SecurityWeek

Google Broke Australian Law Over Location Data Collection: Court

Security Week - 1 hour 56 min ago

Google violated Australian law by misleading users of Android mobile devices about the use of their location data, a court ruled Friday in a landmark decision against the global digital giant.

read more

Categories: SecurityWeek

Codecov Bash Uploader Dev Tool Compromised in Supply Chain Hack

Security Week - Thu, 04/15/2021 - 10:47pm

Security response professionals are scrambling to measure the fallout from a software supply chain compromise of Codecov Bash Uploader that went undetected since January and exposed sensitive secrets like tokens, keys and credentials from organizations around the world.

read more

Categories: SecurityWeek

Cloud Forensics Firm Cado Security Raises $10 Million in Series A Funding

Security Week - Thu, 04/15/2021 - 10:01pm

Cado Security, provider of a cloud-native digital forensics platform, has secured $10 million in Series A funding, which brings the total amount raised by the company to date to $11.5 million.

read more

Categories: SecurityWeek

Domain Name Security Neglected by U.S. Energy Companies: Report

Security Week - Thu, 04/15/2021 - 1:57pm

A majority of the largest energy companies in the United States appear to have neglected the security of their domain names, according to CSC, a firm that specializes in securing online assets.

read more

Categories: SecurityWeek

IBM: 44 Organizations Targeted in Attacks Aimed at COVID-19 Vaccine Cold Chain

Security Week - Thu, 04/15/2021 - 1:29pm

More than 40 organizations have been targeted in a global campaign focused on the COVID-19 vaccine cold chain infrastructure, which handles the distribution of vaccines and their storage at the required temperatures.

read more

Categories: SecurityWeek

Reddit Launches Public Bug Bounty Program

Security Week - Thu, 04/15/2021 - 10:30am

Reddit this week announced the launch of a public bug bounty program on the vulnerability hunting platform HackerOne.

Following a three-year private bug bounty program on HackerOne, which has resulted in over $140,000 being awarded in bug bounties for 300 vulnerability reports focusing on reddit.com, the program is going public with an expanded scope.

read more

Categories: SecurityWeek

NSA: Russian Hackers Exploiting VPN Vulnerabilities - Patch Immediately

Security Week - Thu, 04/15/2021 - 10:15am

The U.S. government on Thursday warned that Russian APT operators are exploiting five known -- and already patched -- vulnerabilities in corporate VPN infrastructure products, insisting it is “critically important” to mitigate these issues immediately.

read more

Categories: SecurityWeek

US Expels Russian Diplomats, Imposes New Round of Sanctions

Security Week - Thu, 04/15/2021 - 8:56am

The Biden administration on Thursday announced the expulsion of 10 Russian diplomats and sanctions against nearly three dozen people and companies as it moved to hold the Kremlin accountable for interference in last year’s presidential election and the hacking of federal agencies.

read more

Categories: SecurityWeek

Exploit for Second Unpatched Chromium Flaw Made Public Just After First Is Patched

Security Week - Thu, 04/15/2021 - 8:05am

A researcher has made public an exploit and details for an unpatched vulnerability affecting Chrome, Edge and other web browsers that are based on the open source Chromium project. This is the second Chromium proof-of-concept (PoC) exploit released this week.

read more

Categories: SecurityWeek

Months After Hack, US Poised to Announce Sanctions on Russia

Security Week - Thu, 04/15/2021 - 6:09am

The Biden administration is preparing to announce sanctions in response to a massive Russian hacking campaign that breached vital federal agencies, as well as for election interference, a senior administration official said.

read more

Categories: SecurityWeek

NVIDIA Unveils 'Morpheus' Cybersecurity Framework

Security Week - Thu, 04/15/2021 - 4:35am

NVIDIA this week unveiled Morpheus, a cloud-native application framework designed to help cybersecurity providers analyze more data without sacrificing performance.

read more

Categories: SecurityWeek

Irish Watchdog Opens Another Facebook Probe, Over Data Dump

Security Week - Wed, 04/14/2021 - 10:15pm

Ireland’s privacy regulator said Wednesday it has opened an investigation into Facebook after data on more than 500 million users was reportedly found dumped online, in a suspected violation of strict European Union privacy rules.

read more

Categories: SecurityWeek

Capcom Says Older VPN Device at Heart of Ransomware Attack

Security Week - Wed, 04/14/2021 - 10:09am

Japanese video game giant Capcom revealed on Tuesday that, as part of the November 2020 ransomware attack, adversaries targeted an older backup VPN device for initial access.

read more

Categories: SecurityWeek

Cybersecurity VC Funding Hit Record in 2020 With $7.8 Billion Invested

Security Week - Wed, 04/14/2021 - 9:16am

Despite the coronavirus pandemic, 2020 was a record year in terms of venture capital funding for cybersecurity companies, with more than $7.8 billion invested, according to a new report from business information platform Crunchbase.

read more

Categories: SecurityWeek

Another Critical Vulnerability Patched in SAP Commerce

Security Week - Wed, 04/14/2021 - 7:50am

On Tuesday, as part of its April 2021 Security Patch Day, SAP announced the release of 14 new security notes and 5 updates to previously released notes. The only new Hot News note released with this round of patches addresses a critical vulnerability in SAP Commerce.

read more

Categories: SecurityWeek

Siemens Releases Several Advisories for 'NAME:WRECK' Vulnerabilities

Security Week - Wed, 04/14/2021 - 6:28am

Siemens released a total of 14 new advisories on Tuesday, including five describing the impact and remediations for the NAME:WRECK vulnerabilities disclosed on the same day.

read more

Categories: SecurityWeek

FBI Agents Secretly Deleted Web Shells From Hacked Microsoft Exchange Servers

Security Week - Wed, 04/14/2021 - 12:03am

FBI agents executed a court-authorized cyber operation to delete malicious web shells from hundreds of previously hacked Microsoft Exchange servers in the United States, unbeknownst to their owners, the U.S. Department of Justice (DoJ) said Tuesday.

read more

Categories: SecurityWeek

At Least 100 Million Devices Affected by "NAME:WRECK" DNS Flaws in TCP/IP Stacks

Security Week - Tue, 04/13/2021 - 11:40pm

Popular TCP/IP stacks are affected by a series of Domain Name System (DNS) vulnerabilities that could be exploited to take control of impacted devices, researchers with IoT security firm Forescout reveal.

read more

Categories: SecurityWeek

Google Patches More Under-Attack Chome Zero-days

Security Week - Tue, 04/13/2021 - 6:46pm

Google’s problems with in-the-wild Chrome browser zero-days appear to be multiplying by the month.

read more

Categories: SecurityWeek

Swedish Sports Body Hacked by Russians, Officials Say

Security Week - Tue, 04/13/2021 - 3:34pm

The organization that oversees Sweden’s national sports federations was hacked by Russian military intelligence in 2017-18, officials said Tuesday, in a data-breaching campaign that also affected some of the world’s leading sporting bodies, including FIFA and the World Anti-Doping Agency.

read more

Categories: SecurityWeek

Pages