Security Week

CISA says a critical GitLab password reset flaw is being exploited in attacks and roughly 1,400 servers have not been patched.

The post 1,400 GitLab Servers Impacted by Exploited Vulnerability appeared first on SecurityWeek.

Government agencies are sharing recommendations following attacks claimed by pro-Russian hacktivists on ICS/OT systems.

The post Russian Hackers Target Industrial Systems in North America, Europe appeared first on SecurityWeek.

Dropbox says hackers breached its Sign production environment and accessed customer email addresses and hashed passwords. 

The post Dropbox Data Breach Impacts Customer Information appeared first on SecurityWeek.

UnitedHealth CEO Andrew Witty said in a U.S. Senate hearing that his company is still trying to understand why the server did not have the additional protection.

The post Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, UnitedHealth CEO says appeared first on SecurityWeek.

Everyone — not just politicians and celebrities — should be concerned about this increasingly powerful deep-fake technology, experts say.

The post Deepfake of Principal’s Voice Is the Latest Case of AI Being Used for Harm appeared first on SecurityWeek.

New York startup Oasis Security banks $35 million in a Series A extension round led by Accel, Cyberstarts, and Sequoia Capital.

The post Oasis Security Raises $35 Million to Tackle Non-Human Identity Management appeared first on SecurityWeek.

Traceable AI has raised $110 million since launching in 2018 with ambitious plans in the competitive API security and observability space.  

The post Traceable AI Raises $30 Million to Safeguard Cloud APIs appeared first on SecurityWeek.

Researchers can earn as much as $450,000 for a single vulnerability report as Google boosts its mobile vulnerability rewards program.

The post Google Boosts Bug Bounty Payouts Tenfold in Mobile App Security Push appeared first on SecurityWeek.

Adobe is providing incentives for bug bounty hackers to report security flaws in its implementation of Content Credentials and Adobe Firefly.

The post Adobe Adds Content Credentials and Firefly to Bug Bounty Program appeared first on SecurityWeek.

Cuttlefish malware platform roaming around enterprise SOHO routers capable of covertly harvesting public cloud authentication data from internet traffic.

The post Cuttlefish Malware Targets Routers, Harvests Cloud Authentication Data  appeared first on SecurityWeek.

Venafi introduced a 90-Day TLS Readiness solution to help enterprises prepare for Google’s proposed 90-day limit for the lifecycle of a digital certificate.

The post Machine Identity Firm Venafi Readies for the 90-day Certificate Lifecycle appeared first on SecurityWeek.

AI-Native Trust, Risk, and Security Management (TRiSM) startup DeepKeep raises $10 million in seed funding.

The post DeepKeep Launches AI-Native Security Platform With $10 Million in Seed Funding appeared first on SecurityWeek.

SecurityWeek interviews Geoff Belknap, CISO at LinkedIn, and Guy Rosen, CISO at Facebook parent company Meta.

The post CISO Conversations: Talking Cybersecurity With LinkedIn’s Geoff Belknap and Meta’s Guy Rosen appeared first on SecurityWeek.

The new Wpeeper Android trojan ceased operations after a week and has zero detections in VirusTotal.

The post Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server appeared first on SecurityWeek.

UnitedHealth Group’s CEO Andrew Witty shares details on the damaging cyberattack in testimony before a US Congress committee set for May 1, 2024.

The post UnitedHealth CEO Says Hackers Lurked in Network for Nine Days Before Ransomware Strike appeared first on SecurityWeek.

In February 2023, French police arrested well-known Finnish hacker Aleksanteri Kivimäki, who was living under a false identity near Paris. He was deported to Finland. His trial ended last month.

The post Finnish Hacker Gets Prison for Accessing Thousands of Psychotherapy Records and Demanding Ransoms appeared first on SecurityWeek.

JFrog raises an alarm after finding three large-scale malware campaigns targeting Docker Hub with imageless repositories.

The post Docker Hub Users Targeted With Imageless, Malicious Repositories appeared first on SecurityWeek.

Three vulnerabilities in the Judge0 open source service could allow attackers to escape the sandbox and obtain root privileges on the host.

The post Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover appeared first on SecurityWeek.

Mainsail Partners leads a $15 million financing round for end-to-end cybersecurity compliance platform company Apptega.

The post Apptega Raises $15 Million for Cybersecurity Compliance Platform appeared first on SecurityWeek.

Despite competitive pressures from industry behemoths like Microsoft and Google, investors are still betting big on startups in the specialized enterprise browser space.

The post Island Secures $175M Investment as Enterprise Browser Startups Defy Tech Giants appeared first on SecurityWeek.