Security Week

Risk and compliance solutions provider Sprinto has raised $20 million in a Series B funding round led by Accel.

The post Sprinto Raises $20 Million for Automated Risk and Compliance Platform appeared first on SecurityWeek.

The personal information of 500,000 people was compromised in a data breach at Group Health Cooperative of South Central Wisconsin.

The post 530k Impacted by Data Breach at Wisconsin Healthcare Organization appeared first on SecurityWeek.

Microsoft patches CVE-2024-29988 and CVE-2024-26234, two zero-day vulnerabilities exploited by threat actors to deliver malware.

The post Microsoft Patches Two Zero-Days Exploited for Malware Delivery appeared first on SecurityWeek.

Patch Tuesday: Microsoft warns that unauthenticated hackers can take complete control of Azure Kubernetes clusters.

The post Microsoft Plugs Gaping Hole in Azure Kubernetes Service Confidential Containers appeared first on SecurityWeek.

Adobe calls attention to a pair of code execution bugs in Adobe Commerce and Magento Open Source, a product used to manage online stories.

The post Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products appeared first on SecurityWeek.

Data security company Cyera’s latest $300 million funding round brings the total raised by the firm to $460 million, at unicorn valuation.

The post Data Security Firm Cyera Raises $300 Million at $1.4 Billion Valuation appeared first on SecurityWeek.

Founded in 2022, Singapore-based StealthMole leverages AI to analyze data from the dark web, deep web, and other sources to provide risk assessment and threat monitoring capabilities.

The post Asia-Focused Dark Web Threat Intelligence Startup StealthMole Raises $7 Million appeared first on SecurityWeek.

SAP has released 12 new and updated security notes on April 2024 Security Patch Day, including three notes dealing with high-severity vulnerabilities.

The post SAP’s April 2024 Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.

Siemens and Schneider Electric release their ICS Patch Tuesday advisories for April 2024, informing customers about dozens of vulnerabilities.

The post ICS Patch Tuesday: Siemens Addresses Palo Alto Networks Product Vulnerabilities appeared first on SecurityWeek.

Veterinary services provider CVS Group is restoring systems after a cyberattack disrupted its UK operations.

The post CVS Group Restoring Systems Impacted by Cyberattack appeared first on SecurityWeek.

SecurityWeek discusses cybersecurity leadership with CISOs from crowdsourced hacking organizations Bugcrowd (Nick McKenzie) and HackerOne (Chris Evans)

The post CISO Conversations: Nick McKenzie (Bugcrowd) and Chris Evans (HackerOne) appeared first on SecurityWeek.

Economic analysis and litigation support firm GMA says personal and medical information was stolen in a May 2023 data breach.

The post DOJ-Collected Information Exposed in Data Breach Affecting 340,000  appeared first on SecurityWeek.

RansomHub is extorting Change Healthcare, threatening to release data stolen in a February 2024 BlackCat ransomware attack.

The post Second Ransomware Group Extorting Change Healthcare appeared first on SecurityWeek.

StrikeReady, an early-stage Silicon Valley startup working on technology to modernize cybersecurity command centers, has banked $12 million in new financing from 33N Ventures. The Palo Alto, Calif.-based StrikeReady said the Series A included equity interests for Hitachi Ventures, Monta Vista Capital and a handful of prominent cybersecurity executives. StrikeReady has raised a total of […]

The post StrikeReady Raises $12M to Build AI-Powered Security Command Center appeared first on SecurityWeek.

Unpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild.

The post Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices appeared first on SecurityWeek.

Researchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution.

The post Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability appeared first on SecurityWeek.

The US Department of Health warns of financially motivated social engineering attacks targeting healthcare organizations.

The post Healthcare IT Help Desk Employees Targeted in Payment-Hijacking Attacks appeared first on SecurityWeek.

The American Privacy Rights Act would preempt most state privacy laws — though it wouldn’t impact certain states’ laws already on the books that protect financial, health or employee data.

The post Key Lawmakers Float New Rules for Personal Data Protection; Bill Would Make Privacy a Consumer Right appeared first on SecurityWeek.

New Ahoi attacks Heckler and WeSee target AMD SEV-SNP and Intel TDX with malicious interrupts to hack confidential VMs.

The post Confidential VMs Hacked via New Ahoi Attacks appeared first on SecurityWeek.

Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days.

The post Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits appeared first on SecurityWeek.