SecurityWeek
Google Broke Australian Law Over Location Data Collection: Court
Google violated Australian law by misleading users of Android mobile devices about the use of their location data, a court ruled Friday in a landmark decision against the global digital giant.
Codecov Bash Uploader Dev Tool Compromised in Supply Chain Hack
Security response professionals are scrambling to measure the fallout from a software supply chain compromise of Codecov Bash Uploader that went undetected since January and exposed sensitive secrets like tokens, keys and credentials from organizations around the world.
Cloud Forensics Firm Cado Security Raises $10 Million in Series A Funding
Cado Security, provider of a cloud-native digital forensics platform, has secured $10 million in Series A funding, which brings the total amount raised by the company to date to $11.5 million.
Domain Name Security Neglected by U.S. Energy Companies: Report
A majority of the largest energy companies in the United States appear to have neglected the security of their domain names, according to CSC, a firm that specializes in securing online assets.
IBM: 44 Organizations Targeted in Attacks Aimed at COVID-19 Vaccine Cold Chain
More than 40 organizations have been targeted in a global campaign focused on the COVID-19 vaccine cold chain infrastructure, which handles the distribution of vaccines and their storage at the required temperatures.
Reddit Launches Public Bug Bounty Program
Reddit this week announced the launch of a public bug bounty program on the vulnerability hunting platform HackerOne.
Following a three-year private bug bounty program on HackerOne, which has resulted in over $140,000 being awarded in bug bounties for 300 vulnerability reports focusing on reddit.com, the program is going public with an expanded scope.
NSA: Russian Hackers Exploiting VPN Vulnerabilities - Patch Immediately
The U.S. government on Thursday warned that Russian APT operators are exploiting five known -- and already patched -- vulnerabilities in corporate VPN infrastructure products, insisting it is “critically important” to mitigate these issues immediately.
US Expels Russian Diplomats, Imposes New Round of Sanctions
The Biden administration on Thursday announced the expulsion of 10 Russian diplomats and sanctions against nearly three dozen people and companies as it moved to hold the Kremlin accountable for interference in last year’s presidential election and the hacking of federal agencies.
Exploit for Second Unpatched Chromium Flaw Made Public Just After First Is Patched
A researcher has made public an exploit and details for an unpatched vulnerability affecting Chrome, Edge and other web browsers that are based on the open source Chromium project. This is the second Chromium proof-of-concept (PoC) exploit released this week.
Months After Hack, US Poised to Announce Sanctions on Russia
The Biden administration is preparing to announce sanctions in response to a massive Russian hacking campaign that breached vital federal agencies, as well as for election interference, a senior administration official said.
NVIDIA Unveils 'Morpheus' Cybersecurity Framework
NVIDIA this week unveiled Morpheus, a cloud-native application framework designed to help cybersecurity providers analyze more data without sacrificing performance.
Irish Watchdog Opens Another Facebook Probe, Over Data Dump
Ireland’s privacy regulator said Wednesday it has opened an investigation into Facebook after data on more than 500 million users was reportedly found dumped online, in a suspected violation of strict European Union privacy rules.
Capcom Says Older VPN Device at Heart of Ransomware Attack
Japanese video game giant Capcom revealed on Tuesday that, as part of the November 2020 ransomware attack, adversaries targeted an older backup VPN device for initial access.
Cybersecurity VC Funding Hit Record in 2020 With $7.8 Billion Invested
Despite the coronavirus pandemic, 2020 was a record year in terms of venture capital funding for cybersecurity companies, with more than $7.8 billion invested, according to a new report from business information platform Crunchbase.
Another Critical Vulnerability Patched in SAP Commerce
On Tuesday, as part of its April 2021 Security Patch Day, SAP announced the release of 14 new security notes and 5 updates to previously released notes. The only new Hot News note released with this round of patches addresses a critical vulnerability in SAP Commerce.
Siemens Releases Several Advisories for 'NAME:WRECK' Vulnerabilities
Siemens released a total of 14 new advisories on Tuesday, including five describing the impact and remediations for the NAME:WRECK vulnerabilities disclosed on the same day.
FBI Agents Secretly Deleted Web Shells From Hacked Microsoft Exchange Servers
FBI agents executed a court-authorized cyber operation to delete malicious web shells from hundreds of previously hacked Microsoft Exchange servers in the United States, unbeknownst to their owners, the U.S. Department of Justice (DoJ) said Tuesday.
At Least 100 Million Devices Affected by "NAME:WRECK" DNS Flaws in TCP/IP Stacks
Popular TCP/IP stacks are affected by a series of Domain Name System (DNS) vulnerabilities that could be exploited to take control of impacted devices, researchers with IoT security firm Forescout reveal.
Google Patches More Under-Attack Chome Zero-days
Swedish Sports Body Hacked by Russians, Officials Say
The organization that oversees Sweden’s national sports federations was hacked by Russian military intelligence in 2017-18, officials said Tuesday, in a data-breaching campaign that also affected some of the world’s leading sporting bodies, including FIFA and the World Anti-Doping Agency.