SecurityWeek

Ivanti releases patches for 27 vulnerabilities in the Avalanche MDM product, including critical flaws leading to command execution.

The post Ivanti Patches 27 Vulnerabilities in Avalanche MDM Product appeared first on SecurityWeek.

Chrome and Firefox security updates resolve over 35 vulnerabilities, including a dozen high-severity bugs.

The post Chrome 124, Firefox 125 Patch High-Severity Vulnerabilities appeared first on SecurityWeek.

Mandiant summarizes some of the latest operations of Russia’s notorious Sandworm group, which it now tracks as APT44.

The post Recent OT and Espionage Attacks Linked to Russia’s Sandworm, Now Named APT44 appeared first on SecurityWeek.

Oracle releases 441 new security patches to address 230 vulnerabilities as part of its April 2024 Critical Patch Update.

The post Oracle Patches 230 Vulnerabilities With April 2024 CPU appeared first on SecurityWeek.

Palo Alto Networks firewall vulnerability CVE-2024-3400 increasingly exploited after PoC code has been released. 

The post Exploitation of Palo Alto Firewall Vulnerability Picking Up After PoC Release appeared first on SecurityWeek.

Join this one-day virtual summit as we shine the spotlight on the shadowy dynamics of ransomware attacks and how you can best prepare your organization to defend against and recover from these relentless attacks.

The post Virtual Event Tomorrow: Ransomware Resilience & Recovery Summit  appeared first on SecurityWeek.

PuTTY vulnerability CVE-2024-31497 allows attackers to compromise private keys and use them to forge signatures. 

The post Critical PuTTY Vulnerability Allows Secret Key Recovery appeared first on SecurityWeek.

Charles O. Parks III was arrested and charged with defrauding two cloud-services providers of $3.5 million.

The post Cryptojacker Arrested, Charged for Defrauding Cloud Providers of $3.5 Million appeared first on SecurityWeek.

Cloud security specialists found data exposure risk associated with Azure, AWS, and Google Cloud command-line tools.

The post Cloud Users Warned of Data Exposure Risk From Command-Line Tools appeared first on SecurityWeek.

Kevin O’Connor knew he was a hacker by the time he was in Middle School. He went on to work for the NSA and is now director of threat research at Adlumin.

The post Hacker Conversations: Kevin O’Connor, From Childhood Hacker to NSA Operative appeared first on SecurityWeek.

The RansomHub group has started leaking information allegedly stolen from Change Healthcare in February 2024.

The post Ransomware Group Starts Leaking Data Allegedly Stolen From Change Healthcare appeared first on SecurityWeek.

Foreign attackers have many more toolsets at their disposal, so we need to make sure we’re selective about our modeling, preparation and how we assess and fortify ourselves.

The post You Against the World: The Offenders Dilemma appeared first on SecurityWeek.

Omni Hotels says customer information was compromised in a cyberattack claimed by the Daixin Team ransomware group.

The post Omni Hotels Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.

PAM company Delinea over the weekend rushed to patch a critical authentication bypass vulnerability after it apparently ignored the researcher who found the flaw.

The post Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt appeared first on SecurityWeek.

Cisco Duo warns that breach exposed phone numbers, phone carriers, metadata and other logs that could lead to downstream social engineering attacks.

The post Cisco Duo Says Hack at Telephony Supplier Exposed MFA SMS Logs appeared first on SecurityWeek.

NightVision, an early stage startup in the application security testing space, has raised $5.4 million in seed funding.

The post NightVision Raises $5.4 Million for Application Security Testing appeared first on SecurityWeek.

The Dark Angels (Dunghill) ransomware group claims to have stolen 1 Tb of data from Nexperia, which is investigating the incident.

The post Ransomware Group Claims Theft of Data From Chipmaker Nexperia  appeared first on SecurityWeek.

Juniper Networks patches dozens of vulnerabilities in Junos OS, Junos OS Evolved, and other products.

The post Juniper Networks Publishes Dozens of New Security Advisories appeared first on SecurityWeek.

ICS malware Fuxnet allegedly used by Ukrainian Blackjack group to disrupt industrial sensors and other systems belonging to a Moscow infrastructure firm.

The post Destructive ICS Malware ‘Fuxnet’ Used by Ukraine Against Russian Infrastructure appeared first on SecurityWeek.

Authorities in Australia and the US have arrested and charged two individuals for developing and selling the Hive RAT.

The post Two People Arrested in Australia and US for Development and Sale of Hive RAT appeared first on SecurityWeek.