Sagar Steven Singh and Nicholas Ceraolo pleaded guilty to hacking a database maintained by a US federal law enforcement agency.

The post Two Men Plead Guilty to Hacking Law Enforcement Database for Doxing appeared first on SecurityWeek.

The BadSpace backdoor is being distributed via drive-by attacks involving infected websites and JavaScript downloaders.

The post New BadSpace Backdoor Deployed in Drive-By Attacks appeared first on SecurityWeek.

Entro’s platform is designed to bring order to the increasingly chaotic management of non-human identities.

The post Non-human Identity Lifecycle Firm Entro Security Raises $18 Million appeared first on SecurityWeek.

Researchers have targeted the MTE security feature in Arm CPUs and showed how attackers could bypass protections.

The post New TikTag Attack Targets Arm CPU Security Feature  appeared first on SecurityWeek.

China-linked threat actor Velvet Ant leveraged a legacy F5 BIG-IP appliance for three-year access to a victim’s network.

The post Chinese Hackers Leveraged Legacy F5 BIG-IP Appliance for Persistence appeared first on SecurityWeek.

Serious vulnerabilities that can allow remote code execution and privilege escalation have been patched in VMware vCenter Server.

The post Critical Code Execution Vulnerabilities Patched in VMware vCenter Server appeared first on SecurityWeek.

Blackbaud was ordered to pay $6.75 million to the California Attorney General’s Office over the 2020 data breach.

The post Blackbaud Settles With California for $6.75 Million Over 2020 Data Breach appeared first on SecurityWeek.

SecurityWeek’s AI Risk Summit + CISO Forum bring together business and government stakeholders to provide meaningful guidance on risk management and cybersecurity in the age of artificial intelligence.

The post Tech Leaders to Gather for AI Risk Summit at the Ritz-Carlton, Half Moon Bay June 25-26, 2024 appeared first on SecurityWeek.

The US cybersecurity agency CISA has conducted a tabletop exercise with the private sector focused on AI cyber incident response.

The post CISA Conducts First AI Cyber Incident Response Exercise appeared first on SecurityWeek.

Keytronic confirms that personal information was compromised after a ransomware group leaked allegedly stolen data.

The post Keytronic Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.

US insurance company Globe Life is investigating a data breach involving unauthorized access to consumer and policyholder information. 

The post Insurance Company Globe Life Investigating Data Breach appeared first on SecurityWeek.

Aim Security has raised a total of $28 million to date and is on a mission to help companies to implement AI products with confidence.

The post Aim Security Raises $18M to Secure Customers’ Implementation of AI Apps appeared first on SecurityWeek.

The LA County’s Department of Public Health says the personal information of 200,000 was compromised in a data breach.

The post 200,000 Impacted by Data Breach at Los Angeles County Public Health Agency appeared first on SecurityWeek.

A British man has been arrested in Spain for allegedly being the ringleader of the notorious Scattered Spider cybercrime group.

The post UK Man Suspected of Being ‘Scattered Spider’ Leader Arrested appeared first on SecurityWeek.

Nigerian national Ebuka Raphael Umeti was convicted in the US for operating a business email compromise (BEC) scheme.

The post Nigerian Faces Prison in US After BEC Fraud Conviction appeared first on SecurityWeek.

Republican Gov. Phil Scott said the legislation would have made Vermont “a national outlier and more hostile than any other state to many businesses and non-profits.”

The post Vermont Governor Vetoes Data Privacy Bill, Saying State Would be Most Hostile to Businesses appeared first on SecurityWeek.

Security researchers at Cisco Talos and Volexity flag two Pakistani espionage campaigns targeting Indian government entities.

The post Pakistani Threat Actors Caught Targeting Indian Gov Entities appeared first on SecurityWeek.

Retired U.S. Army General Paul M. Nakasone brings cybersecurity experience to OpenAI's Board of Directors and Safety and Security Committee.

The post OpenAI Appoints Former NSA Director Paul Nakasone to Board of Directors appeared first on SecurityWeek.

The increase in mass exploitation involving edge services and devices is likely to worsen.

The post Edge Devices: The New Frontier for Mass Exploitation Attacks appeared first on SecurityWeek.

Ascension says patient information was stolen in an early-May ransomware attack that involved an employee downloading malware.

The post Ascension Says Personal, Health Information Stolen in Ransomware Attack appeared first on SecurityWeek.

Noteworthy stories that might have slipped under the radar: Overview of the ICS malware Fuxnet, Google accused of tracking users, scammers impersonate CISA staff.

The post In Other News: Fuxnet ICS Malware, Google User Tracking, CISA Employee Scams  appeared first on SecurityWeek.

Rockwell Automation has patched three high-severity vulnerabilities in its FactoryTalk View SE HMI software.

The post Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE appeared first on SecurityWeek.

CISA urges federal agencies to apply mitigations for an exploited Progress Telerik vulnerability as soon as possible.

The post CISA Warns of Progress Telerik Vulnerability Exploitation appeared first on SecurityWeek.

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

The post Microsoft Delaying Recall Feature to Improve Security appeared first on SecurityWeek.

YesWeHack has raised more than $52 million to date to build and market a crowdsourced vulnerability reporting platform.

