belonging to a Moscow infrastructure firm.

The post Destructive ICS Malware ‘Fuxnet’ Used by Ukraine Against Russian Infrastructure appeared first on SecurityWeek.

Authorities in Australia and the US have arrested and charged two individuals for developing and selling the Hive RAT.

The post Two People Arrested in Australia and US for Development and Sale of Hive RAT appeared first on SecurityWeek.

Former security engineer Shakeeb Ahmed was sentenced to prison for hacking and defrauding cryptocurrency exchanges.

The post Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges appeared first on SecurityWeek.

Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus. 

The post Palo Alto Networks Releases Fixes for Firewall Zero-Day as Attribution Attempts Emerge appeared first on SecurityWeek.

The bill was approved on a bipartisan basis, 273-147, though it will still have to clear the Senate to become law.

The post House Passes Reauthorization of Key US Surveillance Program After Days of Upheaval Over Changes appeared first on SecurityWeek.

A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks.

The post State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls appeared first on SecurityWeek.

Financial terms of the translation were not disclosed but reports out of Tel Aviv valued the deal in the range of $350 million.

The post Wiz Acquires Gem Security, Pushes Security Tools Consolidation appeared first on SecurityWeek.

Operational for at least ten years, RubyCarp has its own botnet, its own tools, and its own community of users that concentrate on cryptomining and credential phishing.

The post RubyCarp: Insights Into the Longevity of a Romanian Cybercriminal Gang appeared first on SecurityWeek.

Noteworthy stories that might have slipped under the radar: Moscow sewage system hacked, a new women in cybersecurity report, PasteHub domain seized by law enforcement. 

The post In Other News: Moscow Sewage Hack, Women in Cybersecurity Report, Dam Security Concerns appeared first on SecurityWeek.

Military planners envision a scenario in which hundreds, even thousands of AI-powered machines engage in coordinated battle.

The post US-China Competition to Field Military Drone Swarms Could Fuel Global Arms Race appeared first on SecurityWeek.

Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar. 

The post Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars appeared first on SecurityWeek.

Speaker Mike Johnson is expected to bring forward a Plan B that would reform and extend Section 702 of the Foreign Intelligence Surveillance Act for a shortened period of two years.

The post House Will Try Again on Reauthorization of US Spy Program After Republican Upheaval appeared first on SecurityWeek.

Palo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls.

The post Palo Alto Networks Warns of Exploited Firewall Vulnerability appeared first on SecurityWeek.

Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code.

The post Threat Actors Manipulate GitHub Search to Deliver Malware appeared first on SecurityWeek.

A critical vulnerability in multiple programming languages allows attackers to inject commands in Windows applications.

The post ‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages appeared first on SecurityWeek.

LastPass this week revealed that one of its employees was targeted in a phishing attack involving deepfake technology.

The post LastPass Employee Targeted With Deepfake Calls appeared first on SecurityWeek.