SecurityWeek
Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges
Former security engineer Shakeeb Ahmed was sentenced to prison for hacking and defrauding cryptocurrency exchanges.
The post Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges appeared first on SecurityWeek.
Palo Alto Networks Releases Fixes for Firewall Zero-Day as Attribution Attempts Emerge
Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus.
The post Palo Alto Networks Releases Fixes for Firewall Zero-Day as Attribution Attempts Emerge appeared first on SecurityWeek.
House Passes Reauthorization of Key US Surveillance Program After Days of Upheaval Over Changes
The bill was approved on a bipartisan basis, 273-147, though it will still have to clear the Senate to become law.
The post House Passes Reauthorization of Key US Surveillance Program After Days of Upheaval Over Changes appeared first on SecurityWeek.
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls
A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks.
The post State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls appeared first on SecurityWeek.
Wiz Acquires Gem Security, Pushes Security Tools Consolidation
Financial terms of the translation were not disclosed but reports out of Tel Aviv valued the deal in the range of $350 million.
The post Wiz Acquires Gem Security, Pushes Security Tools Consolidation appeared first on SecurityWeek.
RubyCarp: Insights Into the Longevity of a Romanian Cybercriminal Gang
Operational for at least ten years, RubyCarp has its own botnet, its own tools, and its own community of users that concentrate on cryptomining and credential phishing.
The post RubyCarp: Insights Into the Longevity of a Romanian Cybercriminal Gang appeared first on SecurityWeek.
In Other News: Moscow Sewage Hack, Women in Cybersecurity Report, Dam Security Concerns
Noteworthy stories that might have slipped under the radar: Moscow sewage system hacked, a new women in cybersecurity report, PasteHub domain seized by law enforcement.
The post In Other News: Moscow Sewage Hack, Women in Cybersecurity Report, Dam Security Concerns appeared first on SecurityWeek.
US-China Competition to Field Military Drone Swarms Could Fuel Global Arms Race
Military planners envision a scenario in which hundreds, even thousands of AI-powered machines engage in coordinated battle.
The post US-China Competition to Field Military Drone Swarms Could Fuel Global Arms Race appeared first on SecurityWeek.
Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars
Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar.
The post Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars appeared first on SecurityWeek.
House Will Try Again on Reauthorization of US Spy Program After Republican Upheaval
Speaker Mike Johnson is expected to bring forward a Plan B that would reform and extend Section 702 of the Foreign Intelligence Surveillance Act for a shortened period of two years.
The post House Will Try Again on Reauthorization of US Spy Program After Republican Upheaval appeared first on SecurityWeek.
Palo Alto Networks Warns of Exploited Firewall Vulnerability
Palo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls.
The post Palo Alto Networks Warns of Exploited Firewall Vulnerability appeared first on SecurityWeek.
Threat Actors Manipulate GitHub Search to Deliver Malware
Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code.
The post Threat Actors Manipulate GitHub Search to Deliver Malware appeared first on SecurityWeek.
‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages
A critical vulnerability in multiple programming languages allows attackers to inject commands in Windows applications.
The post ‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages appeared first on SecurityWeek.
LastPass Employee Targeted With Deepfake Calls
LastPass this week revealed that one of its employees was targeted in a phishing attack involving deepfake technology.
The post LastPass Employee Targeted With Deepfake Calls appeared first on SecurityWeek.
US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft
The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts "presents a grave and unacceptable risk to federal agencies."
The post US Government on High Alert as Russian Hackers Steal Critical Correspondence From Microsoft appeared first on SecurityWeek.
Zscaler to Acquire Network Segmentation Tech Startup Airgap Networks
Zscaler announces plans to acquire Airgap Networks, a venture-backed startup selling network segmentation and secure access technologies.
The post Zscaler to Acquire Network Segmentation Tech Startup Airgap Networks appeared first on SecurityWeek.
Data Access Platform PVML Launches With $8 Million in Funding
Tel Aviv startup banks seed funding for technology to help organizations connect, secure, and provide access to multiple data sources.
The post Data Access Platform PVML Launches With $8 Million in Funding appeared first on SecurityWeek.
Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets
The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics tools.
The post Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets appeared first on SecurityWeek.
Simbian Emerges From Stealth With $10 Million to Build Autonomous AI-Based Security Platform
Simbian aims to build a fully autonomous security platform that lets humans make the strategic decisions while AI implements those decisions.
The post Simbian Emerges From Stealth With $10 Million to Build Autonomous AI-Based Security Platform appeared first on SecurityWeek.
Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks
SecurityWeek speaks to Tom Scholl, VP and distinguished engineer at AWS, on how the organization tackles IP Spoofing and DDoS attacks.
The post Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks appeared first on SecurityWeek.