SecurityWeek
Siemplify Raises $30 Million in Series C Funding
Siemplify, a New York, NY-based provider of security orchestration, automation and response (SOAR) tools, today announced that it has secured $30 million in a Series C funding round led by Georgian Partners.
Linux Kernel Privilege Escalation Vulnerability Found in RDS Over TCP
A memory corruption vulnerability recently found in Linux Kernel’s implementation of RDS over TCP could lead to privilege escalation.
Tracked as CVE-2019-11815 and featuring a CVSS base score of 8.1, the flaw impacts Linux kernels prior to 5.0.8, but only systems that use the Reliable Datagram Sockets (RDS) for the TCP module.
Faulty Database Script Exposed Salesforce Data to Wrong Users
Salesforce Shuts Down Instances After Database Script Erroneously Enabled All Permissions on User Profiles
TeamViewer Confirms It Was Hacked in 2016
Remote control and support solutions provider TeamViewer has confirmed that hackers likely operating out of China breached its systems back in 2016, but the company decided not to disclose the incident at the time as it found no evidence that it affected customers.
How to Evaluate Threat Intelligence Vendors That Cover the Deep & Dark Web
Deep & dark web (DDW) communities have long been must-have data sources for threat intelligence programs, but only recently has the market caught up with this need.
User Data Exposed in Stack Overflow Hack
Hackers had access to Stack Overflow systems for nearly one week before the attack was detected and some user data was exposed after all, the company has admitted.
Hacktivist Attacks Declined 95 Percent Since 2015: IBM
The number of hacktivist attacks that resulted in quantifiable damage to the victim has declined by 95 percent since 2015, according to IBM.
Slack Flaw Allows Hackers to Steal, Manipulate Downloads
A recently patched vulnerability in the Slack desktop application for Windows can be exploited by malicious actors to steal and manipulate a targeted user’s downloaded files.
Tenable Updates Free Vulnerability Assessment Solution
Tenable this week announced Nessus Essentials, an expanded version of its free vulnerability assessment solution previously known as Nessus Home.
Wormable Windows RDS Vulnerability Poses Serious Risk to ICS
A critical remote code execution vulnerability patched recently by Microsoft in Windows Remote Desktop Services (RDS) poses a serious risk to industrial environments, experts have warned.
Stack Overflow Discloses Security Breach
Stack Overflow, the popular Q&A platform for programmers, revealed on Thursday that someone gained access to its production systems over the weekend.
How to Securely Blend Your IoT Data with Business Data
Opportunities Created by the Integration of IoT Data With the Rest of Your Business Environment Are Vast
Authorities Takedown GozNym Cybercrime Group That Stole an Estimated $100 Million
Authorities in the United States and Europe on Thursday announced the takedown of an organized cybercrime network that used the GozNym malware to steal an estimated $100 million from victims.
Cisco Patches Critical Vulnerabilities in Prime Infrastructure (PI) Software
Cisco has released patches for numerous vulnerabilities affecting its products, including Critical flaws in the Cisco Prime Infrastructure (PI) Software that could allow remote code execution.
A total of three vulnerabilities were identified in the PI software, namely CVE-2019-1821, CVE-2019-1822, and CVE-2019-1823, featuring a CVSS score of 9.8.
Group Seeks Investigation of Deep Packet Inspection Use by ISPs
European Digital Rights Organization Seeks Investigation Into Internet Service Providers' Use of Deep Packet Inspection (DPI)
Dutch Probe China's Huawei for Possible Spying: Report
Dutch intelligence services are investigating Huawei for possibly spying for the Chinese government by leaving a "back door" to data of customers of major telecoms firms, a report said Thursday.
Business Email Compromise Still Reigns
Last month, the Federal Bureau of Investigation released its 2018 Internet Crime Complaints Center (IC3). The annual report provides readers a glimpse into the types of cybercrimes being reported to the FBI and the trending threats the Bureau has responded to in the last year.
Google Starts Tracking Zero-Days Exploited in the Wild
Google Project Zero has started tracking zero-day vulnerabilities exploited in attacks before the impacted vendor released patches.