SecurityWeek
‘WallEscape’ Linux Vulnerability Leaks User Passwords
A vulnerability in util-linux, a core utilities package in Linux systems, allows attackers to leak user passwords and modify the clipboard.
The post ‘WallEscape’ Linux Vulnerability Leaks User Passwords appeared first on SecurityWeek.
‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities
NCC Group researchers warn that the Android banking malware ‘Vultur’ has been updated with device interaction and file tampering capabilities.
The post ‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities appeared first on SecurityWeek.
AI Hallucinated Packages Fool Unsuspecting Developers
Software developers relying on AI chatbots for building applications may end up using hallucinated software packages.
The post AI Hallucinated Packages Fool Unsuspecting Developers appeared first on SecurityWeek.
Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor
Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions.
The post Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor appeared first on SecurityWeek.
AT&T Says Data on 73 Million Customers Leaked on Dark Web
AT&T used the Easter holiday weekend to quietly share details on data that surfaced on the dark web roughly two weeks ago.
The post AT&T Says Data on 73 Million Customers Leaked on Dark Web appeared first on SecurityWeek.
SydeLabs Emerges From Stealth Mode With $2.5 Million in Funding
Generative-AI security startup SydeLabs emerges from stealth mode with $2.5 million in seed funding led by RTP Global.
The post SydeLabs Emerges From Stealth Mode With $2.5 Million in Funding appeared first on SecurityWeek.
In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing
Noteworthy stories that might have slipped under the radar: US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users.
The post In Other News: Airline Privacy Review, SEC’s SolarWinds Hack Probe, Apple MFA Bombing appeared first on SecurityWeek.
Pentagon Outlines Cybersecurity Strategy for Defense Industrial Base
US Defense Department releases defense industrial base cybersecurity strategy with a focus on four key goals.
The post Pentagon Outlines Cybersecurity Strategy for Defense Industrial Base appeared first on SecurityWeek.
The Complexity and Need to Manage Mental Well-Being in the Security Team
It is the CISO’s responsibility to build and maintain a high functioning team in a difficult environment – cybersecurity is a complex, continuous, and adversarial environment like none other outside of military conflict.
The post The Complexity and Need to Manage Mental Well-Being in the Security Team appeared first on SecurityWeek.
Energy Department Invests $15 Million in University Cybersecurity Centers
The US Department of Energy announces $15 million funding for university-based electric power cybersecurity centers.
The post Energy Department Invests $15 Million in University Cybersecurity Centers appeared first on SecurityWeek.
Massachusetts Health Insurer Data Breach Impacts 2.8 Million
Harvard Pilgrim Health Care says the personal information of over 2.8 million individuals was stolen in a year-old ransomware attack.
The post Massachusetts Health Insurer Data Breach Impacts 2.8 Million appeared first on SecurityWeek.
26 Security Issues Patched in TeamCity
JetBrains patches 26 security issues in TeamCity and takes steps to avoid malicious exploitation of vulnerabilities.
The post 26 Security Issues Patched in TeamCity appeared first on SecurityWeek.
VP Harris Says US Agencies Must Show Their AI Tools Aren’t Harming People’s Safety or Rights
U.S. federal agencies must show that their artificial intelligence tools aren’t harming the public, or stop using them, under new rules unveiled by the White House on Thursday. “When government agencies use AI tools, we will now require them to verify that those tools do not endanger the rights and safety of the American people,” […]
The post VP Harris Says US Agencies Must Show Their AI Tools Aren’t Harming People’s Safety or Rights appeared first on SecurityWeek.
Malware Upload Attack Hits PyPI Repository
Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign.
The post Malware Upload Attack Hits PyPI Repository appeared first on SecurityWeek.
Splunk Patches Vulnerabilities in Enterprise Product
Splunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue.
The post Splunk Patches Vulnerabilities in Enterprise Product appeared first on SecurityWeek.
Cybersecurity Mesh: Overcoming Data Security Overload
A significant cybersecurity challenge arises from managing the immense volume of data generated by numerous IT security tools, leading organizations into a reactive rather than proactive approach.
The post Cybersecurity Mesh: Overcoming Data Security Overload appeared first on SecurityWeek.
Cyberespionage Campaign Targets Government, Energy Entities in India
Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India.
The post Cyberespionage Campaign Targets Government, Energy Entities in India appeared first on SecurityWeek.
Coro Raises $100 Million for All-in-One Security Platform
Coro has raised $100 million in Series D funding for its enterprise-grade platform tailored for the small- and mid-sized market.
The post Coro Raises $100 Million for All-in-One Security Platform appeared first on SecurityWeek.
Cisco Patches DoS Vulnerabilities in Networking Products
Cisco has released patches for multiple IOS and IOS XE software vulnerabilities leading to denial-of-service (DoS).
The post Cisco Patches DoS Vulnerabilities in Networking Products appeared first on SecurityWeek.
Zafran Emerges From Stealth With Risk and Mitigation Platform, $30M in Funding
Zafran has emerged from stealth mode with a risk and mitigation platform and $30 million in funding from Sequoia Capital and Cyberstarts.
The post Zafran Emerges From Stealth With Risk and Mitigation Platform, $30M in Funding appeared first on SecurityWeek.