SecurityWeek

A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages.

The post Security Flaw in WP-Members Plugin Leads to Script Injection appeared first on SecurityWeek.

Self check-in kiosks at Ibis Budget hotels were affected by a vulnerability that exposed keypad codes that could be used to enter rooms. 

The post Hotel Self Check-In Kiosks Exposed Room Access Codes appeared first on SecurityWeek.

Twenty-seven cybersecurity-related merger and acquisition (M&A) deals were announced in March 2024.

The post Cybersecurity M&A Roundup: 27 Deals Announced in March 2024 appeared first on SecurityWeek.

Heartbleed made most certificates vulnerable. The future problem is that quantum decryption will make all certificates and everything else using RSA encryption vulnerable to everyone.

The post Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! appeared first on SecurityWeek.

Prudential Financial says the names, addresses, and ID numbers of over 36,000 were stolen in a February data breach.

The post Prudential Financial Data Breach Impacts 36,000 appeared first on SecurityWeek.

The OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members.

The post OWASP Data Breach Caused by Server Misconfiguration appeared first on SecurityWeek.

MarineMax confirms suffering a data breach as a result of a recent ransomware attack, with the attackers claiming to have obtained 180,000 files. 

The post Boat Dealer MarineMax Confirms Data Breach  appeared first on SecurityWeek.

Google agreed to purge billions of records containing personal information collected from more than 136 million people using its Chrome web browser as part of settlement in a lawsuit accusing it of illegal surveillance.

The post Google to Purge Billions of Files Containing Personal Data in Settlement of Chrome Privacy Case appeared first on SecurityWeek.

Veracode announces a deal to acquire Longbow Security, a Texas seed-stage startup working on automated root cause analysis technology.

The post Veracode Buys Longbow Security for Automated Root Cause Analysis Tech appeared first on SecurityWeek.

A vulnerability in util-linux, a core utilities package in Linux systems, allows attackers to leak user passwords and modify the clipboard.

The post ‘WallEscape’ Linux Vulnerability Leaks User Passwords appeared first on SecurityWeek.

NCC Group researchers warn that the Android banking malware ‘Vultur’ has been updated with device interaction and file tampering capabilities.

The post ‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities appeared first on SecurityWeek.

Software developers relying on AI chatbots for building applications may end up using hallucinated software packages.

The post AI Hallucinated Packages Fool Unsuspecting Developers appeared first on SecurityWeek.

Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions.

The post Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor appeared first on SecurityWeek.

AT&T used the Easter holiday weekend to quietly share details on data that surfaced on the dark web roughly two weeks ago.

The post AT&T Says Data on 73 Million Customers Leaked on Dark Web appeared first on SecurityWeek.

Generative-AI security startup SydeLabs emerges from stealth mode with $2.5 million in seed funding led by RTP Global.

The post SydeLabs Emerges From Stealth Mode With $2.5 Million in Funding appeared first on SecurityWeek.

Noteworthy stories that might have slipped under the radar: US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users.

The post In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing appeared first on SecurityWeek.

US Defense Department releases defense industrial base cybersecurity strategy with a focus on four key goals.

The post Pentagon Outlines Cybersecurity Strategy for Defense Industrial Base  appeared first on SecurityWeek.

It is the CISO’s responsibility to build and maintain a high functioning team in a difficult environment – cybersecurity is a complex, continuous, and adversarial environment like none other outside of military conflict.

The post The Complexity and Need to Manage Mental Well-Being in the Security Team appeared first on SecurityWeek.

The US Department of Energy announces $15 million funding for university-based electric power cybersecurity centers.

The post Energy Department Invests $15 Million in University Cybersecurity Centers  appeared first on SecurityWeek.

Harvard Pilgrim Health Care says the personal information of over 2.8 million individuals was stolen in a year-old ransomware attack.

The post Massachusetts Health Insurer Data Breach Impacts 2.8 Million appeared first on SecurityWeek.