Security Week

Cisco warns that nation state-backed hackers are exploiting at least two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and energy sector networks.

The post Cisco Raises Alarm for ‘ArcaneDoor’ Zero-Days Hitting ASA Firewall Platforms appeared first on SecurityWeek.

KnowBe4 boasts that the merger will create “the largest, advanced AI-driven cybersecurity platform for managing human risk.”

The post KnowBe4 Plans to Acquire Egress for Email Security Tech appeared first on SecurityWeek.

As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk.

The post Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon appeared first on SecurityWeek.

A North Korea-linked threat actor hijacked the update mechanism of eScan antivirus to deploy backdoors and cryptocurrency miners.

The post North Korean Hackers Hijack Antivirus Updates for Malware Delivery appeared first on SecurityWeek.

Irish startup Tines raises $50 million in new venture capital funding as investors make big bets on automation and orchestration startups.

The post Tines Bags $50 Million Funding for Security Workflow Automation appeared first on SecurityWeek.

Google patches CVE-2024-4058, a critical Chrome vulnerability for which researchers earned a $16,000 reward. 

The post Google Patches Critical Chrome Vulnerability appeared first on SecurityWeek.

Amplifier Security has raised $3.3 million in funding for a solution that includes human-in-the-loop automation and an AI copilot.

The post Amplifier Security Emerges From Stealth With AI Copilot, Human-in-the-Loop Automation appeared first on SecurityWeek.

Nagomi Security, a company that helps customers prevent threats by leveraging existing security tools, emerged from stealth with $30 million in funding. 

The post Nagomi Security Emerges From Stealth With $30 Million in Funding appeared first on SecurityWeek.

CISA warns organizations of a two-year-old Windows Print Spooler vulnerability being exploited in the wild.

The post CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation appeared first on SecurityWeek.

A threat actor tracked as CoralRaider has been using multiple infostealers to harvest credentials from users worldwide.

The post Threat Actor Uses Multiple Infostealers in Global Campaign appeared first on SecurityWeek.

SD-WAN must be scalable, stable, secure, and fully operational to serve as a strong base for seamless modernization and progression to SASE. 

The post SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking appeared first on SecurityWeek.

Hive Systems conducts another study on cracking passwords via brute-force attacks, but it’s no longer targeting MD5.

The post New Password Cracking Analysis Targets Bcrypt appeared first on SecurityWeek.

Bain Capital Ventures and angel investors invest $11 million in automated alerts analysis startup Prophet Security.

The post Prophet Security Emerges From Stealth Mode With $11 Million in Funding appeared first on SecurityWeek.

Four Iranians are accused of hacking into critical systems at the Departments of Treasury and State and dozens of private US companies.

The post $10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense Contractors appeared first on SecurityWeek.

The judge with Spain’s National Court said there is reason to believe that the new information provided by France can “allow the investigations to advance.”

The post Spain Reopens a Probe Into a Pegasus Spyware Case After a French Request to Work Together appeared first on SecurityWeek.

Mandiant's M-Trends 2024 report shows that defenses are improving – and that may be true. But the reality remains that these same statistics demonstrate that if anything, the attackers still retain the upper hand.

The post The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success appeared first on SecurityWeek.

Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations.

The post Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations  appeared first on SecurityWeek.

UnitedHealth confirms that personal and health information was stolen in a ransomware attack that could cost the company up to $1.6 billion.

The post UnitedHealth Says Patient Data Exposed in Change Healthcare Cyberattack appeared first on SecurityWeek.

Palo Alto Networks firewall vulnerability CVE-2024-3400, exploited as a zero-day, impacts a Siemens industrial product.

The post Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability appeared first on SecurityWeek.

The LockBit ransomware gang leaks data allegedly stolen from government contractor Tyler Technologies.

The post Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor appeared first on SecurityWeek.