SecurityWeek
Security Flaw in WP-Members Plugin Leads to Script Injection
A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages.
The post Security Flaw in WP-Members Plugin Leads to Script Injection appeared first on SecurityWeek.
Hotel Self Check-In Kiosks Exposed Room Access Codes
Self check-in kiosks at Ibis Budget hotels were affected by a vulnerability that exposed keypad codes that could be used to enter rooms.
The post Hotel Self Check-In Kiosks Exposed Room Access Codes appeared first on SecurityWeek.
Cybersecurity M&A Roundup: 27 Deals Announced in March 2024
Twenty-seven cybersecurity-related merger and acquisition (M&A) deals were announced in March 2024.
The post Cybersecurity M&A Roundup: 27 Deals Announced in March 2024 appeared first on SecurityWeek.
Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed!
Heartbleed made most certificates vulnerable. The future problem is that quantum decryption will make all certificates and everything else using RSA encryption vulnerable to everyone.
The post Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! appeared first on SecurityWeek.
Prudential Financial Data Breach Impacts 36,000
Prudential Financial says the names, addresses, and ID numbers of over 36,000 were stolen in a February data breach.
The post Prudential Financial Data Breach Impacts 36,000 appeared first on SecurityWeek.
OWASP Data Breach Caused by Server Misconfiguration
The OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members.
The post OWASP Data Breach Caused by Server Misconfiguration appeared first on SecurityWeek.
Boat Dealer MarineMax Confirms Data Breach
MarineMax confirms suffering a data breach as a result of a recent ransomware attack, with the attackers claiming to have obtained 180,000 files.
The post Boat Dealer MarineMax Confirms Data Breach appeared first on SecurityWeek.
Google to Purge Billions of Files Containing Personal Data in Settlement of Chrome Privacy Case
Google agreed to purge billions of records containing personal information collected from more than 136 million people using its Chrome web browser as part of settlement in a lawsuit accusing it of illegal surveillance.
The post Google to Purge Billions of Files Containing Personal Data in Settlement of Chrome Privacy Case appeared first on SecurityWeek.
Veracode Buys Longbow Security for Automated Root Cause Analysis Tech
Veracode announces a deal to acquire Longbow Security, a Texas seed-stage startup working on automated root cause analysis technology.
The post Veracode Buys Longbow Security for Automated Root Cause Analysis Tech appeared first on SecurityWeek.
‘WallEscape’ Linux Vulnerability Leaks User Passwords
A vulnerability in util-linux, a core utilities package in Linux systems, allows attackers to leak user passwords and modify the clipboard.
The post ‘WallEscape’ Linux Vulnerability Leaks User Passwords appeared first on SecurityWeek.
‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities
NCC Group researchers warn that the Android banking malware ‘Vultur’ has been updated with device interaction and file tampering capabilities.
The post ‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities appeared first on SecurityWeek.
AI Hallucinated Packages Fool Unsuspecting Developers
Software developers relying on AI chatbots for building applications may end up using hallucinated software packages.
The post AI Hallucinated Packages Fool Unsuspecting Developers appeared first on SecurityWeek.
Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor
Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions.
The post Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor appeared first on SecurityWeek.
AT&T Says Data on 73 Million Customers Leaked on Dark Web
AT&T used the Easter holiday weekend to quietly share details on data that surfaced on the dark web roughly two weeks ago.
The post AT&T Says Data on 73 Million Customers Leaked on Dark Web appeared first on SecurityWeek.
SydeLabs Emerges From Stealth Mode With $2.5 Million in Funding
Generative-AI security startup SydeLabs emerges from stealth mode with $2.5 million in seed funding led by RTP Global.
The post SydeLabs Emerges From Stealth Mode With $2.5 Million in Funding appeared first on SecurityWeek.
In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing
Noteworthy stories that might have slipped under the radar: US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users.
The post In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing appeared first on SecurityWeek.
Pentagon Outlines Cybersecurity Strategy for Defense Industrial Base
US Defense Department releases defense industrial base cybersecurity strategy with a focus on four key goals.
The post Pentagon Outlines Cybersecurity Strategy for Defense Industrial Base appeared first on SecurityWeek.
The Complexity and Need to Manage Mental Well-Being in the Security Team
It is the CISO’s responsibility to build and maintain a high functioning team in a difficult environment – cybersecurity is a complex, continuous, and adversarial environment like none other outside of military conflict.
The post The Complexity and Need to Manage Mental Well-Being in the Security Team appeared first on SecurityWeek.
Energy Department Invests $15 Million in University Cybersecurity Centers
The US Department of Energy announces $15 million funding for university-based electric power cybersecurity centers.
The post Energy Department Invests $15 Million in University Cybersecurity Centers appeared first on SecurityWeek.
Massachusetts Health Insurer Data Breach Impacts 2.8 Million
Harvard Pilgrim Health Care says the personal information of over 2.8 million individuals was stolen in a year-old ransomware attack.
The post Massachusetts Health Insurer Data Breach Impacts 2.8 Million appeared first on SecurityWeek.