Security Week
CrushFTP Patches Exploited Zero-Day Vulnerability
CrushFTP patches a zero-day vulnerability allowing unauthenticated attackers to escape the VFS and retrieve system files.
The post CrushFTP Patches Exploited Zero-Day Vulnerability appeared first on SecurityWeek.
Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability
Shadowserver has identified roughly 6,000 internet-accessible Palo Alto Networks firewalls potentially vulnerable to CVE-2024-3400.
The post Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability appeared first on SecurityWeek.
MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days
MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability.
The post MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days appeared first on SecurityWeek.
Cannes Hospital Cancels Medical Procedures Following Cyberattack
Cannes Hospital Centre – Simone Veil cancels medical procedures after shutting down systems in response to a cyberattack.
The post Cannes Hospital Cancels Medical Procedures Following Cyberattack appeared first on SecurityWeek.
BreachRx Raises $6.5M to Revamp Incident Response Reporting Systems
Investors make an early-stage $6.5 million bet on BreachRx, a startup promising to shield cybersecurity executives from personal liability.
The post BreachRx Raises $6.5M to Revamp Incident Response Reporting Systems appeared first on SecurityWeek.
Threat-Intelligence Startup VulnCheck Closes $8M Seed Financing
VulnCheck banks $8 million in early stage capital to build 'exploit intelligence' technologies and services.
The post Threat-Intelligence Startup VulnCheck Closes $8M Seed Financing appeared first on SecurityWeek.
In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm Attack
Noteworthy stories that might have slipped under the radar: OpenSSF and OpenJS incidents similar to XZ backdoor, Moldovan botnet operator charged, US automotive company targeted by FIN7.
The post In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm Attack appeared first on SecurityWeek.
First Major Attempts to Regulate AI Face Headwinds From All Sides
While over 400 AI-related bills are being debated this year in statehouses nationwide, most target one industry or just a piece of the technology — such as deepfakes used in elections.
The post First Major Attempts to Regulate AI Face Headwinds From All Sides appeared first on SecurityWeek.
US Government Releases Guidance on Securing Election Infrastructure
New US guidance details foreign malign influence operations to help election infrastructure stakeholders increase resilience.
The post US Government Releases Guidance on Securing Election Infrastructure appeared first on SecurityWeek.
Akira Ransomware Made Over $42 Million in One Year: Agencies
Akira ransomware has hit over 250 organizations worldwide and received over $42 million in ransom payments.
The post Akira Ransomware Made Over $42 Million in One Year: Agencies appeared first on SecurityWeek.
Frontier Communications Shuts Down Systems Following Cyberattack
Telecom giant Frontier shuts down systems to contain a cyberattack that led to personal information compromise.
The post Frontier Communications Shuts Down Systems Following Cyberattack appeared first on SecurityWeek.
OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining
Microsoft warns that several OpenMetadata vulnerabilities are being exploited to deploy cryptomining malware to Kubernetes environments.
The post OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining appeared first on SecurityWeek.
SAP Applications Increasingly in Attacker Crosshairs, Report Shows
Malicious hackers are targeting SAP applications at an alarming pace, according to warnings from Onapsis and Flashpoint.
The post SAP Applications Increasingly in Attacker Crosshairs, Report Shows appeared first on SecurityWeek.
Multi-Data Platform SIEM Anvilogic Raises $45 Million
Silicon Valley startup Anvilogic has raised $45 million in a Series C funding round led by Evolution Equity Partners.
The post Multi-Data Platform SIEM Anvilogic Raises $45 Million appeared first on SecurityWeek.
United Nations Agency Investigating Ransomware Attack Involving Data Theft
United Nations Development Programme (UNDP) investigating a ransomware attack in which hackers stole sensitive data.
The post United Nations Agency Investigating Ransomware Attack Involving Data Theft appeared first on SecurityWeek.
Five Eyes Agencies Release New AI Security Guidance
Five Eyes cybersecurity agencies have released joint guidance on securely deploying and operating AI systems.
The post Five Eyes Agencies Release New AI Security Guidance appeared first on SecurityWeek.
Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability
Cisco patches a high-severity Integrated Management Controller vulnerability for which PoC exploit code is available.
The post Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability appeared first on SecurityWeek.
180k Impacted by Data Breach at Michigan Healthcare Organization
Cherry Health says the personal information of over 180,000 individuals was stolen in a ransomware attack.
The post 180k Impacted by Data Breach at Michigan Healthcare Organization appeared first on SecurityWeek.
Phishing Platform LabHost Shut Down by Law Enforcement
LabHost, a major phishing-as-a-service platform, has been shut down as part of a major law enforcement operation.
The post Phishing Platform LabHost Shut Down by Law Enforcement appeared first on SecurityWeek.
Cisco Unveils AI-Native Enterprise Security Solution Hypershield
Cisco announces Hypershield, an AI-native and cloud-native enterprise security solution with a wide range of capabilities.
The post Cisco Unveils AI-Native Enterprise Security Solution Hypershield appeared first on SecurityWeek.