CISA has added two vulnerabilities in discontinued D-Link products to its KEV catalog, including a decade-old flaw.

The post CISA Warns of Exploited Vulnerabilities in EOL D-Link Products appeared first on SecurityWeek.

The Antidot Android banking trojan snoops on users and steals their credentials, contacts, and SMS messages.

The post New ‘Antidot’ Android Trojan Allows Cybercriminals to Hack Devices, Steal Data appeared first on SecurityWeek.

The Black Basta group abuses remote connection tool Quick Assist in vishing attacks leading to ransomware deployment.

The post Microsoft Quick Assist Tool Abused for Ransomware Delivery appeared first on SecurityWeek.

C/side has emerged from stealth mode with $1.7 million in pre-seed funding from Scribble Ventures and angel investors

The post C/side Emerges From Stealth Mode With $1.7 Million Investment appeared first on SecurityWeek.

Network infrastructure as-a-service Alkira has raised $100 million in a Series C funding round led by Tiger Global Management.

The post Alkira Raises $100 Million for Secure Network Infrastructure Platform appeared first on SecurityWeek.

Google is boosting fraud and malware protections in Android 15 with live threat detection and expanded restricted settings.

The post Android 15 Brings Improved Fraud and Malware Protections appeared first on SecurityWeek.

The City of Wichita says files containing personal information were exfiltrated in a recent ransomware attack.

The post Personal Information Stolen in City of Wichita Ransomware Attack appeared first on SecurityWeek.

Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.

The post Third Chrome Zero-Day Patched by Google Within One Week appeared first on SecurityWeek.

Russian-speaking threat actors are caught abusing a GitHub profile to distribute information stealers posing as legitimate software.

The post Threat Actors Abuse GitHub to Distribute Multiple Information Stealers appeared first on SecurityWeek.

The Ebury Linux botnet has ensnared over 400,000 Linux systems in 15 years, with roughly 100,000 still infected.

The post 400,000 Linux Servers Hit by Ebury Botnet  appeared first on SecurityWeek.

Singing River Health System says the personal information of roughly 900,000 individuals was stolen in an August 2023 ransomware attack.

The post 900k Impacted by Data Breach at Mississippi Healthcare Provider appeared first on SecurityWeek.

Apple and Google have rolled out a new mobile feature that warns users of unwanted trackers moving with them.

The post Unwanted Tracking Alerts Rolling Out to iOS, Android appeared first on SecurityWeek.

SAP has released 14 new and three updated security notes on its May 2024 Security Patch Day.

The post SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver appeared first on SecurityWeek.

Threat actors are using DNS tunneling to track victims’ interaction with spam and to scan network infrastructures.

The post Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks appeared first on SecurityWeek.

The City of Helsinki says usernames, email addresses, and personal information was stolen in a recent cyberattack.

The post Student, Personnel Information Stolen in City of Helsinki Cyberattack appeared first on SecurityWeek.

The FCC has issued a public notice on robocall scammer group ‘Royal Tiger’, the first designated threat actor.

The post FCC Warns of ‘Royal Tiger’ Robocall Scammers appeared first on SecurityWeek.

A critical vulnerability in the Cinterion cellular modems can be exploited for remote code execution via SMS messages.

The post Cinterion Modem Flaws Pose Risk to Millions of Devices in Industrial, Other Sectors appeared first on SecurityWeek.

The US government warns of Black Basta ransomware attacks targeting critical infrastructure organizations.

The post Black Basta Ransomware Hit Over 500 Organizations appeared first on SecurityWeek.

Financial Business and Consumer Solutions (FBCS) says the personal information of 2.7 million was impacted in the recent data breach.

The post FBCS Collection Agency Data Breach Impacts 2.7 Million appeared first on SecurityWeek.

A new VPN bypass technique allows threat actors to snoop on victims’ traffic by forcing it off the VPN tunnel using built-in features of DHCP.

The post New ‘TunnelVision’ Technique Leaks Traffic From Any VPN System appeared first on SecurityWeek.

Philadelphia-based real estate company Brandywine Realty Trust shuts down systems following a ransomware attack.

The post Brandywine Realty Trust Hit by Ransomware  appeared first on SecurityWeek.

Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component.

The post Android Update Patches Critical Vulnerability appeared first on SecurityWeek.

University System of Georgia says Social Security numbers and bank account numbers were compromised in the May 2023 MOVEit hack.

The post University System of Georgia Says 800,000 Impacted by MOVEit Hack appeared first on SecurityWeek.

Charges and sanctions announced against Dimitry Yuryevich Khoroshev, the alleged developer and operator of LockBit ransomware.

The post LockBit Ransomware Mastermind Unmasked, Charged appeared first on SecurityWeek.

Akamai has announced plans to acquire Noname Security to enhance its API protection offering.

The post Akamai to Acquire API Protection Startup Noname Security for $450 Million  appeared first on SecurityWeek.

