SecurityWeek

Potential RCE Flaw Patched in PyPI’s GitHub Repository

Security Week - 4 hours 24 min ago

A vulnerability in the GitHub Actions workflow for PyPI’s source repository could be exploited to perform a malicious pull request and eventually execute arbitrary code on pypi.org, according to a warning from a Japanese security researcher.

read more

Categories: SecurityWeek

OT Security Firm Nozomi Networks Raises $100 Million

Security Week - 5 hours 15 min ago

Nozomi Networks, a provider of operational technology (OT) and internet of things (IoT) cybersecurity solutions, said Monday that it has raised $100 million in Series D pre-IPO-funding round.

read more

Categories: SecurityWeek

Chipotle's Email Marketing Account Hacked to Spread Malware

Security Week - 5 hours 57 min ago

Nobelium-style Phishing Tactics Used to Spread Malware

read more

Categories: SecurityWeek

Cybersecurity M&A Roundup: 38 Deals Announced in July 2021

Security Week - 6 hours 26 min ago

Nearly 40 cybersecurity-related mergers and acquisitions were announced in July 2021.

read more

Categories: SecurityWeek

Cisco, Sonatype and Others Join Open Source Security Foundation

Security Week - 8 hours 10 min ago

The Open Source Security Foundation (OpenSSF), the cross-industry forum focused on improving open source software security, has expanded its member list with the addition of names such as Accurics, Anchore, Bloomberg Finance, Cisco Systems, Codethink, Cybertrust Japan, OpenUK, ShiftLeft, Sonatype and Tidelift.

read more

Categories: SecurityWeek

Amazon Fined 746 Mn Euros in Luxembourg Over Data Privacy

Security Week - 8 hours 32 min ago

Amazon was fined 746 million euros ($880 million) by Luxembourg authorities over allegations it flouted the EU's data protection rules, the online retail giant said Friday.

read more

Categories: SecurityWeek

NSA Shares Guidance for Government Employees on Securing Wireless Devices in Public

Security Week - 9 hours 47 min ago

The National Security Agency (NSA) has published a new document to provide a series of recommendations on how governmental agencies in the United States can mitigate the cybersecurity risks associated with the use of wireless devices in public settings.

read more

Categories: SecurityWeek

Flaws in Pneumatic Tube System Can Facilitate Cyberattacks on North American Hospitals

Security Week - 10 hours 19 min ago

Several serious vulnerabilities discovered in a widely used pneumatic tube system made by Swisslog Healthcare can be highly useful for ransomware attacks aimed at hospitals, according to enterprise IoT security firm Armis.

read more

Categories: SecurityWeek

Zoom to Settle US Privacy Lawsuit for $85 Mn

Security Week - 11 hours 16 min ago

Zoom, the videoconferencing firm, has agreed to settle a class-action US privacy lawsuit for $85 million, it said Sunday.

The suit charged that Zoom's sharing of users' personal data with Facebook, Google and LinkedIn was a breach of privacy for millions.

read more

Categories: SecurityWeek

Justice Department Says Russians Hacked Federal Prosecutors

Security Week - Sun, 08/01/2021 - 10:21am

The Russian hackers behind the massive SolarWinds cyberespionage campaign broke into the email accounts of some of the most prominent federal prosecutors’ offices around the country last year, the Justice Department said.

read more

Categories: SecurityWeek

Android Banking Trojan 'Vultur' Abusing Accessibility Services

Security Week - Fri, 07/30/2021 - 11:29am

A newly discovered Android banking Trojan relies on screen recording and keylogging instead of HTML overlays for the capturing of login credentials, according to security researchers at ThreatFabric.

read more

Categories: SecurityWeek

Russia's APT29 Still Actively Delivering Malware Used in COVID-19 Vaccine Spying

Security Week - Fri, 07/30/2021 - 11:25am

The Russian cyberespionage group known as APT29 and Cozy Bear is still actively delivering a piece of malware named WellMess, despite the fact that the malware was exposed and detailed last year by Western governments.

read more

Categories: SecurityWeek

New Chinese Threat Group 'GhostEmperor' Targets Governments, Telecom Firms

Security Week - Fri, 07/30/2021 - 10:07am

A previously undocumented Chinese-speaking threat actor is targeting Microsoft Exchange vulnerabilities in an attempt to compromise high-profile victims, Kaspersky reveals.

Tracked as GhostEmperor, the long-running operation focuses on targets in Southeast Asia and uses a formerly unknown Windows kernel-mode rootkit.

read more

Categories: SecurityWeek

Window of Exposure is Expanding and Hackers Know Exactly Where to Strike

Security Week - Fri, 07/30/2021 - 9:57am

For the last 15 years, researchers have produced an annual State of Application Security report. But in the last 18 pandemic driven months, they told SecurityWeek, “the world has turned on its head.” Both application development and use, and subsequent software compromises have grown dramatically.

read more

Categories: SecurityWeek

Remote Code Execution Flaws Patched in WordPress Download Manager Plugin

Security Week - Fri, 07/30/2021 - 8:40am

A vulnerability patched recently in the WordPress Download Manager plugin could be abused to execute arbitrary code under specific configurations, the Wordfence team at WordPress security company Defiant warns.

read more

Categories: SecurityWeek

Microsoft Shares More Information on Protecting Systems Against PetitPotam Attacks

Security Week - Fri, 07/30/2021 - 7:57am

Microsoft has shared more information on how organizations can protect Windows domain controllers and other Windows servers against potential PetitPotam attacks.

read more

Categories: SecurityWeek

21-Year-Old Woman Pleads Guilty to Sending Phishing Emails to Political Candidates

Security Week - Fri, 07/30/2021 - 7:07am

A 21-year-old Rhode Island woman has pleaded guilty to targeting candidates for political office and their campaign staff with phishing emails.

The woman, Diana Lebeau, of Cranston, R.I., admitted in court to sending phishing emails to roughly 22 members of the campaign staff of a political candidate, posing as the campaign’s managers or co-chairs.

read more

Categories: SecurityWeek

S.Africa's Port Terminals Restored Following Cyber-Attack

Security Week - Fri, 07/30/2021 - 6:42am

Operating systems have been restored at South Africa's state-owned logistics firm, the company said Thursday following a cyber-attack last week that hit the country's key port terminals.

read more

Categories: SecurityWeek

Belarusian Nationals Arrested for Hacking ATMs Across Europe

Security Week - Fri, 07/30/2021 - 5:20am

Two Belarusian nationals were arrested earlier this month in Poland on the suspicion they engaged in multiple ATM jackpotting attacks.

The two are believed to have committed dozens of ATM jackpotting attacks (also known as Black Box attacks) in several European countries, stealing an estimated €230,000 (approximately $273,000) in cash.

read more

Categories: SecurityWeek

Researchers Publish Details on Recent Critical Hyper-V Vulnerability

Security Week - Thu, 07/29/2021 - 1:02pm

Security researchers at Guardicore Labs are sharing details of a critical vulnerability in Hyper-V that Microsoft patched in May 2021.

read more

Categories: SecurityWeek

Pages