The post French Bug Bounty Platform YesWeHack Raises $28 Million appeared first on SecurityWeek.

Pyte has raised $5 million for its secure computation platform, bringing the total investment in the company to $12 million. 

The post Pyte Raises $5 Million for Secure Data Collaboration Solutions appeared first on SecurityWeek.

Protect AI warns of a dozen critical vulnerabilities in open source AI/ML tools reported via its bug bounty program.

The post Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools appeared first on SecurityWeek.

SecurityWeek host its AI Risk Summit + CISO Forum Summer Summit on June 25-26, 2024, at the Ritz-Carlton, Half Moon Bay.

The post Event Preview: AI Risk Summit + CISO Forum at the Ritz-Carlton, Half Moon Bay | June 25-26, 2024 appeared first on SecurityWeek.

AWS announced passkey MFA for IAM and root users, IAM Access Analyzer updates, and Amazon GuardDuty Malware Protection for S3.

The post AWS Announces Authentication and Malware Protection Enhancements appeared first on SecurityWeek.

Without tuning your approach to fit your sector, amongst other variables, you’ll be faced with an unmanageable amount of noise.

The post Know Your Adversary: Why Tuning Intelligence-Gathering to Your Sector Pays Dividends appeared first on SecurityWeek.

Life360 says hackers attempted to extort it after stealing personal information from a Tile customer support platform.

The post Life360 Says Personal Information Stolen From Tile Customer Support Platform appeared first on SecurityWeek.

Analysis and insights on the prevalence and impact of password exposure vulnerabilities in ICS and other OT products.

The post Prevalence and Impact of Password Exposure Vulnerabilities in ICS/OT  appeared first on SecurityWeek.

The City of Cleveland says emergency services, utilities, and airport are unaffected by a recent cyberattack.

The post City of Cleveland Scrambling to Restore Systems Following Cyberattack appeared first on SecurityWeek.

The zero-day is tagged as CVE-2024-32896 and described as an elevation of privilege issue in Pixel Firmware.

The post Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation appeared first on SecurityWeek.

Microsoft’s June 2024 Patch Tuesday updates resolve a zero-click Outlook vulnerability leading to remote code execution.

The post Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited appeared first on SecurityWeek.

The Black Basta ransomware gang may have exploited the Windows privilege escalation flaw CVE-2024-26169 before it was patched.

The post Ransomware Group May Have Exploited Windows Vulnerability as Zero-Day appeared first on SecurityWeek.

Fortinet has patched multiple vulnerabilities in FortiOS, including a high-severity code execution security flaw.

The post Fortinet Patches Code Execution Vulnerability in FortiOS appeared first on SecurityWeek.

Data security company Cyberhaven has raised $88 million in a Series C funding round that brings the total to $136 million.

The post Data Security Firm Cyberhaven Raises $88 Million at $488 Million Valuation appeared first on SecurityWeek.

AI models are nothing without vast data sets to train them and vendors will be increasingly tempted to harvest as much data as they can and answer any questions later.

The post When Vendors Overstep – Identifying the AI You Don’t Need appeared first on SecurityWeek.

The code hosting platform GitHub has paid out more than $4 million since the launch of its bug bounty program 10 years ago.

The post GitHub Paid Out Over $4 Million via Bug Bounty Program appeared first on SecurityWeek.

Google and Mozilla have released patches for 21 and 15 vulnerabilities in Chrome and Firefox, respectively.

The post Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.

The TellYouThePass ransomware gang started exploiting a recent code execution flaw in PHP days after public disclosure.

The post Ransomware Group Exploits PHP Vulnerability Days After Disclosure appeared first on SecurityWeek.

Several ICS vendors released advisories on Tuesday to inform customers about vulnerabilities found in their industrial and OT products. 

The post ICS Patch Tuesday: Advisories Published by Siemens, Schneider Electric, Aveva, CISA appeared first on SecurityWeek.

The Windows vulnerability carries a CVSS severity score of 9.8/10 and can be exploited by via specially crafted malicious MSMQ packets.

The post Patch Tuesday: Remote Code Execution Flaw in Microsoft Message Queuing appeared first on SecurityWeek.

Patch Tuesday: Adobe fixes critical flaws and warns of the risk of code execution attacks on Windows and macOS platforms.

The post Adobe Plugs Code Execution Holes in After Effects, Illustrator appeared first on SecurityWeek.

UK authorities have arrested two individuals for allegedly using a homemade mobile antenna to send mass text messages.

The post Two Arrested in UK for Smishing Campaign Powered by Homemade SMS Blaster  appeared first on SecurityWeek.

Apple has released a visionOS update that patches CVE-2024-27812, which may be the first flaw specific to the VR headset.

The post Apple Patches Vision Pro Vulnerability Used in Possibly ‘First Ever Spatial Computing Hack’ appeared first on SecurityWeek.

Redfox Security warns of multiple vulnerabilities in Netgear WNR614 routers discontinued three years ago.

The post Multiple Vulnerabilities Plague Discontinued Netgear WNR614 Routers appeared first on SecurityWeek.

BlackBerry says the Cylance data offered for sale for $750,000 is old and its own systems have not been compromised. 

The post BlackBerry Cylance Data Offered for Sale on Dark Web appeared first on SecurityWeek.