LevelBlue, a new WillJam Ventures and AT&T joint venture, provides various managed cybersecurity services.

The post AT&T Launches New Managed Cybersecurity Services Business LevelBlue appeared first on SecurityWeek.

The US calls for international engagement towards building an open, inclusive, resilient, safe, and equitable digital space.

The post US Releases International Cyberspace Strategy appeared first on SecurityWeek.

Iranian state-sponsored group APT42 is targeting NGOs, government, and intergovernmental organizations with two new backdoors.

The post Iranian Cyberspies Hit Targets With New Backdoors appeared first on SecurityWeek.

Identity management startup Anetac has emerged from stealth mode with a $16 million investment led by Liberty Global.

The post Anetac Emerges From Stealth Mode With $16 Million in Funding appeared first on SecurityWeek.

The City of Wichita, Kansas, has shut down its network after falling victim to a file-encrypting ransomware attack.

The post City of Wichita Shuts Down Network Following Ransomware Attack appeared first on SecurityWeek.

Permira has agreed to acquire a majority of BioCatch shares, primarily from Bain Capital Tech Opportunities and Maverick Ventures.

The post Permira to Acquire Majority Stake in BioCatch at $1.3 Billion Valuation appeared first on SecurityWeek.

Israeli startup LayerX Security banks $25 million in new financing as investors continue to pour money into secure web browsing technologies.

The post LayerX Raises $26 Million for Browser Security Platform appeared first on SecurityWeek.

The US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks.

The post US Says North Korean Hackers Exploiting Weak DMARC Settings  appeared first on SecurityWeek.

A botnet dismantled in January and used by Russia-linked APT28 consisted of more than just Ubiquiti Edge OS routers.

The post Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals appeared first on SecurityWeek.

CISA and the FBI warn of threat actors abusing path traversal software vulnerabilities in attacks targeting critical infrastructure.

The post CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities appeared first on SecurityWeek.

Yaroslav Vasinskyi was sentenced to 13 years and seven months in prison for his alleged role in the REvil ransomware operation.

The post Ukrainian REvil Ransomware Affiliate Gets 13 Years in US Prison appeared first on SecurityWeek.

Cybersecurity startups Insane Cyber, Resonance Security, RunReveal and StepSecurity announce pre-seed, early-stage, and seed funding rounds.

The post Startup Dealflow: New Investments at Resonance, RunReveal, StepSecurity, Insane Cyber appeared first on SecurityWeek.

Network detection and response (NDR) provider Corelight has raised $150 million in a Series D funding round led by Accel.

The post Network Security Firm Corelight Raises $150 Million appeared first on SecurityWeek.

CISA says a critical GitLab password reset flaw is being exploited in attacks and roughly 1,400 servers have not been patched.

The post 1,400 GitLab Servers Impacted by Exploited Vulnerability appeared first on SecurityWeek.

New York startup Oasis Security banks $35 million in a Series A extension round led by Accel, Cyberstarts, and Sequoia Capital.

The post Oasis Security Raises $35 Million to Tackle Non-Human Identity Management appeared first on SecurityWeek.

Researchers can earn as much as $450,000 for a single vulnerability report as Google boosts its mobile vulnerability rewards program.

The post Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push appeared first on SecurityWeek.

Adobe is providing incentives for bug bounty hackers to report security flaws in its implementation of Content Credentials and Adobe Firefly.

The post Adobe Adds Content Credentials and Firefly to Bug Bounty Program appeared first on SecurityWeek.

AI-Native Trust, Risk, and Security Management (TRiSM) startup DeepKeep raises $10 million in seed funding.

The post DeepKeep Launches AI-Native Security Platform With $10 Million in Seed Funding appeared first on SecurityWeek.

The new Wpeeper Android trojan ceased operations after a week and has zero detections in VirusTotal.

The post Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server appeared first on SecurityWeek.

UnitedHealth Group’s CEO Andrew Witty shares details on the damaging cyberattack in testimony before a US Congress committee set for May 1, 2024.

The post UnitedHealth CEO Says Hackers Lurked in Network for Nine Days Before Ransomware Strike appeared first on SecurityWeek.

JFrog raises an alarm after finding three large-scale malware campaigns targeting Docker Hub with imageless repositories.

The post Docker Hub Users Targeted With Imageless, Malicious Repositories appeared first on SecurityWeek.

Three vulnerabilities in the Judge0 open source service could allow attackers to escape the sandbox and obtain root privileges on the host.

The post Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover appeared first on SecurityWeek.

Mainsail Partners leads a $15 million financing round for end-to-end cybersecurity compliance platform company Apptega.

The post Apptega Raises $15 Million for Cybersecurity Compliance Platform appeared first on SecurityWeek.

While China-linked Muddling Meerkat’s operations look like DNS DDoS attacks, it seems unlikely that denial of service is their goal, at least in the near term.

The post Chinese Hackers Have Been Probing DNS Networks Globally for Years: Report appeared first on SecurityWeek.